Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0999
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | openSUSE Leap Micro 5.5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | N/A | SUSE Real Time Module 15-SP6 | ||
| SUSE | N/A | Public Cloud Module 15-SP5 | ||
| SUSE | N/A | Public Cloud Module 15-SP6 | ||
| SUSE | N/A | openSUSE Leap 15.5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | N/A | openSUSE Leap 15.6 | ||
| SUSE | N/A | SUSE Real Time Module 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.5 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "openSUSE Leap Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Real Time Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Public Cloud Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Public Cloud Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Real Time Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3435"
},
{
"name": "CVE-2022-45934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45934"
},
{
"name": "CVE-2023-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28327"
},
{
"name": "CVE-2023-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2166"
},
{
"name": "CVE-2023-6270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6270"
},
{
"name": "CVE-2024-26761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26761"
},
{
"name": "CVE-2024-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27043"
},
{
"name": "CVE-2024-36957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36957"
},
{
"name": "CVE-2021-47416",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47416"
},
{
"name": "CVE-2021-47534",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47534"
},
{
"name": "CVE-2023-52766",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52766"
},
{
"name": "CVE-2023-52800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52800"
},
{
"name": "CVE-2024-26758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26758"
},
{
"name": "CVE-2024-26943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26943"
},
{
"name": "CVE-2024-38599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38599"
},
{
"name": "CVE-2024-27026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27026"
},
{
"name": "CVE-2023-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52881"
},
{
"name": "CVE-2024-35980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35980"
},
{
"name": "CVE-2024-39476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39476"
},
{
"name": "CVE-2024-26767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26767"
},
{
"name": "CVE-2024-38576",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38576"
},
{
"name": "CVE-2024-38577",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38577"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-42145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42145"
},
{
"name": "CVE-2024-36244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36244"
},
{
"name": "CVE-2024-40965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40965"
},
{
"name": "CVE-2024-41047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41047"
},
{
"name": "CVE-2024-42226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42226"
},
{
"name": "CVE-2024-42253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42253"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2024-44947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44947"
},
{
"name": "CVE-2024-41031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41031"
},
{
"name": "CVE-2024-45016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45016"
},
{
"name": "CVE-2024-45025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45025"
},
{
"name": "CVE-2024-46716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46716"
},
{
"name": "CVE-2024-46719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46719"
},
{
"name": "CVE-2024-46721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46721"
},
{
"name": "CVE-2024-46770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46770"
},
{
"name": "CVE-2024-46777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46777"
},
{
"name": "CVE-2024-46802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46802"
},
{
"name": "CVE-2024-46804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46804"
},
{
"name": "CVE-2024-46805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46805"
},
{
"name": "CVE-2024-46807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46807"
},
{
"name": "CVE-2024-46810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46810"
},
{
"name": "CVE-2024-46812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46812"
},
{
"name": "CVE-2024-46814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46814"
},
{
"name": "CVE-2024-46815",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46815"
},
{
"name": "CVE-2024-46817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46817"
},
{
"name": "CVE-2024-46818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46818"
},
{
"name": "CVE-2024-46819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46819"
},
{
"name": "CVE-2024-46821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46821"
},
{
"name": "CVE-2024-46826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46826"
},
{
"name": "CVE-2024-46828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46828"
},
{
"name": "CVE-2024-46830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46830"
},
{
"name": "CVE-2024-46835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46835"
},
{
"name": "CVE-2024-46836",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46836"
},
{
"name": "CVE-2024-46840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46840"
},
{
"name": "CVE-2024-46846",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46846"
},
{
"name": "CVE-2024-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46848"
},
{
"name": "CVE-2024-46849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46849"
},
{
"name": "CVE-2024-46852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46852"
},
{
"name": "CVE-2024-46853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46853"
},
{
"name": "CVE-2024-46854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46854"
},
{
"name": "CVE-2024-46855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46855"
},
{
"name": "CVE-2024-46857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46857"
},
{
"name": "CVE-2024-46859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46859"
},
{
"name": "CVE-2024-41082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41082"
},
{
"name": "CVE-2024-46678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46678"
},
{
"name": "CVE-2024-46775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46775"
},
{
"name": "CVE-2024-46797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46797"
},
{
"name": "CVE-2024-47668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47668"
},
{
"name": "CVE-2023-52918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52918"
},
{
"name": "CVE-2024-47663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47663"
},
{
"name": "CVE-2024-47667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47667"
},
{
"name": "CVE-2024-47669",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47669"
},
{
"name": "CVE-2022-48664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48664"
},
{
"name": "CVE-2022-48879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48879"
},
{
"name": "CVE-2022-48946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48946"
},
{
"name": "CVE-2022-48947",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48947"
},
{
"name": "CVE-2022-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48948"
},
{
"name": "CVE-2022-48949",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48949"
},
{
"name": "CVE-2022-48951",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48951"
},
{
"name": "CVE-2022-48953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48953"
},
{
"name": "CVE-2022-48954",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48954"
},
{
"name": "CVE-2022-48955",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48955"
},
{
"name": "CVE-2022-48956",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48956"
},
{
"name": "CVE-2022-48957",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48957"
},
{
"name": "CVE-2022-48958",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48958"
},
{
"name": "CVE-2022-48959",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48959"
},
{
"name": "CVE-2022-48960",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48960"
},
{
"name": "CVE-2022-48961",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48961"
},
{
"name": "CVE-2022-48962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48962"
},
{
"name": "CVE-2022-48966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48966"
},
{
"name": "CVE-2022-48967",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48967"
},
{
"name": "CVE-2022-48968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48968"
},
{
"name": "CVE-2022-48969",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48969"
},
{
"name": "CVE-2022-48970",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48970"
},
{
"name": "CVE-2022-48971",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48971"
},
{
"name": "CVE-2022-48972",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48972"
},
{
"name": "CVE-2022-48973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48973"
},
{
"name": "CVE-2022-48975",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48975"
},
{
"name": "CVE-2022-48977",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48977"
},
{
"name": "CVE-2022-48978",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48978"
},
{
"name": "CVE-2022-48980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48980"
},
{
"name": "CVE-2022-48981",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48981"
},
{
"name": "CVE-2022-48985",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48985"
},
{
"name": "CVE-2022-48987",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48987"
},
{
"name": "CVE-2022-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48988"
},
{
"name": "CVE-2022-48991",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48991"
},
{
"name": "CVE-2022-48992",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48992"
},
{
"name": "CVE-2022-48994",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48994"
},
{
"name": "CVE-2022-48995",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48995"
},
{
"name": "CVE-2022-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48997"
},
{
"name": "CVE-2022-48999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48999"
},
{
"name": "CVE-2022-49000",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49000"
},
{
"name": "CVE-2022-49002",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49002"
},
{
"name": "CVE-2022-49003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49003"
},
{
"name": "CVE-2022-49005",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49005"
},
{
"name": "CVE-2022-49006",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49006"
},
{
"name": "CVE-2022-49007",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49007"
},
{
"name": "CVE-2022-49010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49010"
},
{
"name": "CVE-2022-49011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49011"
},
{
"name": "CVE-2022-49012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49012"
},
{
"name": "CVE-2022-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49014"
},
{
"name": "CVE-2022-49015",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49015"
},
{
"name": "CVE-2022-49016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49016"
},
{
"name": "CVE-2022-49017",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49017"
},
{
"name": "CVE-2022-49019",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49019"
},
{
"name": "CVE-2022-49020",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49020"
},
{
"name": "CVE-2022-49021",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49021"
},
{
"name": "CVE-2022-49022",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49022"
},
{
"name": "CVE-2022-49023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49023"
},
{
"name": "CVE-2022-49024",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49024"
},
{
"name": "CVE-2022-49025",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49025"
},
{
"name": "CVE-2022-49026",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49026"
},
{
"name": "CVE-2022-49027",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49027"
},
{
"name": "CVE-2022-49028",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49028"
},
{
"name": "CVE-2022-49029",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49029"
},
{
"name": "CVE-2022-49031",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49031"
},
{
"name": "CVE-2022-49032",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49032"
},
{
"name": "CVE-2023-52917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52917"
},
{
"name": "CVE-2023-52919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52919"
},
{
"name": "CVE-2024-44932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44932"
},
{
"name": "CVE-2024-44964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44964"
},
{
"name": "CVE-2024-46754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46754"
},
{
"name": "CVE-2024-46766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46766"
},
{
"name": "CVE-2024-46803",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46803"
},
{
"name": "CVE-2024-46806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46806"
},
{
"name": "CVE-2024-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46809"
},
{
"name": "CVE-2024-46811",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46811"
},
{
"name": "CVE-2024-46813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46813"
},
{
"name": "CVE-2024-46816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46816"
},
{
"name": "CVE-2024-46825",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46825"
},
{
"name": "CVE-2024-46827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46827"
},
{
"name": "CVE-2024-46831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46831"
},
{
"name": "CVE-2024-46834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46834"
},
{
"name": "CVE-2024-46841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46841"
},
{
"name": "CVE-2024-46842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46842"
},
{
"name": "CVE-2024-46843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46843"
},
{
"name": "CVE-2024-46851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46851"
},
{
"name": "CVE-2024-46860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46860"
},
{
"name": "CVE-2024-46861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46861"
},
{
"name": "CVE-2024-46864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46864"
},
{
"name": "CVE-2024-46870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46870"
},
{
"name": "CVE-2024-46871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46871"
},
{
"name": "CVE-2024-47658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47658"
},
{
"name": "CVE-2024-47661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47661"
},
{
"name": "CVE-2024-44958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44958"
},
{
"name": "CVE-2024-47660",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47660"
},
{
"name": "CVE-2024-47665",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47665"
},
{
"name": "CVE-2024-47662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47662"
},
{
"name": "CVE-2024-47664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47664"
},
{
"name": "CVE-2024-47670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47670"
},
{
"name": "CVE-2024-47671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47671"
},
{
"name": "CVE-2024-47672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47672"
},
{
"name": "CVE-2024-47673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47673"
},
{
"name": "CVE-2024-47674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47674"
},
{
"name": "CVE-2024-47675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47675"
},
{
"name": "CVE-2024-47681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47681"
},
{
"name": "CVE-2024-47682",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47682"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-47686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47686"
},
{
"name": "CVE-2024-47687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47687"
},
{
"name": "CVE-2024-47688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47688"
},
{
"name": "CVE-2024-47692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47692"
},
{
"name": "CVE-2024-47693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47693"
},
{
"name": "CVE-2024-47695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47695"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2024-47699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47699"
},
{
"name": "CVE-2024-47702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47702"
},
{
"name": "CVE-2024-47704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47704"
},
{
"name": "CVE-2024-47705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47705"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-47709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47709"
},
{
"name": "CVE-2024-47710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47710"
},
{
"name": "CVE-2024-47712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47712"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2024-47714",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47714"
},
{
"name": "CVE-2024-47715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47715"
},
{
"name": "CVE-2024-47718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47718"
},
{
"name": "CVE-2024-47719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47719"
},
{
"name": "CVE-2024-47720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47720"
},
{
"name": "CVE-2024-47723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47723"
},
{
"name": "CVE-2024-47727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47727"
},
{
"name": "CVE-2024-47728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47728"
},
{
"name": "CVE-2024-47730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47730"
},
{
"name": "CVE-2024-47731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47731"
},
{
"name": "CVE-2024-47732",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47732"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2024-47738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47738"
},
{
"name": "CVE-2024-47739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47739"
},
{
"name": "CVE-2024-47741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47741"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47743"
},
{
"name": "CVE-2024-47744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47744"
},
{
"name": "CVE-2024-47745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47745"
},
{
"name": "CVE-2024-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47747"
},
{
"name": "CVE-2024-47748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47748"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-47750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47750"
},
{
"name": "CVE-2024-47751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47751"
},
{
"name": "CVE-2024-47752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47752"
},
{
"name": "CVE-2024-47753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47753"
},
{
"name": "CVE-2024-47754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47754"
},
{
"name": "CVE-2024-47756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47756"
},
{
"name": "CVE-2024-47757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47757"
},
{
"name": "CVE-2024-49850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49850"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2024-49852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49852"
},
{
"name": "CVE-2024-49853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49853"
},
{
"name": "CVE-2024-49855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49855"
},
{
"name": "CVE-2024-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49858"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2024-49861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49861"
},
{
"name": "CVE-2024-49862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49862"
},
{
"name": "CVE-2024-49863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49863"
},
{
"name": "CVE-2024-49864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49864"
},
{
"name": "CVE-2024-49866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49866"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2024-49870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49870"
},
{
"name": "CVE-2024-49871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49871"
},
{
"name": "CVE-2024-49874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49874"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2024-49878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49878"
},
{
"name": "CVE-2024-49879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49879"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2024-49886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49886"
},
{
"name": "CVE-2024-49888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49888"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2024-49891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49891"
},
{
"name": "CVE-2024-49892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49892"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2024-49895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49895"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2024-49897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49897"
},
{
"name": "CVE-2024-49898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49898"
},
{
"name": "CVE-2024-49899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49899"
},
{
"name": "CVE-2024-49900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49900"
},
{
"name": "CVE-2024-49901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49901"
},
{
"name": "CVE-2024-49902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49902"
},
{
"name": "CVE-2024-49903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49903"
},
{
"name": "CVE-2024-49906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49906"
},
{
"name": "CVE-2024-49907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49907"
},
{
"name": "CVE-2024-49908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49908"
},
{
"name": "CVE-2024-49909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49909"
},
{
"name": "CVE-2024-49911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49911"
},
{
"name": "CVE-2024-49912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49912"
},
{
"name": "CVE-2024-49913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49913"
},
{
"name": "CVE-2024-49914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49914"
},
{
"name": "CVE-2024-49917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49917"
},
{
"name": "CVE-2024-49918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49918"
},
{
"name": "CVE-2024-49919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49919"
},
{
"name": "CVE-2024-49920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49920"
},
{
"name": "CVE-2024-49922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49922"
},
{
"name": "CVE-2024-49923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49923"
},
{
"name": "CVE-2024-49928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49928"
},
{
"name": "CVE-2024-49929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49929"
},
{
"name": "CVE-2024-49930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49930"
},
{
"name": "CVE-2024-49931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49931"
},
{
"name": "CVE-2024-49933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49933"
},
{
"name": "CVE-2024-49935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49935"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-49937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49937"
},
{
"name": "CVE-2024-49938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49938"
},
{
"name": "CVE-2024-49939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49939"
},
{
"name": "CVE-2024-49946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49946"
},
{
"name": "CVE-2024-49947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49947"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-49953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49953"
},
{
"name": "CVE-2024-49954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49954"
},
{
"name": "CVE-2024-49955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49955"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2024-49961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49961"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-49963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49963"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-49967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49967"
},
{
"name": "CVE-2024-49969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49969"
},
{
"name": "CVE-2024-49972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49972"
},
{
"name": "CVE-2024-49973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49973"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49975"
},
{
"name": "CVE-2024-49981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49981"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2024-49985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49985"
},
{
"name": "CVE-2024-49986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49986"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2024-49993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49993"
},
{
"name": "CVE-2024-49995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49995"
},
{
"name": "CVE-2024-49996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49996"
},
{
"name": "CVE-2024-50000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50000"
},
{
"name": "CVE-2024-50001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50001"
},
{
"name": "CVE-2024-50002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50002"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2024-50008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50008"
},
{
"name": "CVE-2024-50013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50013"
},
{
"name": "CVE-2024-50014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50014"
},
{
"name": "CVE-2024-50015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50015"
},
{
"name": "CVE-2024-50017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50017"
},
{
"name": "CVE-2024-50019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50019"
},
{
"name": "CVE-2024-50020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50020"
},
{
"name": "CVE-2024-50021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50021"
},
{
"name": "CVE-2024-50022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50022"
},
{
"name": "CVE-2024-50023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50023"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-50025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50025"
},
{
"name": "CVE-2024-50027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50027"
},
{
"name": "CVE-2024-50028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50028"
},
{
"name": "CVE-2024-50031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50031"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-50040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50040"
},
{
"name": "CVE-2024-50041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50041"
},
{
"name": "CVE-2024-50042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50042"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-50046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50046"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2024-50048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50048"
},
{
"name": "CVE-2024-50049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50049"
},
{
"name": "CVE-2024-50055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50055"
},
{
"name": "CVE-2024-50058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50058"
},
{
"name": "CVE-2024-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50059"
},
{
"name": "CVE-2024-50060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50060"
},
{
"name": "CVE-2024-50061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50061"
},
{
"name": "CVE-2024-50062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50062"
},
{
"name": "CVE-2024-50063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50063"
},
{
"name": "CVE-2024-50064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50064"
},
{
"name": "CVE-2024-50069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50069"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2024-50074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50074"
},
{
"name": "CVE-2024-50075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50075"
},
{
"name": "CVE-2024-50076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50076"
},
{
"name": "CVE-2024-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50077"
},
{
"name": "CVE-2024-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50078"
},
{
"name": "CVE-2024-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50080"
},
{
"name": "CVE-2024-50081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50081"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0999",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2024-11-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3985-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1"
},
{
"published_at": "2024-11-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3984-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1"
},
{
"published_at": "2024-11-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3983-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243983-1"
},
{
"published_at": "2024-11-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3986-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243986-1"
}
]
}
CVE-2024-46859 (GCVE-0-2024-46859)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:42 – Updated: 2025-11-03 22:19
VLAI?
EPSS
Title
platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses
Summary
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses
The panasonic laptop code in various places uses the SINF array with index
values of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array
is big enough.
Not all panasonic laptops have this many SINF array entries, for example
the Toughbook CF-18 model only has 10 SINF array entries. So it only
supports the AC+DC brightness entries and mute.
Check that the SINF array has a minimum size which covers all AC+DC
brightness entries and refuse to load if the SINF array is smaller.
For higher SINF indexes hide the sysfs attributes when the SINF array
does not contain an entry for that attribute, avoiding show()/store()
accessing the array out of bounds and add bounds checking to the probe()
and resume() code accessing these.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6 , < b7c2f692307fe704be87ea80d7328782b33c3cef
(git)
Affected: e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6 , < 9291fadbd2720a869b1d2fcf82305648e2e62a16 (git) Affected: e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6 , < 6821a82616f60aa72c5909b3e252ad97fb9f7e2a (git) Affected: e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6 , < b38c19783286a71693c2194ed1b36665168c09c4 (git) Affected: e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6 , < f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T13:57:08.389850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T13:57:13.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:19:46.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/platform/x86/panasonic-laptop.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b7c2f692307fe704be87ea80d7328782b33c3cef",
"status": "affected",
"version": "e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6",
"versionType": "git"
},
{
"lessThan": "9291fadbd2720a869b1d2fcf82305648e2e62a16",
"status": "affected",
"version": "e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6",
"versionType": "git"
},
{
"lessThan": "6821a82616f60aa72c5909b3e252ad97fb9f7e2a",
"status": "affected",
"version": "e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6",
"versionType": "git"
},
{
"lessThan": "b38c19783286a71693c2194ed1b36665168c09c4",
"status": "affected",
"version": "e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6",
"versionType": "git"
},
{
"lessThan": "f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4",
"status": "affected",
"version": "e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/platform/x86/panasonic-laptop.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.3"
},
{
"lessThan": "3.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.52",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.111",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.52",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.11",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: panasonic-laptop: Fix SINF array out of bounds accesses\n\nThe panasonic laptop code in various places uses the SINF array with index\nvalues of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array\nis big enough.\n\nNot all panasonic laptops have this many SINF array entries, for example\nthe Toughbook CF-18 model only has 10 SINF array entries. So it only\nsupports the AC+DC brightness entries and mute.\n\nCheck that the SINF array has a minimum size which covers all AC+DC\nbrightness entries and refuse to load if the SINF array is smaller.\n\nFor higher SINF indexes hide the sysfs attributes when the SINF array\ndoes not contain an entry for that attribute, avoiding show()/store()\naccessing the array out of bounds and add bounds checking to the probe()\nand resume() code accessing these."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:36:07.377Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b7c2f692307fe704be87ea80d7328782b33c3cef"
},
{
"url": "https://git.kernel.org/stable/c/9291fadbd2720a869b1d2fcf82305648e2e62a16"
},
{
"url": "https://git.kernel.org/stable/c/6821a82616f60aa72c5909b3e252ad97fb9f7e2a"
},
{
"url": "https://git.kernel.org/stable/c/b38c19783286a71693c2194ed1b36665168c09c4"
},
{
"url": "https://git.kernel.org/stable/c/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4"
}
],
"title": "platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46859",
"datePublished": "2024-09-27T12:42:49.801Z",
"dateReserved": "2024-09-11T15:12:18.291Z",
"dateUpdated": "2025-11-03T22:19:46.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47719 (GCVE-0-2024-47719)
Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-05-04 09:38
VLAI?
EPSS
Title
iommufd: Protect against overflow of ALIGN() during iova allocation
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommufd: Protect against overflow of ALIGN() during iova allocation
Userspace can supply an iova and uptr such that the target iova alignment
becomes really big and ALIGN() overflows which corrupts the selected area
range during allocation. CONFIG_IOMMUFD_TEST can detect this:
WARNING: CPU: 1 PID: 5092 at drivers/iommu/iommufd/io_pagetable.c:268 iopt_alloc_area_pages drivers/iommu/iommufd/io_pagetable.c:268 [inline]
WARNING: CPU: 1 PID: 5092 at drivers/iommu/iommufd/io_pagetable.c:268 iopt_map_pages+0xf95/0x1050 drivers/iommu/iommufd/io_pagetable.c:352
Modules linked in:
CPU: 1 PID: 5092 Comm: syz-executor294 Not tainted 6.10.0-rc5-syzkaller-00294-g3ffea9a7a6f7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
RIP: 0010:iopt_alloc_area_pages drivers/iommu/iommufd/io_pagetable.c:268 [inline]
RIP: 0010:iopt_map_pages+0xf95/0x1050 drivers/iommu/iommufd/io_pagetable.c:352
Code: fc e9 a4 f3 ff ff e8 1a 8b 4c fc 41 be e4 ff ff ff e9 8a f3 ff ff e8 0a 8b 4c fc 90 0f 0b 90 e9 37 f5 ff ff e8 fc 8a 4c fc 90 <0f> 0b 90 e9 68 f3 ff ff 48 c7 c1 ec 82 ad 8f 80 e1 07 80 c1 03 38
RSP: 0018:ffffc90003ebf9e0 EFLAGS: 00010293
RAX: ffffffff85499fa4 RBX: 00000000ffffffef RCX: ffff888079b49e00
RDX: 0000000000000000 RSI: 00000000ffffffef RDI: 0000000000000000
RBP: ffffc90003ebfc50 R08: ffffffff85499b30 R09: ffffffff85499942
R10: 0000000000000002 R11: ffff888079b49e00 R12: ffff8880228e0010
R13: 0000000000000000 R14: 1ffff920007d7f68 R15: ffffc90003ebfd00
FS: 000055557d760380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000005fdeb8 CR3: 000000007404a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
iommufd_ioas_copy+0x610/0x7b0 drivers/iommu/iommufd/ioas.c:274
iommufd_fops_ioctl+0x4d9/0x5a0 drivers/iommu/iommufd/main.c:421
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Cap the automatic alignment to the huge page size, which is probably a
better idea overall. Huge automatic alignments can fragment and chew up
the available IOVA space without any reason.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
51fe6141f0f64ae0bbc096a41a07572273e8c0ef , < cd6dd564ae7d99967ef50078216929418160b30e
(git)
Affected: 51fe6141f0f64ae0bbc096a41a07572273e8c0ef , < a6e9f9fd14772c0b23c6d1d7002d98f9d27cb1f6 (git) Affected: 51fe6141f0f64ae0bbc096a41a07572273e8c0ef , < 72b78287ce92802e8ba678181a34b84ae844a112 (git) Affected: 51fe6141f0f64ae0bbc096a41a07572273e8c0ef , < 8f6887349b2f829a4121c518aeb064fc922714e4 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47719",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:02:15.050204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:17.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/iommufd/io_pagetable.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cd6dd564ae7d99967ef50078216929418160b30e",
"status": "affected",
"version": "51fe6141f0f64ae0bbc096a41a07572273e8c0ef",
"versionType": "git"
},
{
"lessThan": "a6e9f9fd14772c0b23c6d1d7002d98f9d27cb1f6",
"status": "affected",
"version": "51fe6141f0f64ae0bbc096a41a07572273e8c0ef",
"versionType": "git"
},
{
"lessThan": "72b78287ce92802e8ba678181a34b84ae844a112",
"status": "affected",
"version": "51fe6141f0f64ae0bbc096a41a07572273e8c0ef",
"versionType": "git"
},
{
"lessThan": "8f6887349b2f829a4121c518aeb064fc922714e4",
"status": "affected",
"version": "51fe6141f0f64ae0bbc096a41a07572273e8c0ef",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/iommufd/io_pagetable.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Protect against overflow of ALIGN() during iova allocation\n\nUserspace can supply an iova and uptr such that the target iova alignment\nbecomes really big and ALIGN() overflows which corrupts the selected area\nrange during allocation. CONFIG_IOMMUFD_TEST can detect this:\n\n WARNING: CPU: 1 PID: 5092 at drivers/iommu/iommufd/io_pagetable.c:268 iopt_alloc_area_pages drivers/iommu/iommufd/io_pagetable.c:268 [inline]\n WARNING: CPU: 1 PID: 5092 at drivers/iommu/iommufd/io_pagetable.c:268 iopt_map_pages+0xf95/0x1050 drivers/iommu/iommufd/io_pagetable.c:352\n Modules linked in:\n CPU: 1 PID: 5092 Comm: syz-executor294 Not tainted 6.10.0-rc5-syzkaller-00294-g3ffea9a7a6f7 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024\n RIP: 0010:iopt_alloc_area_pages drivers/iommu/iommufd/io_pagetable.c:268 [inline]\n RIP: 0010:iopt_map_pages+0xf95/0x1050 drivers/iommu/iommufd/io_pagetable.c:352\n Code: fc e9 a4 f3 ff ff e8 1a 8b 4c fc 41 be e4 ff ff ff e9 8a f3 ff ff e8 0a 8b 4c fc 90 0f 0b 90 e9 37 f5 ff ff e8 fc 8a 4c fc 90 \u003c0f\u003e 0b 90 e9 68 f3 ff ff 48 c7 c1 ec 82 ad 8f 80 e1 07 80 c1 03 38\n RSP: 0018:ffffc90003ebf9e0 EFLAGS: 00010293\n RAX: ffffffff85499fa4 RBX: 00000000ffffffef RCX: ffff888079b49e00\n RDX: 0000000000000000 RSI: 00000000ffffffef RDI: 0000000000000000\n RBP: ffffc90003ebfc50 R08: ffffffff85499b30 R09: ffffffff85499942\n R10: 0000000000000002 R11: ffff888079b49e00 R12: ffff8880228e0010\n R13: 0000000000000000 R14: 1ffff920007d7f68 R15: ffffc90003ebfd00\n FS: 000055557d760380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000005fdeb8 CR3: 000000007404a000 CR4: 00000000003506f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n iommufd_ioas_copy+0x610/0x7b0 drivers/iommu/iommufd/ioas.c:274\n iommufd_fops_ioctl+0x4d9/0x5a0 drivers/iommu/iommufd/main.c:421\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCap the automatic alignment to the huge page size, which is probably a\nbetter idea overall. Huge automatic alignments can fragment and chew up\nthe available IOVA space without any reason."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:38:13.967Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cd6dd564ae7d99967ef50078216929418160b30e"
},
{
"url": "https://git.kernel.org/stable/c/a6e9f9fd14772c0b23c6d1d7002d98f9d27cb1f6"
},
{
"url": "https://git.kernel.org/stable/c/72b78287ce92802e8ba678181a34b84ae844a112"
},
{
"url": "https://git.kernel.org/stable/c/8f6887349b2f829a4121c518aeb064fc922714e4"
}
],
"title": "iommufd: Protect against overflow of ALIGN() during iova allocation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47719",
"datePublished": "2024-10-21T11:53:49.516Z",
"dateReserved": "2024-09-30T16:00:12.949Z",
"dateUpdated": "2025-05-04T09:38:13.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48957 (GCVE-0-2022-48957)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:26
VLAI?
EPSS
Title
dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove()
Summary
In the Linux kernel, the following vulnerability has been resolved:
dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove()
The cmd_buff needs to be freed when error happened in
dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove().
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
1110318d83e8011c4dfcb2f7dd343bcfb1623c5f , < 54d830e24247fa8361b016dd2069362866f45cb6
(git)
Affected: 1110318d83e8011c4dfcb2f7dd343bcfb1623c5f , < 785ee7a82297e1512d9061aae91699212ed65796 (git) Affected: 1110318d83e8011c4dfcb2f7dd343bcfb1623c5f , < 4fad22a1281c500f15b172c9d261eff347ca634b (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:20:52.870701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:39.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "54d830e24247fa8361b016dd2069362866f45cb6",
"status": "affected",
"version": "1110318d83e8011c4dfcb2f7dd343bcfb1623c5f",
"versionType": "git"
},
{
"lessThan": "785ee7a82297e1512d9061aae91699212ed65796",
"status": "affected",
"version": "1110318d83e8011c4dfcb2f7dd343bcfb1623c5f",
"versionType": "git"
},
{
"lessThan": "4fad22a1281c500f15b172c9d261eff347ca634b",
"status": "affected",
"version": "1110318d83e8011c4dfcb2f7dd343bcfb1623c5f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove()\n\nThe cmd_buff needs to be freed when error happened in\ndpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:55.130Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/54d830e24247fa8361b016dd2069362866f45cb6"
},
{
"url": "https://git.kernel.org/stable/c/785ee7a82297e1512d9061aae91699212ed65796"
},
{
"url": "https://git.kernel.org/stable/c/4fad22a1281c500f15b172c9d261eff347ca634b"
}
],
"title": "dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48957",
"datePublished": "2024-10-21T20:05:43.107Z",
"dateReserved": "2024-08-22T01:27:53.627Z",
"dateUpdated": "2025-05-04T08:26:55.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47685 (GCVE-0-2024-47685)
Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-11-03 22:20
VLAI?
EPSS
Title
netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending
garbage on the four reserved tcp bits (th->res1)
Use skb_put_zero() to clear the whole TCP header,
as done in nf_reject_ip_tcphdr_put()
BUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255
nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255
nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344
nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48
expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]
nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288
nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161
nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626
nf_hook include/linux/netfilter.h:269 [inline]
NF_HOOK include/linux/netfilter.h:312 [inline]
ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310
__netif_receive_skb_one_core net/core/dev.c:5661 [inline]
__netif_receive_skb+0x1da/0xa00 net/core/dev.c:5775
process_backlog+0x4ad/0xa50 net/core/dev.c:6108
__napi_poll+0xe7/0x980 net/core/dev.c:6772
napi_poll net/core/dev.c:6841 [inline]
net_rx_action+0xa5a/0x19b0 net/core/dev.c:6963
handle_softirqs+0x1ce/0x800 kernel/softirq.c:554
__do_softirq+0x14/0x1a kernel/softirq.c:588
do_softirq+0x9a/0x100 kernel/softirq.c:455
__local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:382
local_bh_enable include/linux/bottom_half.h:33 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:908 [inline]
__dev_queue_xmit+0x2692/0x5610 net/core/dev.c:4450
dev_queue_xmit include/linux/netdevice.h:3105 [inline]
neigh_resolve_output+0x9ca/0xae0 net/core/neighbour.c:1565
neigh_output include/net/neighbour.h:542 [inline]
ip6_finish_output2+0x2347/0x2ba0 net/ipv6/ip6_output.c:141
__ip6_finish_output net/ipv6/ip6_output.c:215 [inline]
ip6_finish_output+0xbb8/0x14b0 net/ipv6/ip6_output.c:226
NF_HOOK_COND include/linux/netfilter.h:303 [inline]
ip6_output+0x356/0x620 net/ipv6/ip6_output.c:247
dst_output include/net/dst.h:450 [inline]
NF_HOOK include/linux/netfilter.h:314 [inline]
ip6_xmit+0x1ba6/0x25d0 net/ipv6/ip6_output.c:366
inet6_csk_xmit+0x442/0x530 net/ipv6/inet6_connection_sock.c:135
__tcp_transmit_skb+0x3b07/0x4880 net/ipv4/tcp_output.c:1466
tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]
tcp_connect+0x35b6/0x7130 net/ipv4/tcp_output.c:4143
tcp_v6_connect+0x1bcc/0x1e40 net/ipv6/tcp_ipv6.c:333
__inet_stream_connect+0x2ef/0x1730 net/ipv4/af_inet.c:679
inet_stream_connect+0x6a/0xd0 net/ipv4/af_inet.c:750
__sys_connect_file net/socket.c:2061 [inline]
__sys_connect+0x606/0x690 net/socket.c:2078
__do_sys_connect net/socket.c:2088 [inline]
__se_sys_connect net/socket.c:2085 [inline]
__x64_sys_connect+0x91/0xe0 net/socket.c:2085
x64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was stored to memory at:
nf_reject_ip6_tcphdr_put+0x60c/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:249
nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344
nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48
expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]
nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288
nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161
nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626
nf_hook include/linux/netfilter.h:269 [inline]
NF_HOOK include/linux/netfilter.h:312 [inline]
ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310
__netif_receive_skb_one_core
---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
c8d7b98bec43faaa6583c3135030be5eb4693acb , < 872eca64c3267dbc5836b715716fc6c03a18eda7
(git)
Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < 7bcbc4cda777d26c88500d973fad0d497fc8a82e (git) Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < dcf48ab3ca2c55b09c8f9c8de0df01c1943bc4e5 (git) Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < fbff87d682e57ddbbe82abf6d0a1a4a36a98afcd (git) Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < 7ea2bcfd9bf4c3dbbf22546162226fd1c14d8ad2 (git) Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < af4b8a704f26f38310655bad67fd8096293275a2 (git) Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < 7a7b5a27c53b55e91eecf646d1b204e73fa4af93 (git) Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < 10210658f827ad45061581cbfc05924b723e8922 (git) Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < 9c778fe48d20ef362047e3376dee56d77f8500d4 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:06:45.955918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:14:16.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:20:52.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/netfilter/nf_reject_ipv6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "872eca64c3267dbc5836b715716fc6c03a18eda7",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "7bcbc4cda777d26c88500d973fad0d497fc8a82e",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "dcf48ab3ca2c55b09c8f9c8de0df01c1943bc4e5",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "fbff87d682e57ddbbe82abf6d0a1a4a36a98afcd",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "7ea2bcfd9bf4c3dbbf22546162226fd1c14d8ad2",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "af4b8a704f26f38310655bad67fd8096293275a2",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "7a7b5a27c53b55e91eecf646d1b204e73fa4af93",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "10210658f827ad45061581cbfc05924b723e8922",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "9c778fe48d20ef362047e3376dee56d77f8500d4",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/netfilter/nf_reject_ipv6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()\n\nsyzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending\ngarbage on the four reserved tcp bits (th-\u003eres1)\n\nUse skb_put_zero() to clear the whole TCP header,\nas done in nf_reject_ip_tcphdr_put()\n\nBUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\n nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\n nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\n nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5775\n process_backlog+0x4ad/0xa50 net/core/dev.c:6108\n __napi_poll+0xe7/0x980 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0xa5a/0x19b0 net/core/dev.c:6963\n handle_softirqs+0x1ce/0x800 kernel/softirq.c:554\n __do_softirq+0x14/0x1a kernel/softirq.c:588\n do_softirq+0x9a/0x100 kernel/softirq.c:455\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:382\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:908 [inline]\n __dev_queue_xmit+0x2692/0x5610 net/core/dev.c:4450\n dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n neigh_resolve_output+0x9ca/0xae0 net/core/neighbour.c:1565\n neigh_output include/net/neighbour.h:542 [inline]\n ip6_finish_output2+0x2347/0x2ba0 net/ipv6/ip6_output.c:141\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n ip6_finish_output+0xbb8/0x14b0 net/ipv6/ip6_output.c:226\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip6_output+0x356/0x620 net/ipv6/ip6_output.c:247\n dst_output include/net/dst.h:450 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip6_xmit+0x1ba6/0x25d0 net/ipv6/ip6_output.c:366\n inet6_csk_xmit+0x442/0x530 net/ipv6/inet6_connection_sock.c:135\n __tcp_transmit_skb+0x3b07/0x4880 net/ipv4/tcp_output.c:1466\n tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]\n tcp_connect+0x35b6/0x7130 net/ipv4/tcp_output.c:4143\n tcp_v6_connect+0x1bcc/0x1e40 net/ipv6/tcp_ipv6.c:333\n __inet_stream_connect+0x2ef/0x1730 net/ipv4/af_inet.c:679\n inet_stream_connect+0x6a/0xd0 net/ipv4/af_inet.c:750\n __sys_connect_file net/socket.c:2061 [inline]\n __sys_connect+0x606/0x690 net/socket.c:2078\n __do_sys_connect net/socket.c:2088 [inline]\n __se_sys_connect net/socket.c:2085 [inline]\n __x64_sys_connect+0x91/0xe0 net/socket.c:2085\n x64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was stored to memory at:\n nf_reject_ip6_tcphdr_put+0x60c/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:249\n nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\n nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:37:14.167Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/872eca64c3267dbc5836b715716fc6c03a18eda7"
},
{
"url": "https://git.kernel.org/stable/c/7bcbc4cda777d26c88500d973fad0d497fc8a82e"
},
{
"url": "https://git.kernel.org/stable/c/dcf48ab3ca2c55b09c8f9c8de0df01c1943bc4e5"
},
{
"url": "https://git.kernel.org/stable/c/fbff87d682e57ddbbe82abf6d0a1a4a36a98afcd"
},
{
"url": "https://git.kernel.org/stable/c/7ea2bcfd9bf4c3dbbf22546162226fd1c14d8ad2"
},
{
"url": "https://git.kernel.org/stable/c/af4b8a704f26f38310655bad67fd8096293275a2"
},
{
"url": "https://git.kernel.org/stable/c/7a7b5a27c53b55e91eecf646d1b204e73fa4af93"
},
{
"url": "https://git.kernel.org/stable/c/10210658f827ad45061581cbfc05924b723e8922"
},
{
"url": "https://git.kernel.org/stable/c/9c778fe48d20ef362047e3376dee56d77f8500d4"
}
],
"title": "netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47685",
"datePublished": "2024-10-21T11:53:26.486Z",
"dateReserved": "2024-09-30T16:00:12.941Z",
"dateUpdated": "2025-11-03T22:20:52.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-45934 (GCVE-0-2022-45934)
Vulnerability from cvelistv5 – Published: 2022-11-27 00:00 – Updated: 2025-04-29 13:41
VLAI?
EPSS
Summary
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:24:03.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d"
},
{
"name": "FEDORA-2022-90162a1d88",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDAKCGDW6CQ6G3RZWYZJO454R3L5CTQB/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230113-0008/"
},
{
"name": "DSA-5324",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5324"
},
{
"name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html"
},
{
"name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45934",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T13:40:38.316119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T13:41:05.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d"
},
{
"name": "FEDORA-2022-90162a1d88",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDAKCGDW6CQ6G3RZWYZJO454R3L5CTQB/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230113-0008/"
},
{
"name": "DSA-5324",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5324"
},
{
"name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html"
},
{
"name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45934",
"datePublished": "2022-11-27T00:00:00.000Z",
"dateReserved": "2022-11-27T00:00:00.000Z",
"dateUpdated": "2025-04-29T13:41:05.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2166 (GCVE-0-2023-2166)
Vulnerability from cvelistv5 – Published: 2023-04-19 00:00 – Updated: 2025-02-05 15:13
VLAI?
EPSS
Summary
A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.
Severity ?
5.5 (Medium)
CWE
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/lkml/CAO4mrfcV_07hbj8NUuZrA8FH-kaRsrFy-2metecpTuE5kKHn5w%40mail.gmail.com/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-2166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T15:12:07.422598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T15:13:09.129Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Linux",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux Kernel version prior to Kernel 6.1 RC9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://lore.kernel.org/lkml/CAO4mrfcV_07hbj8NUuZrA8FH-kaRsrFy-2metecpTuE5kKHn5w%40mail.gmail.com/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-2166",
"datePublished": "2023-04-19T00:00:00.000Z",
"dateReserved": "2023-04-18T00:00:00.000Z",
"dateUpdated": "2025-02-05T15:13:09.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49025 (GCVE-0-2022-49025)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
net/mlx5e: Fix use-after-free when reverting termination table
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix use-after-free when reverting termination table
When having multiple dests with termination tables and second one
or afterwards fails the driver reverts usage of term tables but
doesn't reset the assignment in attr->dests[num_vport_dests].termtbl
which case a use-after-free when releasing the rule.
Fix by resetting the assignment of termtbl to null.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
10caabdaad5ace85577a453da97d1f8d3b944427 , < 0a2d73a77060c3cbdc6e801cd5d979d674cd404b
(git)
Affected: 10caabdaad5ace85577a453da97d1f8d3b944427 , < 0d2f9d95d9fbe993f3c4bafb87d59897b0325aff (git) Affected: 10caabdaad5ace85577a453da97d1f8d3b944427 , < 372eb550faa0757349040fd43f59483cbfdb2c0b (git) Affected: 10caabdaad5ace85577a453da97d1f8d3b944427 , < e6d2d26a49c3a9cd46b232975e45236304810904 (git) Affected: 10caabdaad5ace85577a453da97d1f8d3b944427 , < 52c795af04441d76f565c4634f893e5b553df2ae (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:12:03.785297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:36.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads_termtbl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0a2d73a77060c3cbdc6e801cd5d979d674cd404b",
"status": "affected",
"version": "10caabdaad5ace85577a453da97d1f8d3b944427",
"versionType": "git"
},
{
"lessThan": "0d2f9d95d9fbe993f3c4bafb87d59897b0325aff",
"status": "affected",
"version": "10caabdaad5ace85577a453da97d1f8d3b944427",
"versionType": "git"
},
{
"lessThan": "372eb550faa0757349040fd43f59483cbfdb2c0b",
"status": "affected",
"version": "10caabdaad5ace85577a453da97d1f8d3b944427",
"versionType": "git"
},
{
"lessThan": "e6d2d26a49c3a9cd46b232975e45236304810904",
"status": "affected",
"version": "10caabdaad5ace85577a453da97d1f8d3b944427",
"versionType": "git"
},
{
"lessThan": "52c795af04441d76f565c4634f893e5b553df2ae",
"status": "affected",
"version": "10caabdaad5ace85577a453da97d1f8d3b944427",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads_termtbl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix use-after-free when reverting termination table\n\nWhen having multiple dests with termination tables and second one\nor afterwards fails the driver reverts usage of term tables but\ndoesn\u0027t reset the assignment in attr-\u003edests[num_vport_dests].termtbl\nwhich case a use-after-free when releasing the rule.\nFix by resetting the assignment of termtbl to null."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:19.128Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0a2d73a77060c3cbdc6e801cd5d979d674cd404b"
},
{
"url": "https://git.kernel.org/stable/c/0d2f9d95d9fbe993f3c4bafb87d59897b0325aff"
},
{
"url": "https://git.kernel.org/stable/c/372eb550faa0757349040fd43f59483cbfdb2c0b"
},
{
"url": "https://git.kernel.org/stable/c/e6d2d26a49c3a9cd46b232975e45236304810904"
},
{
"url": "https://git.kernel.org/stable/c/52c795af04441d76f565c4634f893e5b553df2ae"
}
],
"title": "net/mlx5e: Fix use-after-free when reverting termination table",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49025",
"datePublished": "2024-10-21T20:06:31.189Z",
"dateReserved": "2024-08-22T01:27:53.650Z",
"dateUpdated": "2025-05-04T08:28:19.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46719 (GCVE-0-2024-46719)
Vulnerability from cvelistv5 – Published: 2024-09-18 06:32 – Updated: 2026-01-05 10:52
VLAI?
EPSS
Title
usb: typec: ucsi: Fix null pointer dereference in trace
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: ucsi: Fix null pointer dereference in trace
ucsi_register_altmode checks IS_ERR for the alt pointer and treats
NULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,
ucsi_register_displayport returns NULL which causes a NULL pointer
dereference in trace. Rather than return NULL, call
typec_port_register_altmode to register DisplayPort alternate mode
as a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
af8622f6a585d8d82b11cd7987e082861fd0edd3 , < 8095bf0579ed4906a33f7bec675bfb29b6b16a3b
(git)
Affected: af8622f6a585d8d82b11cd7987e082861fd0edd3 , < 7e64cabe81c303bdf6fd26b6a09a3289b33bc870 (git) Affected: af8622f6a585d8d82b11cd7987e082861fd0edd3 , < 3aa56313b0de06ce1911950b2cc0c269614a87a9 (git) Affected: af8622f6a585d8d82b11cd7987e082861fd0edd3 , < b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae (git) Affected: af8622f6a585d8d82b11cd7987e082861fd0edd3 , < 3b9f2d9301ae67070fe77a0c06758722fd7172b7 (git) Affected: af8622f6a585d8d82b11cd7987e082861fd0edd3 , < 99331fe68a8eaa4097143a33fb0c12d5e5e8e830 (git) Affected: af8622f6a585d8d82b11cd7987e082861fd0edd3 , < 99516f76db48e1a9d54cdfed63c1babcee4e71a5 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46719",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:57:21.735008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:57:35.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:16:52.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/typec/ucsi/ucsi.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8095bf0579ed4906a33f7bec675bfb29b6b16a3b",
"status": "affected",
"version": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
"versionType": "git"
},
{
"lessThan": "7e64cabe81c303bdf6fd26b6a09a3289b33bc870",
"status": "affected",
"version": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
"versionType": "git"
},
{
"lessThan": "3aa56313b0de06ce1911950b2cc0c269614a87a9",
"status": "affected",
"version": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
"versionType": "git"
},
{
"lessThan": "b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae",
"status": "affected",
"version": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
"versionType": "git"
},
{
"lessThan": "3b9f2d9301ae67070fe77a0c06758722fd7172b7",
"status": "affected",
"version": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
"versionType": "git"
},
{
"lessThan": "99331fe68a8eaa4097143a33fb0c12d5e5e8e830",
"status": "affected",
"version": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
"versionType": "git"
},
{
"lessThan": "99516f76db48e1a9d54cdfed63c1babcee4e71a5",
"status": "affected",
"version": "af8622f6a585d8d82b11cd7987e082861fd0edd3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/typec/ucsi/ucsi.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.50",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.109",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.50",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix null pointer dereference in trace\n\nucsi_register_altmode checks IS_ERR for the alt pointer and treats\nNULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,\nucsi_register_displayport returns NULL which causes a NULL pointer\ndereference in trace. Rather than return NULL, call\ntypec_port_register_altmode to register DisplayPort alternate mode\nas a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:52:54.042Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b"
},
{
"url": "https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870"
},
{
"url": "https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9"
},
{
"url": "https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae"
},
{
"url": "https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7"
},
{
"url": "https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830"
},
{
"url": "https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5"
}
],
"title": "usb: typec: ucsi: Fix null pointer dereference in trace",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46719",
"datePublished": "2024-09-18T06:32:18.028Z",
"dateReserved": "2024-09-11T15:12:18.255Z",
"dateUpdated": "2026-01-05T10:52:54.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49023 (GCVE-0-2022-49023)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
wifi: cfg80211: fix buffer overflow in elem comparison
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: fix buffer overflow in elem comparison
For vendor elements, the code here assumes that 5 octets
are present without checking. Since the element itself is
already checked to fit, we only need to check the length.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
0b8fb8235be8be99a197e8d948fc0a2df8dc261a , < f5c2ec288a865dbe3706b09bed12302e9f6d696b
(git)
Affected: 0b8fb8235be8be99a197e8d948fc0a2df8dc261a , < 9e6b79a3cd17620d467311b30d56f2648f6880aa (git) Affected: 0b8fb8235be8be99a197e8d948fc0a2df8dc261a , < 88a6fe3707888bd1893e9741157a7035c4159ab6 (git) Affected: 0b8fb8235be8be99a197e8d948fc0a2df8dc261a , < 391cb872553627bdcf236c03ee7d5adb275e37e1 (git) Affected: 0b8fb8235be8be99a197e8d948fc0a2df8dc261a , < 9f16b5c82a025cd4c864737409234ddc44fb166a (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:12:18.800355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:36.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/wireless/scan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f5c2ec288a865dbe3706b09bed12302e9f6d696b",
"status": "affected",
"version": "0b8fb8235be8be99a197e8d948fc0a2df8dc261a",
"versionType": "git"
},
{
"lessThan": "9e6b79a3cd17620d467311b30d56f2648f6880aa",
"status": "affected",
"version": "0b8fb8235be8be99a197e8d948fc0a2df8dc261a",
"versionType": "git"
},
{
"lessThan": "88a6fe3707888bd1893e9741157a7035c4159ab6",
"status": "affected",
"version": "0b8fb8235be8be99a197e8d948fc0a2df8dc261a",
"versionType": "git"
},
{
"lessThan": "391cb872553627bdcf236c03ee7d5adb275e37e1",
"status": "affected",
"version": "0b8fb8235be8be99a197e8d948fc0a2df8dc261a",
"versionType": "git"
},
{
"lessThan": "9f16b5c82a025cd4c864737409234ddc44fb166a",
"status": "affected",
"version": "0b8fb8235be8be99a197e8d948fc0a2df8dc261a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/wireless/scan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: fix buffer overflow in elem comparison\n\nFor vendor elements, the code here assumes that 5 octets\nare present without checking. Since the element itself is\nalready checked to fit, we only need to check the length."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:16.767Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f5c2ec288a865dbe3706b09bed12302e9f6d696b"
},
{
"url": "https://git.kernel.org/stable/c/9e6b79a3cd17620d467311b30d56f2648f6880aa"
},
{
"url": "https://git.kernel.org/stable/c/88a6fe3707888bd1893e9741157a7035c4159ab6"
},
{
"url": "https://git.kernel.org/stable/c/391cb872553627bdcf236c03ee7d5adb275e37e1"
},
{
"url": "https://git.kernel.org/stable/c/9f16b5c82a025cd4c864737409234ddc44fb166a"
}
],
"title": "wifi: cfg80211: fix buffer overflow in elem comparison",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49023",
"datePublished": "2024-10-21T20:06:29.901Z",
"dateReserved": "2024-08-22T01:27:53.649Z",
"dateUpdated": "2025-05-04T08:28:16.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47720 (GCVE-0-2024-47720)
Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func
This commit adds a null check for the set_output_gamma function pointer
in the dcn30_set_output_transfer_func function. Previously,
set_output_gamma was being checked for nullity at line 386, but then it
was being dereferenced without any nullity check at line 401. This
could potentially lead to a null pointer dereference error if
set_output_gamma is indeed null.
To fix this, we now ensure that set_output_gamma is not null before
dereferencing it. We do this by adding a nullity check for
set_output_gamma before the call to set_output_gamma at line 401. If
set_output_gamma is null, we log an error message and do not call the
function.
This fix prevents a potential null pointer dereference error.
drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:401 dcn30_set_output_transfer_func()
error: we previously assumed 'mpc->funcs->set_output_gamma' could be null (see line 386)
drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c
373 bool dcn30_set_output_transfer_func(struct dc *dc,
374 struct pipe_ctx *pipe_ctx,
375 const struct dc_stream_state *stream)
376 {
377 int mpcc_id = pipe_ctx->plane_res.hubp->inst;
378 struct mpc *mpc = pipe_ctx->stream_res.opp->ctx->dc->res_pool->mpc;
379 const struct pwl_params *params = NULL;
380 bool ret = false;
381
382 /* program OGAM or 3DLUT only for the top pipe*/
383 if (pipe_ctx->top_pipe == NULL) {
384 /*program rmu shaper and 3dlut in MPC*/
385 ret = dcn30_set_mpc_shaper_3dlut(pipe_ctx, stream);
386 if (ret == false && mpc->funcs->set_output_gamma) {
^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If this is NULL
387 if (stream->out_transfer_func.type == TF_TYPE_HWPWL)
388 params = &stream->out_transfer_func.pwl;
389 else if (pipe_ctx->stream->out_transfer_func.type ==
390 TF_TYPE_DISTRIBUTED_POINTS &&
391 cm3_helper_translate_curve_to_hw_format(
392 &stream->out_transfer_func,
393 &mpc->blender_params, false))
394 params = &mpc->blender_params;
395 /* there are no ROM LUTs in OUTGAM */
396 if (stream->out_transfer_func.type == TF_TYPE_PREDEFINED)
397 BREAK_TO_DEBUGGER();
398 }
399 }
400
--> 401 mpc->funcs->set_output_gamma(mpc, mpcc_id, params);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Then it will crash
402 return ret;
403 }
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
d99f13878d6f9c286b13860d8bf0b4db9ffb189a , < 44948d3cb943602ba4a0b5ed3c91ae0525838fb1
(git)
Affected: d99f13878d6f9c286b13860d8bf0b4db9ffb189a , < 64886a4e6f1dce843c0889505cf0673b5211e16a (git) Affected: d99f13878d6f9c286b13860d8bf0b4db9ffb189a , < ddf9ff244d704e1903533f7be377615ed34b83e7 (git) Affected: d99f13878d6f9c286b13860d8bf0b4db9ffb189a , < 84edd5a3f5fa6aafa4afcaf9f101f46426c620c9 (git) Affected: d99f13878d6f9c286b13860d8bf0b4db9ffb189a , < 72ee32d0907364104fbcf4f68dd5ae63cd8eae9e (git) Affected: d99f13878d6f9c286b13860d8bf0b4db9ffb189a , < 08ae395ea22fb3d9b318c8bde28c0dfd2f5fa4d2 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47720",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:02:07.747616Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:17.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:20.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "44948d3cb943602ba4a0b5ed3c91ae0525838fb1",
"status": "affected",
"version": "d99f13878d6f9c286b13860d8bf0b4db9ffb189a",
"versionType": "git"
},
{
"lessThan": "64886a4e6f1dce843c0889505cf0673b5211e16a",
"status": "affected",
"version": "d99f13878d6f9c286b13860d8bf0b4db9ffb189a",
"versionType": "git"
},
{
"lessThan": "ddf9ff244d704e1903533f7be377615ed34b83e7",
"status": "affected",
"version": "d99f13878d6f9c286b13860d8bf0b4db9ffb189a",
"versionType": "git"
},
{
"lessThan": "84edd5a3f5fa6aafa4afcaf9f101f46426c620c9",
"status": "affected",
"version": "d99f13878d6f9c286b13860d8bf0b4db9ffb189a",
"versionType": "git"
},
{
"lessThan": "72ee32d0907364104fbcf4f68dd5ae63cd8eae9e",
"status": "affected",
"version": "d99f13878d6f9c286b13860d8bf0b4db9ffb189a",
"versionType": "git"
},
{
"lessThan": "08ae395ea22fb3d9b318c8bde28c0dfd2f5fa4d2",
"status": "affected",
"version": "d99f13878d6f9c286b13860d8bf0b4db9ffb189a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func\n\nThis commit adds a null check for the set_output_gamma function pointer\nin the dcn30_set_output_transfer_func function. Previously,\nset_output_gamma was being checked for nullity at line 386, but then it\nwas being dereferenced without any nullity check at line 401. This\ncould potentially lead to a null pointer dereference error if\nset_output_gamma is indeed null.\n\nTo fix this, we now ensure that set_output_gamma is not null before\ndereferencing it. We do this by adding a nullity check for\nset_output_gamma before the call to set_output_gamma at line 401. If\nset_output_gamma is null, we log an error message and do not call the\nfunction.\n\nThis fix prevents a potential null pointer dereference error.\n\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:401 dcn30_set_output_transfer_func()\nerror: we previously assumed \u0027mpc-\u003efuncs-\u003eset_output_gamma\u0027 could be null (see line 386)\n\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c\n 373 bool dcn30_set_output_transfer_func(struct dc *dc,\n 374 struct pipe_ctx *pipe_ctx,\n 375 const struct dc_stream_state *stream)\n 376 {\n 377 int mpcc_id = pipe_ctx-\u003eplane_res.hubp-\u003einst;\n 378 struct mpc *mpc = pipe_ctx-\u003estream_res.opp-\u003ectx-\u003edc-\u003eres_pool-\u003empc;\n 379 const struct pwl_params *params = NULL;\n 380 bool ret = false;\n 381\n 382 /* program OGAM or 3DLUT only for the top pipe*/\n 383 if (pipe_ctx-\u003etop_pipe == NULL) {\n 384 /*program rmu shaper and 3dlut in MPC*/\n 385 ret = dcn30_set_mpc_shaper_3dlut(pipe_ctx, stream);\n 386 if (ret == false \u0026\u0026 mpc-\u003efuncs-\u003eset_output_gamma) {\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If this is NULL\n\n 387 if (stream-\u003eout_transfer_func.type == TF_TYPE_HWPWL)\n 388 params = \u0026stream-\u003eout_transfer_func.pwl;\n 389 else if (pipe_ctx-\u003estream-\u003eout_transfer_func.type ==\n 390 TF_TYPE_DISTRIBUTED_POINTS \u0026\u0026\n 391 cm3_helper_translate_curve_to_hw_format(\n 392 \u0026stream-\u003eout_transfer_func,\n 393 \u0026mpc-\u003eblender_params, false))\n 394 params = \u0026mpc-\u003eblender_params;\n 395 /* there are no ROM LUTs in OUTGAM */\n 396 if (stream-\u003eout_transfer_func.type == TF_TYPE_PREDEFINED)\n 397 BREAK_TO_DEBUGGER();\n 398 }\n 399 }\n 400\n--\u003e 401 mpc-\u003efuncs-\u003eset_output_gamma(mpc, mpcc_id, params);\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Then it will crash\n\n 402 return ret;\n 403 }"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:38:15.217Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/44948d3cb943602ba4a0b5ed3c91ae0525838fb1"
},
{
"url": "https://git.kernel.org/stable/c/64886a4e6f1dce843c0889505cf0673b5211e16a"
},
{
"url": "https://git.kernel.org/stable/c/ddf9ff244d704e1903533f7be377615ed34b83e7"
},
{
"url": "https://git.kernel.org/stable/c/84edd5a3f5fa6aafa4afcaf9f101f46426c620c9"
},
{
"url": "https://git.kernel.org/stable/c/72ee32d0907364104fbcf4f68dd5ae63cd8eae9e"
},
{
"url": "https://git.kernel.org/stable/c/08ae395ea22fb3d9b318c8bde28c0dfd2f5fa4d2"
}
],
"title": "drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47720",
"datePublished": "2024-10-21T11:53:50.178Z",
"dateReserved": "2024-09-30T16:00:12.950Z",
"dateUpdated": "2025-11-03T22:21:20.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49016 (GCVE-0-2022-49016)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
net: mdiobus: fix unbalanced node reference count
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: mdiobus: fix unbalanced node reference count
I got the following report while doing device(mscc-miim) load test
with CONFIG_OF_UNITTEST and CONFIG_OF_DYNAMIC enabled:
OF: ERROR: memory leak, expected refcount 1 instead of 2,
of_node_get()/of_node_put() unbalanced - destroy cset entry:
attach overlay node /spi/soc@0/mdio@7107009c/ethernet-phy@0
If the 'fwnode' is not an acpi node, the refcount is get in
fwnode_mdiobus_phy_device_register(), but it has never been
put when the device is freed in the normal path. So call
fwnode_handle_put() in phy_device_release() to avoid leak.
If it's an acpi node, it has never been get, but it's put
in the error path, so call fwnode_handle_get() before
phy_device_register() to keep get/put operation balanced.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
bc1bee3b87ee48bd97ef7fd306445132ba2041b0 , < 543d917f691ab06885ee779c862065899eaa4251
(git)
Affected: bc1bee3b87ee48bd97ef7fd306445132ba2041b0 , < 2708b357440427d6a9fee667eb7b8307f4625adc (git) Affected: bc1bee3b87ee48bd97ef7fd306445132ba2041b0 , < cdde1560118f82498fc9e9a7c1ef7f0ef7755891 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:13:13.450914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:37.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/mdio/fwnode_mdio.c",
"drivers/net/phy/phy_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "543d917f691ab06885ee779c862065899eaa4251",
"status": "affected",
"version": "bc1bee3b87ee48bd97ef7fd306445132ba2041b0",
"versionType": "git"
},
{
"lessThan": "2708b357440427d6a9fee667eb7b8307f4625adc",
"status": "affected",
"version": "bc1bee3b87ee48bd97ef7fd306445132ba2041b0",
"versionType": "git"
},
{
"lessThan": "cdde1560118f82498fc9e9a7c1ef7f0ef7755891",
"status": "affected",
"version": "bc1bee3b87ee48bd97ef7fd306445132ba2041b0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/mdio/fwnode_mdio.c",
"drivers/net/phy/phy_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mdiobus: fix unbalanced node reference count\n\nI got the following report while doing device(mscc-miim) load test\nwith CONFIG_OF_UNITTEST and CONFIG_OF_DYNAMIC enabled:\n\n OF: ERROR: memory leak, expected refcount 1 instead of 2,\n of_node_get()/of_node_put() unbalanced - destroy cset entry:\n attach overlay node /spi/soc@0/mdio@7107009c/ethernet-phy@0\n\nIf the \u0027fwnode\u0027 is not an acpi node, the refcount is get in\nfwnode_mdiobus_phy_device_register(), but it has never been\nput when the device is freed in the normal path. So call\nfwnode_handle_put() in phy_device_release() to avoid leak.\n\nIf it\u0027s an acpi node, it has never been get, but it\u0027s put\nin the error path, so call fwnode_handle_get() before\nphy_device_register() to keep get/put operation balanced."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:08.125Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/543d917f691ab06885ee779c862065899eaa4251"
},
{
"url": "https://git.kernel.org/stable/c/2708b357440427d6a9fee667eb7b8307f4625adc"
},
{
"url": "https://git.kernel.org/stable/c/cdde1560118f82498fc9e9a7c1ef7f0ef7755891"
}
],
"title": "net: mdiobus: fix unbalanced node reference count",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49016",
"datePublished": "2024-10-21T20:06:25.294Z",
"dateReserved": "2024-08-22T01:27:53.645Z",
"dateUpdated": "2025-05-04T08:28:08.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50024 (GCVE-0-2024-50024)
Vulnerability from cvelistv5 – Published: 2024-10-21 19:39 – Updated: 2025-11-03 22:24
VLAI?
EPSS
Title
net: Fix an unsafe loop on the list
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: Fix an unsafe loop on the list
The kernel may crash when deleting a genetlink family if there are still
listeners for that family:
Oops: Kernel access of bad area, sig: 11 [#1]
...
NIP [c000000000c080bc] netlink_update_socket_mc+0x3c/0xc0
LR [c000000000c0f764] __netlink_clear_multicast_users+0x74/0xc0
Call Trace:
__netlink_clear_multicast_users+0x74/0xc0
genl_unregister_family+0xd4/0x2d0
Change the unsafe loop on the list to a safe one, because inside the
loop there is an element removal from this list.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
b8273570f802a7658827dcb077b0b517ba75a289 , < 464801a0f6ccb52b21faa33bac6014fd74cc5e10
(git)
Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 8e0766fcf37ad8eed289dd3853628dd9b01b58b0 (git) Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 68ad5da6ca630a276f0a5c924179e57724d00013 (git) Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 1cdec792b2450105b1314c5123a9a0452cb2c2f0 (git) Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 5f03a7f601f33cda1f710611625235dc86fd8a9e (git) Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 3be342e0332a7c83eb26fbb22bf156fdca467a5d (git) Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 49f9b726bf2bf3dd2caf0d27cadf4bc1ccf7a7dd (git) Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 1dae9f1187189bc09ff6d25ca97ead711f7e26f9 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:27:00.388543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:46.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:24:35.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/sock.h",
"net/netlink/af_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "464801a0f6ccb52b21faa33bac6014fd74cc5e10",
"status": "affected",
"version": "b8273570f802a7658827dcb077b0b517ba75a289",
"versionType": "git"
},
{
"lessThan": "8e0766fcf37ad8eed289dd3853628dd9b01b58b0",
"status": "affected",
"version": "b8273570f802a7658827dcb077b0b517ba75a289",
"versionType": "git"
},
{
"lessThan": "68ad5da6ca630a276f0a5c924179e57724d00013",
"status": "affected",
"version": "b8273570f802a7658827dcb077b0b517ba75a289",
"versionType": "git"
},
{
"lessThan": "1cdec792b2450105b1314c5123a9a0452cb2c2f0",
"status": "affected",
"version": "b8273570f802a7658827dcb077b0b517ba75a289",
"versionType": "git"
},
{
"lessThan": "5f03a7f601f33cda1f710611625235dc86fd8a9e",
"status": "affected",
"version": "b8273570f802a7658827dcb077b0b517ba75a289",
"versionType": "git"
},
{
"lessThan": "3be342e0332a7c83eb26fbb22bf156fdca467a5d",
"status": "affected",
"version": "b8273570f802a7658827dcb077b0b517ba75a289",
"versionType": "git"
},
{
"lessThan": "49f9b726bf2bf3dd2caf0d27cadf4bc1ccf7a7dd",
"status": "affected",
"version": "b8273570f802a7658827dcb077b0b517ba75a289",
"versionType": "git"
},
{
"lessThan": "1dae9f1187189bc09ff6d25ca97ead711f7e26f9",
"status": "affected",
"version": "b8273570f802a7658827dcb077b0b517ba75a289",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/sock.h",
"net/netlink/af_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.32"
},
{
"lessThan": "2.6.32",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.57",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.57",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.4",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix an unsafe loop on the list\n\nThe kernel may crash when deleting a genetlink family if there are still\nlisteners for that family:\n\nOops: Kernel access of bad area, sig: 11 [#1]\n ...\n NIP [c000000000c080bc] netlink_update_socket_mc+0x3c/0xc0\n LR [c000000000c0f764] __netlink_clear_multicast_users+0x74/0xc0\n Call Trace:\n__netlink_clear_multicast_users+0x74/0xc0\ngenl_unregister_family+0xd4/0x2d0\n\nChange the unsafe loop on the list to a safe one, because inside the\nloop there is an element removal from this list."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:44:03.890Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/464801a0f6ccb52b21faa33bac6014fd74cc5e10"
},
{
"url": "https://git.kernel.org/stable/c/8e0766fcf37ad8eed289dd3853628dd9b01b58b0"
},
{
"url": "https://git.kernel.org/stable/c/68ad5da6ca630a276f0a5c924179e57724d00013"
},
{
"url": "https://git.kernel.org/stable/c/1cdec792b2450105b1314c5123a9a0452cb2c2f0"
},
{
"url": "https://git.kernel.org/stable/c/5f03a7f601f33cda1f710611625235dc86fd8a9e"
},
{
"url": "https://git.kernel.org/stable/c/3be342e0332a7c83eb26fbb22bf156fdca467a5d"
},
{
"url": "https://git.kernel.org/stable/c/49f9b726bf2bf3dd2caf0d27cadf4bc1ccf7a7dd"
},
{
"url": "https://git.kernel.org/stable/c/1dae9f1187189bc09ff6d25ca97ead711f7e26f9"
}
],
"title": "net: Fix an unsafe loop on the list",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50024",
"datePublished": "2024-10-21T19:39:29.203Z",
"dateReserved": "2024-10-21T12:17:06.065Z",
"dateUpdated": "2025-11-03T22:24:35.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48960 (GCVE-0-2022-48960)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:26
VLAI?
EPSS
Title
net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
The skb is delivered to napi_gro_receive() which may free it, after
calling this, dereferencing skb may trigger use-after-free.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
57c5bc9ad7d799e9507ba6e993398d2c55f03fab , < 179499e7a240b2ef590f05eb379c810c26bbc8a4
(git)
Affected: 57c5bc9ad7d799e9507ba6e993398d2c55f03fab , < 8067cd244cea2c332f8326842fd10158fa2cb64f (git) Affected: 57c5bc9ad7d799e9507ba6e993398d2c55f03fab , < 3a4eddd1cb023a71df4152fcc76092953e6fe95a (git) Affected: 57c5bc9ad7d799e9507ba6e993398d2c55f03fab , < 1b6360a093ab8969c91a30bb58b753282e2ced4c (git) Affected: 57c5bc9ad7d799e9507ba6e993398d2c55f03fab , < 93aaa4bb72e388f6a4887541fd3d18b84f1b5ddc (git) Affected: 57c5bc9ad7d799e9507ba6e993398d2c55f03fab , < b8ce0e6f9f88a6bb49d291498377e61ea27a5387 (git) Affected: 57c5bc9ad7d799e9507ba6e993398d2c55f03fab , < b6307f7a2fc1c5407b6176f2af34a95214a8c262 (git) Affected: 57c5bc9ad7d799e9507ba6e993398d2c55f03fab , < 433c07a13f59856e4585e89e86b7d4cc59348fab (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:20:30.429141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:39.279Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hix5hd2_gmac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "179499e7a240b2ef590f05eb379c810c26bbc8a4",
"status": "affected",
"version": "57c5bc9ad7d799e9507ba6e993398d2c55f03fab",
"versionType": "git"
},
{
"lessThan": "8067cd244cea2c332f8326842fd10158fa2cb64f",
"status": "affected",
"version": "57c5bc9ad7d799e9507ba6e993398d2c55f03fab",
"versionType": "git"
},
{
"lessThan": "3a4eddd1cb023a71df4152fcc76092953e6fe95a",
"status": "affected",
"version": "57c5bc9ad7d799e9507ba6e993398d2c55f03fab",
"versionType": "git"
},
{
"lessThan": "1b6360a093ab8969c91a30bb58b753282e2ced4c",
"status": "affected",
"version": "57c5bc9ad7d799e9507ba6e993398d2c55f03fab",
"versionType": "git"
},
{
"lessThan": "93aaa4bb72e388f6a4887541fd3d18b84f1b5ddc",
"status": "affected",
"version": "57c5bc9ad7d799e9507ba6e993398d2c55f03fab",
"versionType": "git"
},
{
"lessThan": "b8ce0e6f9f88a6bb49d291498377e61ea27a5387",
"status": "affected",
"version": "57c5bc9ad7d799e9507ba6e993398d2c55f03fab",
"versionType": "git"
},
{
"lessThan": "b6307f7a2fc1c5407b6176f2af34a95214a8c262",
"status": "affected",
"version": "57c5bc9ad7d799e9507ba6e993398d2c55f03fab",
"versionType": "git"
},
{
"lessThan": "433c07a13f59856e4585e89e86b7d4cc59348fab",
"status": "affected",
"version": "57c5bc9ad7d799e9507ba6e993398d2c55f03fab",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hix5hd2_gmac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.16"
},
{
"lessThan": "3.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.336",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.336",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.302",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.269",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "3.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hisilicon: Fix potential use-after-free in hix5hd2_rx()\n\nThe skb is delivered to napi_gro_receive() which may free it, after\ncalling this, dereferencing skb may trigger use-after-free."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:58.343Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/179499e7a240b2ef590f05eb379c810c26bbc8a4"
},
{
"url": "https://git.kernel.org/stable/c/8067cd244cea2c332f8326842fd10158fa2cb64f"
},
{
"url": "https://git.kernel.org/stable/c/3a4eddd1cb023a71df4152fcc76092953e6fe95a"
},
{
"url": "https://git.kernel.org/stable/c/1b6360a093ab8969c91a30bb58b753282e2ced4c"
},
{
"url": "https://git.kernel.org/stable/c/93aaa4bb72e388f6a4887541fd3d18b84f1b5ddc"
},
{
"url": "https://git.kernel.org/stable/c/b8ce0e6f9f88a6bb49d291498377e61ea27a5387"
},
{
"url": "https://git.kernel.org/stable/c/b6307f7a2fc1c5407b6176f2af34a95214a8c262"
},
{
"url": "https://git.kernel.org/stable/c/433c07a13f59856e4585e89e86b7d4cc59348fab"
}
],
"title": "net: hisilicon: Fix potential use-after-free in hix5hd2_rx()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48960",
"datePublished": "2024-10-21T20:05:45.167Z",
"dateReserved": "2024-08-22T01:27:53.627Z",
"dateUpdated": "2025-05-04T08:26:58.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49959 (GCVE-0-2024-49959)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
Summary
In the Linux kernel, the following vulnerability has been resolved:
jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
In __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail()
to recover some journal space. But if an error occurs while executing
jbd2_cleanup_journal_tail() (e.g., an EIO), we don't stop waiting for free
space right away, we try other branches, and if j_committing_transaction
is NULL (i.e., the tid is 0), we will get the following complain:
============================================
JBD2: I/O error when updating journal superblock for sdd-8.
__jbd2_log_wait_for_space: needed 256 blocks and only had 217 space available
__jbd2_log_wait_for_space: no way to get more journal space in sdd-8
------------[ cut here ]------------
WARNING: CPU: 2 PID: 139804 at fs/jbd2/checkpoint.c:109 __jbd2_log_wait_for_space+0x251/0x2e0
Modules linked in:
CPU: 2 PID: 139804 Comm: kworker/u8:3 Not tainted 6.6.0+ #1
RIP: 0010:__jbd2_log_wait_for_space+0x251/0x2e0
Call Trace:
<TASK>
add_transaction_credits+0x5d1/0x5e0
start_this_handle+0x1ef/0x6a0
jbd2__journal_start+0x18b/0x340
ext4_dirty_inode+0x5d/0xb0
__mark_inode_dirty+0xe4/0x5d0
generic_update_time+0x60/0x70
[...]
============================================
So only if jbd2_cleanup_journal_tail() returns 1, i.e., there is nothing to
clean up at the moment, continue to try to reclaim free space in other ways.
Note that this fix relies on commit 6f6a6fda2945 ("jbd2: fix ocfs2 corrupt
when updating journal superblock fails") to make jbd2_cleanup_journal_tail
return the correct error code.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < 801a35dfef6996f3d5eaa96a59caf00440d9165e
(git)
Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < d5dc65370a746750dbb2f03eabcf86b18db65f32 (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < 481e8f18a290e39e04ddb7feb2bb2a2cc3b213ed (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < ec7f8337c98ad281020ad1f11ba492462d80737a (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < 70bae48377a2c4296fd3caf4caf8f11079111019 (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < 1c62dc0d82c62f0dc8fcdc4843208e522acccaf5 (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < 3ced0fe6c0eff032733ea8b38778b34707270138 (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < c6bf043b210eac67d35a114e345c4e5585672913 (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < f5cacdc6f2bb2a9bf214469dd7112b43dd2dd68a (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49959",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:35:21.788104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:47.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:39.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jbd2/checkpoint.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "801a35dfef6996f3d5eaa96a59caf00440d9165e",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "d5dc65370a746750dbb2f03eabcf86b18db65f32",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "481e8f18a290e39e04ddb7feb2bb2a2cc3b213ed",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "ec7f8337c98ad281020ad1f11ba492462d80737a",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "70bae48377a2c4296fd3caf4caf8f11079111019",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "1c62dc0d82c62f0dc8fcdc4843208e522acccaf5",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "3ced0fe6c0eff032733ea8b38778b34707270138",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "c6bf043b210eac67d35a114e345c4e5585672913",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "f5cacdc6f2bb2a9bf214469dd7112b43dd2dd68a",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jbd2/checkpoint.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.28"
},
{
"lessThan": "2.6.28",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error\n\nIn __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail()\nto recover some journal space. But if an error occurs while executing\njbd2_cleanup_journal_tail() (e.g., an EIO), we don\u0027t stop waiting for free\nspace right away, we try other branches, and if j_committing_transaction\nis NULL (i.e., the tid is 0), we will get the following complain:\n\n============================================\nJBD2: I/O error when updating journal superblock for sdd-8.\n__jbd2_log_wait_for_space: needed 256 blocks and only had 217 space available\n__jbd2_log_wait_for_space: no way to get more journal space in sdd-8\n------------[ cut here ]------------\nWARNING: CPU: 2 PID: 139804 at fs/jbd2/checkpoint.c:109 __jbd2_log_wait_for_space+0x251/0x2e0\nModules linked in:\nCPU: 2 PID: 139804 Comm: kworker/u8:3 Not tainted 6.6.0+ #1\nRIP: 0010:__jbd2_log_wait_for_space+0x251/0x2e0\nCall Trace:\n \u003cTASK\u003e\n add_transaction_credits+0x5d1/0x5e0\n start_this_handle+0x1ef/0x6a0\n jbd2__journal_start+0x18b/0x340\n ext4_dirty_inode+0x5d/0xb0\n __mark_inode_dirty+0xe4/0x5d0\n generic_update_time+0x60/0x70\n[...]\n============================================\n\nSo only if jbd2_cleanup_journal_tail() returns 1, i.e., there is nothing to\nclean up at the moment, continue to try to reclaim free space in other ways.\n\nNote that this fix relies on commit 6f6a6fda2945 (\"jbd2: fix ocfs2 corrupt\nwhen updating journal superblock fails\") to make jbd2_cleanup_journal_tail\nreturn the correct error code."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:42:22.577Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/801a35dfef6996f3d5eaa96a59caf00440d9165e"
},
{
"url": "https://git.kernel.org/stable/c/d5dc65370a746750dbb2f03eabcf86b18db65f32"
},
{
"url": "https://git.kernel.org/stable/c/481e8f18a290e39e04ddb7feb2bb2a2cc3b213ed"
},
{
"url": "https://git.kernel.org/stable/c/ec7f8337c98ad281020ad1f11ba492462d80737a"
},
{
"url": "https://git.kernel.org/stable/c/70bae48377a2c4296fd3caf4caf8f11079111019"
},
{
"url": "https://git.kernel.org/stable/c/1c62dc0d82c62f0dc8fcdc4843208e522acccaf5"
},
{
"url": "https://git.kernel.org/stable/c/3ced0fe6c0eff032733ea8b38778b34707270138"
},
{
"url": "https://git.kernel.org/stable/c/c6bf043b210eac67d35a114e345c4e5585672913"
},
{
"url": "https://git.kernel.org/stable/c/f5cacdc6f2bb2a9bf214469dd7112b43dd2dd68a"
}
],
"title": "jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49959",
"datePublished": "2024-10-21T18:02:12.355Z",
"dateReserved": "2024-10-21T12:17:06.049Z",
"dateUpdated": "2025-11-03T22:23:39.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46716 (GCVE-0-2024-46716)
Vulnerability from cvelistv5 – Published: 2024-09-18 06:32 – Updated: 2026-01-05 10:52
VLAI?
EPSS
Title
dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor
Remove list_del call in msgdma_chan_desc_cleanup, this should be the role
of msgdma_free_descriptor. In consequence replace list_add_tail with
list_move_tail in msgdma_free_descriptor.
This fixes the path:
msgdma_free_chan_resources -> msgdma_free_descriptors ->
msgdma_free_desc_list -> msgdma_free_descriptor
which does not correctly free the descriptors as first nodes were not
removed from the list.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
a85c6f1b2921cbd2f54666a52804f407c4a064fe , < a3480e59fdbe5585d2d1eff0bed7671583acf725
(git)
Affected: a85c6f1b2921cbd2f54666a52804f407c4a064fe , < 20bf2920a869f9dbda0ef8c94c87d1901a64a716 (git) Affected: a85c6f1b2921cbd2f54666a52804f407c4a064fe , < db67686676c7becc1910bf1d6d51505876821863 (git) Affected: a85c6f1b2921cbd2f54666a52804f407c4a064fe , < 54e4ada1a4206f878e345ae01cf37347d803d1b1 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:58:09.271369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:58:23.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:16:48.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/altera-msgdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a3480e59fdbe5585d2d1eff0bed7671583acf725",
"status": "affected",
"version": "a85c6f1b2921cbd2f54666a52804f407c4a064fe",
"versionType": "git"
},
{
"lessThan": "20bf2920a869f9dbda0ef8c94c87d1901a64a716",
"status": "affected",
"version": "a85c6f1b2921cbd2f54666a52804f407c4a064fe",
"versionType": "git"
},
{
"lessThan": "db67686676c7becc1910bf1d6d51505876821863",
"status": "affected",
"version": "a85c6f1b2921cbd2f54666a52804f407c4a064fe",
"versionType": "git"
},
{
"lessThan": "54e4ada1a4206f878e345ae01cf37347d803d1b1",
"status": "affected",
"version": "a85c6f1b2921cbd2f54666a52804f407c4a064fe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/altera-msgdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.50",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.109",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.50",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor\n\nRemove list_del call in msgdma_chan_desc_cleanup, this should be the role\nof msgdma_free_descriptor. In consequence replace list_add_tail with\nlist_move_tail in msgdma_free_descriptor.\n\nThis fixes the path:\n msgdma_free_chan_resources -\u003e msgdma_free_descriptors -\u003e\n msgdma_free_desc_list -\u003e msgdma_free_descriptor\n\nwhich does not correctly free the descriptors as first nodes were not\nremoved from the list."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:52:51.496Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725"
},
{
"url": "https://git.kernel.org/stable/c/20bf2920a869f9dbda0ef8c94c87d1901a64a716"
},
{
"url": "https://git.kernel.org/stable/c/db67686676c7becc1910bf1d6d51505876821863"
},
{
"url": "https://git.kernel.org/stable/c/54e4ada1a4206f878e345ae01cf37347d803d1b1"
}
],
"title": "dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46716",
"datePublished": "2024-09-18T06:32:16.084Z",
"dateReserved": "2024-09-11T15:12:18.254Z",
"dateUpdated": "2026-01-05T10:52:51.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49020 (GCVE-0-2022-49020)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
net/9p: Fix a potential socket leak in p9_socket_open
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/9p: Fix a potential socket leak in p9_socket_open
Both p9_fd_create_tcp() and p9_fd_create_unix() will call
p9_socket_open(). If the creation of p9_trans_fd fails,
p9_fd_create_tcp() and p9_fd_create_unix() will return an
error directly instead of releasing the cscoket, which will
result in a socket leak.
This patch adds sock_release() to fix the leak issue.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
6b18662e239a032f908b7f6e164bdf7e2e0a32c9 , < 0396227f4daf4792a6a8aaa3b7771dc25c4cd443
(git)
Affected: 6b18662e239a032f908b7f6e164bdf7e2e0a32c9 , < ded893965b895b2dccd3d1436d8d3daffa23ea64 (git) Affected: 6b18662e239a032f908b7f6e164bdf7e2e0a32c9 , < 8b14bd0b500aec1458b51cb621c8e5fab3304260 (git) Affected: 6b18662e239a032f908b7f6e164bdf7e2e0a32c9 , < 2d24d91b9f44620824fc37b766f7cae00ca32748 (git) Affected: 6b18662e239a032f908b7f6e164bdf7e2e0a32c9 , < e01c1542379fb395e7da53706df598f38905dfbf (git) Affected: 6b18662e239a032f908b7f6e164bdf7e2e0a32c9 , < 8782b32ef867de7981bbe9e86ecb90e92e8780bd (git) Affected: 6b18662e239a032f908b7f6e164bdf7e2e0a32c9 , < aa08323fe18cb7cf95317ffa2d54ca1de8e74ebd (git) Affected: 6b18662e239a032f908b7f6e164bdf7e2e0a32c9 , < dcc14cfd7debe11b825cb077e75d91d2575b4cb8 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:12:42.990180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:37.309Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/9p/trans_fd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0396227f4daf4792a6a8aaa3b7771dc25c4cd443",
"status": "affected",
"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9",
"versionType": "git"
},
{
"lessThan": "ded893965b895b2dccd3d1436d8d3daffa23ea64",
"status": "affected",
"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9",
"versionType": "git"
},
{
"lessThan": "8b14bd0b500aec1458b51cb621c8e5fab3304260",
"status": "affected",
"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9",
"versionType": "git"
},
{
"lessThan": "2d24d91b9f44620824fc37b766f7cae00ca32748",
"status": "affected",
"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9",
"versionType": "git"
},
{
"lessThan": "e01c1542379fb395e7da53706df598f38905dfbf",
"status": "affected",
"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9",
"versionType": "git"
},
{
"lessThan": "8782b32ef867de7981bbe9e86ecb90e92e8780bd",
"status": "affected",
"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9",
"versionType": "git"
},
{
"lessThan": "aa08323fe18cb7cf95317ffa2d54ca1de8e74ebd",
"status": "affected",
"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9",
"versionType": "git"
},
{
"lessThan": "dcc14cfd7debe11b825cb077e75d91d2575b4cb8",
"status": "affected",
"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/9p/trans_fd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.33"
},
{
"lessThan": "2.6.33",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.335",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.301",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.335",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.301",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.268",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "2.6.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: Fix a potential socket leak in p9_socket_open\n\nBoth p9_fd_create_tcp() and p9_fd_create_unix() will call\np9_socket_open(). If the creation of p9_trans_fd fails,\np9_fd_create_tcp() and p9_fd_create_unix() will return an\nerror directly instead of releasing the cscoket, which will\nresult in a socket leak.\n\nThis patch adds sock_release() to fix the leak issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:13.138Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0396227f4daf4792a6a8aaa3b7771dc25c4cd443"
},
{
"url": "https://git.kernel.org/stable/c/ded893965b895b2dccd3d1436d8d3daffa23ea64"
},
{
"url": "https://git.kernel.org/stable/c/8b14bd0b500aec1458b51cb621c8e5fab3304260"
},
{
"url": "https://git.kernel.org/stable/c/2d24d91b9f44620824fc37b766f7cae00ca32748"
},
{
"url": "https://git.kernel.org/stable/c/e01c1542379fb395e7da53706df598f38905dfbf"
},
{
"url": "https://git.kernel.org/stable/c/8782b32ef867de7981bbe9e86ecb90e92e8780bd"
},
{
"url": "https://git.kernel.org/stable/c/aa08323fe18cb7cf95317ffa2d54ca1de8e74ebd"
},
{
"url": "https://git.kernel.org/stable/c/dcc14cfd7debe11b825cb077e75d91d2575b4cb8"
}
],
"title": "net/9p: Fix a potential socket leak in p9_socket_open",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49020",
"datePublished": "2024-10-21T20:06:27.976Z",
"dateReserved": "2024-08-22T01:27:53.649Z",
"dateUpdated": "2025-05-04T08:28:13.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49002 (GCVE-0-2022-49002)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
for_each_pci_dev() is implemented by pci_get_device(). The comment of
pci_get_device() says that it will increase the reference count for the
returned pci_dev and also decrease the reference count for the input
pci_dev @from if it is not NULL.
If we break for_each_pci_dev() loop with pdev not NULL, we need to call
pci_dev_put() to decrease the reference count. Add the missing
pci_dev_put() for the error path to avoid reference count leak.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
2e45528930388658603ea24d49cf52867b928d3e , < d47bc9d7bcdbb9adc9703513d964b514fee5b0bf
(git)
Affected: 2e45528930388658603ea24d49cf52867b928d3e , < 71c4a621985fc051ab86d3a86c749069a993fcb2 (git) Affected: 2e45528930388658603ea24d49cf52867b928d3e , < 876d7bfb89273997056220029ff12b1c2cc4691d (git) Affected: 2e45528930388658603ea24d49cf52867b928d3e , < cbdd83bd2fd67142b03ce9dbdd1eab322ff7321f (git) Affected: 2e45528930388658603ea24d49cf52867b928d3e , < a5c65cd56aed027f8a97fda8b691caaeb66d115e (git) Affected: 2e45528930388658603ea24d49cf52867b928d3e , < bdb613ef179ad4bb9d56a2533e9b30e434f1dfb7 (git) Affected: 2e45528930388658603ea24d49cf52867b928d3e , < 2a8f7b90681472948de172dbbf5a54cd342870aa (git) Affected: 2e45528930388658603ea24d49cf52867b928d3e , < 4bedbbd782ebbe7287231fea862c158d4f08a9e3 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:15:03.202654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:40.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/intel/dmar.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d47bc9d7bcdbb9adc9703513d964b514fee5b0bf",
"status": "affected",
"version": "2e45528930388658603ea24d49cf52867b928d3e",
"versionType": "git"
},
{
"lessThan": "71c4a621985fc051ab86d3a86c749069a993fcb2",
"status": "affected",
"version": "2e45528930388658603ea24d49cf52867b928d3e",
"versionType": "git"
},
{
"lessThan": "876d7bfb89273997056220029ff12b1c2cc4691d",
"status": "affected",
"version": "2e45528930388658603ea24d49cf52867b928d3e",
"versionType": "git"
},
{
"lessThan": "cbdd83bd2fd67142b03ce9dbdd1eab322ff7321f",
"status": "affected",
"version": "2e45528930388658603ea24d49cf52867b928d3e",
"versionType": "git"
},
{
"lessThan": "a5c65cd56aed027f8a97fda8b691caaeb66d115e",
"status": "affected",
"version": "2e45528930388658603ea24d49cf52867b928d3e",
"versionType": "git"
},
{
"lessThan": "bdb613ef179ad4bb9d56a2533e9b30e434f1dfb7",
"status": "affected",
"version": "2e45528930388658603ea24d49cf52867b928d3e",
"versionType": "git"
},
{
"lessThan": "2a8f7b90681472948de172dbbf5a54cd342870aa",
"status": "affected",
"version": "2e45528930388658603ea24d49cf52867b928d3e",
"versionType": "git"
},
{
"lessThan": "4bedbbd782ebbe7287231fea862c158d4f08a9e3",
"status": "affected",
"version": "2e45528930388658603ea24d49cf52867b928d3e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/intel/dmar.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.15"
},
{
"lessThan": "3.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.335",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.301",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.335",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.301",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.268",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "3.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()\n\nfor_each_pci_dev() is implemented by pci_get_device(). The comment of\npci_get_device() says that it will increase the reference count for the\nreturned pci_dev and also decrease the reference count for the input\npci_dev @from if it is not NULL.\n\nIf we break for_each_pci_dev() loop with pdev not NULL, we need to call\npci_dev_put() to decrease the reference count. Add the missing\npci_dev_put() for the error path to avoid reference count leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:50.143Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d47bc9d7bcdbb9adc9703513d964b514fee5b0bf"
},
{
"url": "https://git.kernel.org/stable/c/71c4a621985fc051ab86d3a86c749069a993fcb2"
},
{
"url": "https://git.kernel.org/stable/c/876d7bfb89273997056220029ff12b1c2cc4691d"
},
{
"url": "https://git.kernel.org/stable/c/cbdd83bd2fd67142b03ce9dbdd1eab322ff7321f"
},
{
"url": "https://git.kernel.org/stable/c/a5c65cd56aed027f8a97fda8b691caaeb66d115e"
},
{
"url": "https://git.kernel.org/stable/c/bdb613ef179ad4bb9d56a2533e9b30e434f1dfb7"
},
{
"url": "https://git.kernel.org/stable/c/2a8f7b90681472948de172dbbf5a54cd342870aa"
},
{
"url": "https://git.kernel.org/stable/c/4bedbbd782ebbe7287231fea862c158d4f08a9e3"
}
],
"title": "iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49002",
"datePublished": "2024-10-21T20:06:16.093Z",
"dateReserved": "2024-08-22T01:27:53.642Z",
"dateUpdated": "2025-05-04T08:27:50.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49851 (GCVE-0-2024-49851)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:18 – Updated: 2025-11-03 22:22
VLAI?
EPSS
Title
tpm: Clean up TPM space after command failure
Summary
In the Linux kernel, the following vulnerability has been resolved:
tpm: Clean up TPM space after command failure
tpm_dev_transmit prepares the TPM space before attempting command
transmission. However if the command fails no rollback of this
preparation is done. This can result in transient handles being leaked
if the device is subsequently closed with no further commands performed.
Fix this by flushing the space in the event of command transmission
failure.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
745b361e989af21ad40811c2586b60229f870a68 , < 87e8134c18977b566f4ec248c8a147244da69402
(git)
Affected: 745b361e989af21ad40811c2586b60229f870a68 , < 2c9b228938e9266a1065a3f4fe5c99b7235dc439 (git) Affected: 745b361e989af21ad40811c2586b60229f870a68 , < ebc4e1f4492d114f9693950621b3ea42b2f82bec (git) Affected: 745b361e989af21ad40811c2586b60229f870a68 , < c84ceb546f30432fccea4891163f7050f5bee5dd (git) Affected: 745b361e989af21ad40811c2586b60229f870a68 , < 82478cb8a23bd4f97935bbe60d64528c6d9918b4 (git) Affected: 745b361e989af21ad40811c2586b60229f870a68 , < adf4ce162561222338cf2c9a2caa294527f7f721 (git) Affected: 745b361e989af21ad40811c2586b60229f870a68 , < 3f9f72d843c92fb6f4ff7460d774413cde7f254c (git) Affected: 745b361e989af21ad40811c2586b60229f870a68 , < e3aaebcbb7c6b403416f442d1de70d437ce313a7 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:56:54.610460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:11.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:18.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/char/tpm/tpm-dev-common.c",
"drivers/char/tpm/tpm2-space.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "87e8134c18977b566f4ec248c8a147244da69402",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
},
{
"lessThan": "2c9b228938e9266a1065a3f4fe5c99b7235dc439",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
},
{
"lessThan": "ebc4e1f4492d114f9693950621b3ea42b2f82bec",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
},
{
"lessThan": "c84ceb546f30432fccea4891163f7050f5bee5dd",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
},
{
"lessThan": "82478cb8a23bd4f97935bbe60d64528c6d9918b4",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
},
{
"lessThan": "adf4ce162561222338cf2c9a2caa294527f7f721",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
},
{
"lessThan": "3f9f72d843c92fb6f4ff7460d774413cde7f254c",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
},
{
"lessThan": "e3aaebcbb7c6b403416f442d1de70d437ce313a7",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/char/tpm/tpm-dev-common.c",
"drivers/char/tpm/tpm2-space.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Clean up TPM space after command failure\n\ntpm_dev_transmit prepares the TPM space before attempting command\ntransmission. However if the command fails no rollback of this\npreparation is done. This can result in transient handles being leaked\nif the device is subsequently closed with no further commands performed.\n\nFix this by flushing the space in the event of command transmission\nfailure."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:39:31.728Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/87e8134c18977b566f4ec248c8a147244da69402"
},
{
"url": "https://git.kernel.org/stable/c/2c9b228938e9266a1065a3f4fe5c99b7235dc439"
},
{
"url": "https://git.kernel.org/stable/c/ebc4e1f4492d114f9693950621b3ea42b2f82bec"
},
{
"url": "https://git.kernel.org/stable/c/c84ceb546f30432fccea4891163f7050f5bee5dd"
},
{
"url": "https://git.kernel.org/stable/c/82478cb8a23bd4f97935bbe60d64528c6d9918b4"
},
{
"url": "https://git.kernel.org/stable/c/adf4ce162561222338cf2c9a2caa294527f7f721"
},
{
"url": "https://git.kernel.org/stable/c/3f9f72d843c92fb6f4ff7460d774413cde7f254c"
},
{
"url": "https://git.kernel.org/stable/c/e3aaebcbb7c6b403416f442d1de70d437ce313a7"
}
],
"title": "tpm: Clean up TPM space after command failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49851",
"datePublished": "2024-10-21T12:18:44.742Z",
"dateReserved": "2024-10-21T12:17:06.015Z",
"dateUpdated": "2025-11-03T22:22:18.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49015 (GCVE-0-2022-49015)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
net: hsr: Fix potential use-after-free
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: hsr: Fix potential use-after-free
The skb is delivered to netif_rx() which may free it, after calling this,
dereferencing skb may trigger use-after-free.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
f421436a591d34fa5279b54a96ac07d70250cc8d , < 8393ce5040803666bfa26a3a7bf41e44fab0ace9
(git)
Affected: f421436a591d34fa5279b54a96ac07d70250cc8d , < 4b351609af4fdbc23f79ab2b12748f4403ea9af4 (git) Affected: f421436a591d34fa5279b54a96ac07d70250cc8d , < b35d899854d5d5d58eb7d7e7c0f61afc60d3a9e9 (git) Affected: f421436a591d34fa5279b54a96ac07d70250cc8d , < 53a62c5efe91665f7a41fad0f888a96f94dc59eb (git) Affected: f421436a591d34fa5279b54a96ac07d70250cc8d , < 7ca81a161e406834a1fdc405fc83a572bd14b8d9 (git) Affected: f421436a591d34fa5279b54a96ac07d70250cc8d , < dca370e575d9b6c983f5015e8dc035e23e219ee6 (git) Affected: f421436a591d34fa5279b54a96ac07d70250cc8d , < f3add2b8cf620966de3ebfa07679ca12d33ec26f (git) Affected: f421436a591d34fa5279b54a96ac07d70250cc8d , < 7e177d32442b7ed08a9fa61b61724abc548cb248 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49015",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:13:21.187546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:38.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/hsr/hsr_forward.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8393ce5040803666bfa26a3a7bf41e44fab0ace9",
"status": "affected",
"version": "f421436a591d34fa5279b54a96ac07d70250cc8d",
"versionType": "git"
},
{
"lessThan": "4b351609af4fdbc23f79ab2b12748f4403ea9af4",
"status": "affected",
"version": "f421436a591d34fa5279b54a96ac07d70250cc8d",
"versionType": "git"
},
{
"lessThan": "b35d899854d5d5d58eb7d7e7c0f61afc60d3a9e9",
"status": "affected",
"version": "f421436a591d34fa5279b54a96ac07d70250cc8d",
"versionType": "git"
},
{
"lessThan": "53a62c5efe91665f7a41fad0f888a96f94dc59eb",
"status": "affected",
"version": "f421436a591d34fa5279b54a96ac07d70250cc8d",
"versionType": "git"
},
{
"lessThan": "7ca81a161e406834a1fdc405fc83a572bd14b8d9",
"status": "affected",
"version": "f421436a591d34fa5279b54a96ac07d70250cc8d",
"versionType": "git"
},
{
"lessThan": "dca370e575d9b6c983f5015e8dc035e23e219ee6",
"status": "affected",
"version": "f421436a591d34fa5279b54a96ac07d70250cc8d",
"versionType": "git"
},
{
"lessThan": "f3add2b8cf620966de3ebfa07679ca12d33ec26f",
"status": "affected",
"version": "f421436a591d34fa5279b54a96ac07d70250cc8d",
"versionType": "git"
},
{
"lessThan": "7e177d32442b7ed08a9fa61b61724abc548cb248",
"status": "affected",
"version": "f421436a591d34fa5279b54a96ac07d70250cc8d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/hsr/hsr_forward.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.13"
},
{
"lessThan": "3.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.335",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.301",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.335",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.301",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.268",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: Fix potential use-after-free\n\nThe skb is delivered to netif_rx() which may free it, after calling this,\ndereferencing skb may trigger use-after-free."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:06.960Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8393ce5040803666bfa26a3a7bf41e44fab0ace9"
},
{
"url": "https://git.kernel.org/stable/c/4b351609af4fdbc23f79ab2b12748f4403ea9af4"
},
{
"url": "https://git.kernel.org/stable/c/b35d899854d5d5d58eb7d7e7c0f61afc60d3a9e9"
},
{
"url": "https://git.kernel.org/stable/c/53a62c5efe91665f7a41fad0f888a96f94dc59eb"
},
{
"url": "https://git.kernel.org/stable/c/7ca81a161e406834a1fdc405fc83a572bd14b8d9"
},
{
"url": "https://git.kernel.org/stable/c/dca370e575d9b6c983f5015e8dc035e23e219ee6"
},
{
"url": "https://git.kernel.org/stable/c/f3add2b8cf620966de3ebfa07679ca12d33ec26f"
},
{
"url": "https://git.kernel.org/stable/c/7e177d32442b7ed08a9fa61b61724abc548cb248"
}
],
"title": "net: hsr: Fix potential use-after-free",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49015",
"datePublished": "2024-10-21T20:06:24.668Z",
"dateReserved": "2024-08-22T01:27:53.645Z",
"dateUpdated": "2025-05-04T08:28:06.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50000 (GCVE-0-2024-50000)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:24
VLAI?
EPSS
Title
net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
In mlx5e_tir_builder_alloc() kvzalloc() may return NULL
which is dereferenced on the next line in a reference
to the modify field.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
a6696735d694b365bca45873e9dbca26120a8375 , < 4655456a64a0f936098c8432bac64e7176bd2aff
(git)
Affected: a6696735d694b365bca45873e9dbca26120a8375 , < b48ee5bb25c02ca2b81e0d16bf8af17ab6ed3f8b (git) Affected: a6696735d694b365bca45873e9dbca26120a8375 , < 0168ab6fbd9e50d20b97486168b604b2ab28a2ca (git) Affected: a6696735d694b365bca45873e9dbca26120a8375 , < 1bcc86cc721bea68980098f51f102aa2c2b9d932 (git) Affected: a6696735d694b365bca45873e9dbca26120a8375 , < 4d80dde26d7bab1320210279483ac854dcb274b2 (git) Affected: a6696735d694b365bca45873e9dbca26120a8375 , < f25389e779500cf4a59ef9804534237841bce536 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:30:05.793869Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:41.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:24:16.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en/tir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4655456a64a0f936098c8432bac64e7176bd2aff",
"status": "affected",
"version": "a6696735d694b365bca45873e9dbca26120a8375",
"versionType": "git"
},
{
"lessThan": "b48ee5bb25c02ca2b81e0d16bf8af17ab6ed3f8b",
"status": "affected",
"version": "a6696735d694b365bca45873e9dbca26120a8375",
"versionType": "git"
},
{
"lessThan": "0168ab6fbd9e50d20b97486168b604b2ab28a2ca",
"status": "affected",
"version": "a6696735d694b365bca45873e9dbca26120a8375",
"versionType": "git"
},
{
"lessThan": "1bcc86cc721bea68980098f51f102aa2c2b9d932",
"status": "affected",
"version": "a6696735d694b365bca45873e9dbca26120a8375",
"versionType": "git"
},
{
"lessThan": "4d80dde26d7bab1320210279483ac854dcb274b2",
"status": "affected",
"version": "a6696735d694b365bca45873e9dbca26120a8375",
"versionType": "git"
},
{
"lessThan": "f25389e779500cf4a59ef9804534237841bce536",
"status": "affected",
"version": "a6696735d694b365bca45873e9dbca26120a8375",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en/tir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()\n\nIn mlx5e_tir_builder_alloc() kvzalloc() may return NULL\nwhich is dereferenced on the next line in a reference\nto the modify field.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:43:28.451Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4655456a64a0f936098c8432bac64e7176bd2aff"
},
{
"url": "https://git.kernel.org/stable/c/b48ee5bb25c02ca2b81e0d16bf8af17ab6ed3f8b"
},
{
"url": "https://git.kernel.org/stable/c/0168ab6fbd9e50d20b97486168b604b2ab28a2ca"
},
{
"url": "https://git.kernel.org/stable/c/1bcc86cc721bea68980098f51f102aa2c2b9d932"
},
{
"url": "https://git.kernel.org/stable/c/4d80dde26d7bab1320210279483ac854dcb274b2"
},
{
"url": "https://git.kernel.org/stable/c/f25389e779500cf4a59ef9804534237841bce536"
}
],
"title": "net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50000",
"datePublished": "2024-10-21T18:02:39.600Z",
"dateReserved": "2024-10-21T12:17:06.057Z",
"dateUpdated": "2025-11-03T22:24:16.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46857 (GCVE-0-2024-46857)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:42 – Updated: 2025-11-03 22:19
VLAI?
EPSS
Title
net/mlx5: Fix bridge mode operations when there are no VFs
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix bridge mode operations when there are no VFs
Currently, trying to set the bridge mode attribute when numvfs=0 leads to a
crash:
bridge link set dev eth2 hwmode vepa
[ 168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030
[...]
[ 168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core]
[...]
[ 168.976037] Call Trace:
[ 168.976188] <TASK>
[ 168.978620] _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core]
[ 168.979074] mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core]
[ 168.979471] rtnl_bridge_setlink+0xe9/0x1f0
[ 168.979714] rtnetlink_rcv_msg+0x159/0x400
[ 168.980451] netlink_rcv_skb+0x54/0x100
[ 168.980675] netlink_unicast+0x241/0x360
[ 168.980918] netlink_sendmsg+0x1f6/0x430
[ 168.981162] ____sys_sendmsg+0x3bb/0x3f0
[ 168.982155] ___sys_sendmsg+0x88/0xd0
[ 168.985036] __sys_sendmsg+0x59/0xa0
[ 168.985477] do_syscall_64+0x79/0x150
[ 168.987273] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 168.987773] RIP: 0033:0x7f8f7950f917
(esw->fdb_table.legacy.vepa_fdb is null)
The bridge mode is only relevant when there are multiple functions per
port. Therefore, prevent setting and getting this setting when there are no
VFs.
Note that after this change, there are no settings to change on the PF
interface using `bridge link` when there are no VFs, so the interface no
longer appears in the `bridge link` output.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
4b89251de024fb85329e4cbd8fbea551ae6c665c , < 52c4beb79e095e0631b5cac46ed48a2aefe51985
(git)
Affected: 4b89251de024fb85329e4cbd8fbea551ae6c665c , < 65feee671e37f3b6eda0b6af28f204b5bcf7fa50 (git) Affected: 4b89251de024fb85329e4cbd8fbea551ae6c665c , < 505ae01f75f839b54329164bbfecf24cc1361b31 (git) Affected: 4b89251de024fb85329e4cbd8fbea551ae6c665c , < b1d305abef4640af1b4f1b4774d513cd81b10cfc (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46857",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T13:57:53.606649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T13:57:59.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:19:43.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/esw/legacy.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "52c4beb79e095e0631b5cac46ed48a2aefe51985",
"status": "affected",
"version": "4b89251de024fb85329e4cbd8fbea551ae6c665c",
"versionType": "git"
},
{
"lessThan": "65feee671e37f3b6eda0b6af28f204b5bcf7fa50",
"status": "affected",
"version": "4b89251de024fb85329e4cbd8fbea551ae6c665c",
"versionType": "git"
},
{
"lessThan": "505ae01f75f839b54329164bbfecf24cc1361b31",
"status": "affected",
"version": "4b89251de024fb85329e4cbd8fbea551ae6c665c",
"versionType": "git"
},
{
"lessThan": "b1d305abef4640af1b4f1b4774d513cd81b10cfc",
"status": "affected",
"version": "4b89251de024fb85329e4cbd8fbea551ae6c665c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/esw/legacy.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.52",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.111",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.52",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.11",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix bridge mode operations when there are no VFs\n\nCurrently, trying to set the bridge mode attribute when numvfs=0 leads to a\ncrash:\n\nbridge link set dev eth2 hwmode vepa\n\n[ 168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[...]\n[ 168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core]\n[...]\n[ 168.976037] Call Trace:\n[ 168.976188] \u003cTASK\u003e\n[ 168.978620] _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core]\n[ 168.979074] mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core]\n[ 168.979471] rtnl_bridge_setlink+0xe9/0x1f0\n[ 168.979714] rtnetlink_rcv_msg+0x159/0x400\n[ 168.980451] netlink_rcv_skb+0x54/0x100\n[ 168.980675] netlink_unicast+0x241/0x360\n[ 168.980918] netlink_sendmsg+0x1f6/0x430\n[ 168.981162] ____sys_sendmsg+0x3bb/0x3f0\n[ 168.982155] ___sys_sendmsg+0x88/0xd0\n[ 168.985036] __sys_sendmsg+0x59/0xa0\n[ 168.985477] do_syscall_64+0x79/0x150\n[ 168.987273] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 168.987773] RIP: 0033:0x7f8f7950f917\n\n(esw-\u003efdb_table.legacy.vepa_fdb is null)\n\nThe bridge mode is only relevant when there are multiple functions per\nport. Therefore, prevent setting and getting this setting when there are no\nVFs.\n\nNote that after this change, there are no settings to change on the PF\ninterface using `bridge link` when there are no VFs, so the interface no\nlonger appears in the `bridge link` output."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:36:04.960Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/52c4beb79e095e0631b5cac46ed48a2aefe51985"
},
{
"url": "https://git.kernel.org/stable/c/65feee671e37f3b6eda0b6af28f204b5bcf7fa50"
},
{
"url": "https://git.kernel.org/stable/c/505ae01f75f839b54329164bbfecf24cc1361b31"
},
{
"url": "https://git.kernel.org/stable/c/b1d305abef4640af1b4f1b4774d513cd81b10cfc"
}
],
"title": "net/mlx5: Fix bridge mode operations when there are no VFs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46857",
"datePublished": "2024-09-27T12:42:48.545Z",
"dateReserved": "2024-09-11T15:12:18.291Z",
"dateUpdated": "2025-11-03T22:19:43.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49875 (GCVE-0-2024-49875)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2026-01-05 10:54
VLAI?
EPSS
Title
nfsd: map the EBADMSG to nfserr_io to avoid warning
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfsd: map the EBADMSG to nfserr_io to avoid warning
Ext4 will throw -EBADMSG through ext4_readdir when a checksum error
occurs, resulting in the following WARNING.
Fix it by mapping EBADMSG to nfserr_io.
nfsd_buffered_readdir
iterate_dir // -EBADMSG -74
ext4_readdir // .iterate_shared
ext4_dx_readdir
ext4_htree_fill_tree
htree_dirblock_to_tree
ext4_read_dirblock
__ext4_read_dirblock
ext4_dirblock_csum_verify
warn_no_space_for_csum
__warn_no_space_for_csum
return ERR_PTR(-EFSBADCRC) // -EBADMSG -74
nfserrno // WARNING
[ 161.115610] ------------[ cut here ]------------
[ 161.116465] nfsd: non-standard errno: -74
[ 161.117315] WARNING: CPU: 1 PID: 780 at fs/nfsd/nfsproc.c:878 nfserrno+0x9d/0xd0
[ 161.118596] Modules linked in:
[ 161.119243] CPU: 1 PID: 780 Comm: nfsd Not tainted 5.10.0-00014-g79679361fd5d #138
[ 161.120684] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qe
mu.org 04/01/2014
[ 161.123601] RIP: 0010:nfserrno+0x9d/0xd0
[ 161.124676] Code: 0f 87 da 30 dd 00 83 e3 01 b8 00 00 00 05 75 d7 44 89 ee 48 c7 c7 c0 57 24 98 89 44 24 04 c6
05 ce 2b 61 03 01 e8 99 20 d8 00 <0f> 0b 8b 44 24 04 eb b5 4c 89 e6 48 c7 c7 a0 6d a4 99 e8 cc 15 33
[ 161.127797] RSP: 0018:ffffc90000e2f9c0 EFLAGS: 00010286
[ 161.128794] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 161.130089] RDX: 1ffff1103ee16f6d RSI: 0000000000000008 RDI: fffff520001c5f2a
[ 161.131379] RBP: 0000000000000022 R08: 0000000000000001 R09: ffff8881f70c1827
[ 161.132664] R10: ffffed103ee18304 R11: 0000000000000001 R12: 0000000000000021
[ 161.133949] R13: 00000000ffffffb6 R14: ffff8881317c0000 R15: ffffc90000e2fbd8
[ 161.135244] FS: 0000000000000000(0000) GS:ffff8881f7080000(0000) knlGS:0000000000000000
[ 161.136695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 161.137761] CR2: 00007fcaad70b348 CR3: 0000000144256006 CR4: 0000000000770ee0
[ 161.139041] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 161.140291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 161.141519] PKRU: 55555554
[ 161.142076] Call Trace:
[ 161.142575] ? __warn+0x9b/0x140
[ 161.143229] ? nfserrno+0x9d/0xd0
[ 161.143872] ? report_bug+0x125/0x150
[ 161.144595] ? handle_bug+0x41/0x90
[ 161.145284] ? exc_invalid_op+0x14/0x70
[ 161.146009] ? asm_exc_invalid_op+0x12/0x20
[ 161.146816] ? nfserrno+0x9d/0xd0
[ 161.147487] nfsd_buffered_readdir+0x28b/0x2b0
[ 161.148333] ? nfsd4_encode_dirent_fattr+0x380/0x380
[ 161.149258] ? nfsd_buffered_filldir+0xf0/0xf0
[ 161.150093] ? wait_for_concurrent_writes+0x170/0x170
[ 161.151004] ? generic_file_llseek_size+0x48/0x160
[ 161.151895] nfsd_readdir+0x132/0x190
[ 161.152606] ? nfsd4_encode_dirent_fattr+0x380/0x380
[ 161.153516] ? nfsd_unlink+0x380/0x380
[ 161.154256] ? override_creds+0x45/0x60
[ 161.155006] nfsd4_encode_readdir+0x21a/0x3d0
[ 161.155850] ? nfsd4_encode_readlink+0x210/0x210
[ 161.156731] ? write_bytes_to_xdr_buf+0x97/0xe0
[ 161.157598] ? __write_bytes_to_xdr_buf+0xd0/0xd0
[ 161.158494] ? lock_downgrade+0x90/0x90
[ 161.159232] ? nfs4svc_decode_voidarg+0x10/0x10
[ 161.160092] nfsd4_encode_operation+0x15a/0x440
[ 161.160959] nfsd4_proc_compound+0x718/0xe90
[ 161.161818] nfsd_dispatch+0x18e/0x2c0
[ 161.162586] svc_process_common+0x786/0xc50
[ 161.163403] ? nfsd_svc+0x380/0x380
[ 161.164137] ? svc_printk+0x160/0x160
[ 161.164846] ? svc_xprt_do_enqueue.part.0+0x365/0x380
[ 161.165808] ? nfsd_svc+0x380/0x380
[ 161.166523] ? rcu_is_watching+0x23/0x40
[ 161.167309] svc_process+0x1a5/0x200
[ 161.168019] nfsd+0x1f5/0x380
[ 161.168663] ? nfsd_shutdown_threads+0x260/0x260
[ 161.169554] kthread+0x1c4/0x210
[ 161.170224] ? kthread_insert_work_sanity_check+0x80/0x80
[ 161.171246] ret_from_fork+0x1f/0x30
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
6a797d2737838906f2ea0a31686e87c3151e21ca , < 0ea4333c679f333e23956de743ad17387819d3f2
(git)
Affected: 6a797d2737838906f2ea0a31686e87c3151e21ca , < 825789ca94602543101045ad3aad19b2b60c6b2a (git) Affected: 6a797d2737838906f2ea0a31686e87c3151e21ca , < 6fe058502f8864649c3d614b06b2235223798f48 (git) Affected: 6a797d2737838906f2ea0a31686e87c3151e21ca , < f7d8ee9db94372b8235f5f22bb24381891594c42 (git) Affected: 6a797d2737838906f2ea0a31686e87c3151e21ca , < c76005adfa93d1a027433331252422078750321f (git) Affected: 6a797d2737838906f2ea0a31686e87c3151e21ca , < e9cfecca22a36b927a440abc6307efb9e138fed5 (git) Affected: 6a797d2737838906f2ea0a31686e87c3151e21ca , < 340e61e44c1d2a15c42ec72ade9195ad525fd048 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49875",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:46:25.129845Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:51.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:40.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfsd/vfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0ea4333c679f333e23956de743ad17387819d3f2",
"status": "affected",
"version": "6a797d2737838906f2ea0a31686e87c3151e21ca",
"versionType": "git"
},
{
"lessThan": "825789ca94602543101045ad3aad19b2b60c6b2a",
"status": "affected",
"version": "6a797d2737838906f2ea0a31686e87c3151e21ca",
"versionType": "git"
},
{
"lessThan": "6fe058502f8864649c3d614b06b2235223798f48",
"status": "affected",
"version": "6a797d2737838906f2ea0a31686e87c3151e21ca",
"versionType": "git"
},
{
"lessThan": "f7d8ee9db94372b8235f5f22bb24381891594c42",
"status": "affected",
"version": "6a797d2737838906f2ea0a31686e87c3151e21ca",
"versionType": "git"
},
{
"lessThan": "c76005adfa93d1a027433331252422078750321f",
"status": "affected",
"version": "6a797d2737838906f2ea0a31686e87c3151e21ca",
"versionType": "git"
},
{
"lessThan": "e9cfecca22a36b927a440abc6307efb9e138fed5",
"status": "affected",
"version": "6a797d2737838906f2ea0a31686e87c3151e21ca",
"versionType": "git"
},
{
"lessThan": "340e61e44c1d2a15c42ec72ade9195ad525fd048",
"status": "affected",
"version": "6a797d2737838906f2ea0a31686e87c3151e21ca",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfsd/vfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.4"
},
{
"lessThan": "4.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: map the EBADMSG to nfserr_io to avoid warning\n\nExt4 will throw -EBADMSG through ext4_readdir when a checksum error\noccurs, resulting in the following WARNING.\n\nFix it by mapping EBADMSG to nfserr_io.\n\nnfsd_buffered_readdir\n iterate_dir // -EBADMSG -74\n ext4_readdir // .iterate_shared\n ext4_dx_readdir\n ext4_htree_fill_tree\n htree_dirblock_to_tree\n ext4_read_dirblock\n __ext4_read_dirblock\n ext4_dirblock_csum_verify\n warn_no_space_for_csum\n __warn_no_space_for_csum\n return ERR_PTR(-EFSBADCRC) // -EBADMSG -74\n nfserrno // WARNING\n\n[ 161.115610] ------------[ cut here ]------------\n[ 161.116465] nfsd: non-standard errno: -74\n[ 161.117315] WARNING: CPU: 1 PID: 780 at fs/nfsd/nfsproc.c:878 nfserrno+0x9d/0xd0\n[ 161.118596] Modules linked in:\n[ 161.119243] CPU: 1 PID: 780 Comm: nfsd Not tainted 5.10.0-00014-g79679361fd5d #138\n[ 161.120684] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qe\nmu.org 04/01/2014\n[ 161.123601] RIP: 0010:nfserrno+0x9d/0xd0\n[ 161.124676] Code: 0f 87 da 30 dd 00 83 e3 01 b8 00 00 00 05 75 d7 44 89 ee 48 c7 c7 c0 57 24 98 89 44 24 04 c6\n 05 ce 2b 61 03 01 e8 99 20 d8 00 \u003c0f\u003e 0b 8b 44 24 04 eb b5 4c 89 e6 48 c7 c7 a0 6d a4 99 e8 cc 15 33\n[ 161.127797] RSP: 0018:ffffc90000e2f9c0 EFLAGS: 00010286\n[ 161.128794] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n[ 161.130089] RDX: 1ffff1103ee16f6d RSI: 0000000000000008 RDI: fffff520001c5f2a\n[ 161.131379] RBP: 0000000000000022 R08: 0000000000000001 R09: ffff8881f70c1827\n[ 161.132664] R10: ffffed103ee18304 R11: 0000000000000001 R12: 0000000000000021\n[ 161.133949] R13: 00000000ffffffb6 R14: ffff8881317c0000 R15: ffffc90000e2fbd8\n[ 161.135244] FS: 0000000000000000(0000) GS:ffff8881f7080000(0000) knlGS:0000000000000000\n[ 161.136695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 161.137761] CR2: 00007fcaad70b348 CR3: 0000000144256006 CR4: 0000000000770ee0\n[ 161.139041] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 161.140291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 161.141519] PKRU: 55555554\n[ 161.142076] Call Trace:\n[ 161.142575] ? __warn+0x9b/0x140\n[ 161.143229] ? nfserrno+0x9d/0xd0\n[ 161.143872] ? report_bug+0x125/0x150\n[ 161.144595] ? handle_bug+0x41/0x90\n[ 161.145284] ? exc_invalid_op+0x14/0x70\n[ 161.146009] ? asm_exc_invalid_op+0x12/0x20\n[ 161.146816] ? nfserrno+0x9d/0xd0\n[ 161.147487] nfsd_buffered_readdir+0x28b/0x2b0\n[ 161.148333] ? nfsd4_encode_dirent_fattr+0x380/0x380\n[ 161.149258] ? nfsd_buffered_filldir+0xf0/0xf0\n[ 161.150093] ? wait_for_concurrent_writes+0x170/0x170\n[ 161.151004] ? generic_file_llseek_size+0x48/0x160\n[ 161.151895] nfsd_readdir+0x132/0x190\n[ 161.152606] ? nfsd4_encode_dirent_fattr+0x380/0x380\n[ 161.153516] ? nfsd_unlink+0x380/0x380\n[ 161.154256] ? override_creds+0x45/0x60\n[ 161.155006] nfsd4_encode_readdir+0x21a/0x3d0\n[ 161.155850] ? nfsd4_encode_readlink+0x210/0x210\n[ 161.156731] ? write_bytes_to_xdr_buf+0x97/0xe0\n[ 161.157598] ? __write_bytes_to_xdr_buf+0xd0/0xd0\n[ 161.158494] ? lock_downgrade+0x90/0x90\n[ 161.159232] ? nfs4svc_decode_voidarg+0x10/0x10\n[ 161.160092] nfsd4_encode_operation+0x15a/0x440\n[ 161.160959] nfsd4_proc_compound+0x718/0xe90\n[ 161.161818] nfsd_dispatch+0x18e/0x2c0\n[ 161.162586] svc_process_common+0x786/0xc50\n[ 161.163403] ? nfsd_svc+0x380/0x380\n[ 161.164137] ? svc_printk+0x160/0x160\n[ 161.164846] ? svc_xprt_do_enqueue.part.0+0x365/0x380\n[ 161.165808] ? nfsd_svc+0x380/0x380\n[ 161.166523] ? rcu_is_watching+0x23/0x40\n[ 161.167309] svc_process+0x1a5/0x200\n[ 161.168019] nfsd+0x1f5/0x380\n[ 161.168663] ? nfsd_shutdown_threads+0x260/0x260\n[ 161.169554] kthread+0x1c4/0x210\n[ 161.170224] ? kthread_insert_work_sanity_check+0x80/0x80\n[ 161.171246] ret_from_fork+0x1f/0x30"
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:54:12.392Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0ea4333c679f333e23956de743ad17387819d3f2"
},
{
"url": "https://git.kernel.org/stable/c/825789ca94602543101045ad3aad19b2b60c6b2a"
},
{
"url": "https://git.kernel.org/stable/c/6fe058502f8864649c3d614b06b2235223798f48"
},
{
"url": "https://git.kernel.org/stable/c/f7d8ee9db94372b8235f5f22bb24381891594c42"
},
{
"url": "https://git.kernel.org/stable/c/c76005adfa93d1a027433331252422078750321f"
},
{
"url": "https://git.kernel.org/stable/c/e9cfecca22a36b927a440abc6307efb9e138fed5"
},
{
"url": "https://git.kernel.org/stable/c/340e61e44c1d2a15c42ec72ade9195ad525fd048"
}
],
"title": "nfsd: map the EBADMSG to nfserr_io to avoid warning",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49875",
"datePublished": "2024-10-21T18:01:15.434Z",
"dateReserved": "2024-10-21T12:17:06.020Z",
"dateUpdated": "2026-01-05T10:54:12.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49011 (GCVE-0-2022-49011)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
Summary
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
As comment of pci_get_domain_bus_and_slot() says, it returns
a pci device with refcount increment, when finish using it,
the caller must decrement the reference count by calling
pci_dev_put(). So call it after using to avoid refcount leak.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
14513ee696a0cd12a19318e433b75a786808adc3 , < bb75a0d1223d43f97089841aecb28a9b4de687a9
(git)
Affected: 14513ee696a0cd12a19318e433b75a786808adc3 , < 0dd1da5a15eeecb2fe4cf131b3216fb455af783c (git) Affected: 14513ee696a0cd12a19318e433b75a786808adc3 , < 2f74cffc7c85f770b1b1833dccb03b8cde3be102 (git) Affected: 14513ee696a0cd12a19318e433b75a786808adc3 , < ea5844f946b1ec5c0b7c115cd7684f34fd48021b (git) Affected: 14513ee696a0cd12a19318e433b75a786808adc3 , < c40db1e5f316792b557d2be37e447c20d9ac4635 (git) Affected: 14513ee696a0cd12a19318e433b75a786808adc3 , < 6e035d5a2a6b907cfce9a80c5f442c2e459cd34e (git) Affected: 14513ee696a0cd12a19318e433b75a786808adc3 , < f598da27acbeee414679cacd14294db3e273e3d2 (git) Affected: 14513ee696a0cd12a19318e433b75a786808adc3 , < 7dec14537c5906b8bf40fd6fd6d9c3850f8df11d (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49011",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:13:51.210098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:38.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hwmon/coretemp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bb75a0d1223d43f97089841aecb28a9b4de687a9",
"status": "affected",
"version": "14513ee696a0cd12a19318e433b75a786808adc3",
"versionType": "git"
},
{
"lessThan": "0dd1da5a15eeecb2fe4cf131b3216fb455af783c",
"status": "affected",
"version": "14513ee696a0cd12a19318e433b75a786808adc3",
"versionType": "git"
},
{
"lessThan": "2f74cffc7c85f770b1b1833dccb03b8cde3be102",
"status": "affected",
"version": "14513ee696a0cd12a19318e433b75a786808adc3",
"versionType": "git"
},
{
"lessThan": "ea5844f946b1ec5c0b7c115cd7684f34fd48021b",
"status": "affected",
"version": "14513ee696a0cd12a19318e433b75a786808adc3",
"versionType": "git"
},
{
"lessThan": "c40db1e5f316792b557d2be37e447c20d9ac4635",
"status": "affected",
"version": "14513ee696a0cd12a19318e433b75a786808adc3",
"versionType": "git"
},
{
"lessThan": "6e035d5a2a6b907cfce9a80c5f442c2e459cd34e",
"status": "affected",
"version": "14513ee696a0cd12a19318e433b75a786808adc3",
"versionType": "git"
},
{
"lessThan": "f598da27acbeee414679cacd14294db3e273e3d2",
"status": "affected",
"version": "14513ee696a0cd12a19318e433b75a786808adc3",
"versionType": "git"
},
{
"lessThan": "7dec14537c5906b8bf40fd6fd6d9c3850f8df11d",
"status": "affected",
"version": "14513ee696a0cd12a19318e433b75a786808adc3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hwmon/coretemp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.14"
},
{
"lessThan": "3.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.335",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.301",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.335",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.301",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.268",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "3.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()\n\nAs comment of pci_get_domain_bus_and_slot() says, it returns\na pci device with refcount increment, when finish using it,\nthe caller must decrement the reference count by calling\npci_dev_put(). So call it after using to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:00.793Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bb75a0d1223d43f97089841aecb28a9b4de687a9"
},
{
"url": "https://git.kernel.org/stable/c/0dd1da5a15eeecb2fe4cf131b3216fb455af783c"
},
{
"url": "https://git.kernel.org/stable/c/2f74cffc7c85f770b1b1833dccb03b8cde3be102"
},
{
"url": "https://git.kernel.org/stable/c/ea5844f946b1ec5c0b7c115cd7684f34fd48021b"
},
{
"url": "https://git.kernel.org/stable/c/c40db1e5f316792b557d2be37e447c20d9ac4635"
},
{
"url": "https://git.kernel.org/stable/c/6e035d5a2a6b907cfce9a80c5f442c2e459cd34e"
},
{
"url": "https://git.kernel.org/stable/c/f598da27acbeee414679cacd14294db3e273e3d2"
},
{
"url": "https://git.kernel.org/stable/c/7dec14537c5906b8bf40fd6fd6d9c3850f8df11d"
}
],
"title": "hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49011",
"datePublished": "2024-10-21T20:06:22.099Z",
"dateReserved": "2024-08-22T01:27:53.644Z",
"dateUpdated": "2025-05-04T08:28:00.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49967 (GCVE-0-2024-49967)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-01-07 08:46
VLAI?
EPSS
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-01-07T08:46:31.368Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49967",
"datePublished": "2024-10-21T18:02:17.714Z",
"dateRejected": "2025-01-07T08:46:31.368Z",
"dateReserved": "2024-10-21T12:17:06.050Z",
"dateUpdated": "2025-01-07T08:46:31.368Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28327 (GCVE-0-2023-28327)
Vulnerability from cvelistv5 – Published: 2023-04-19 00:00 – Updated: 2025-03-19 15:35
VLAI?
EPSS
Summary
A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service.
Severity ?
5.5 (Medium)
CWE
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:24.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177382"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T15:56:18.401087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T15:35:50.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Linux",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177382"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-28327",
"datePublished": "2023-04-19T00:00:00.000Z",
"dateReserved": "2023-03-14T00:00:00.000Z",
"dateUpdated": "2025-03-19T15:35:50.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40965 (GCVE-0-2024-40965)
Vulnerability from cvelistv5 – Published: 2024-07-12 12:32 – Updated: 2026-01-05 10:36
VLAI?
EPSS
Title
i2c: lpi2c: Avoid calling clk_get_rate during transfer
Summary
In the Linux kernel, the following vulnerability has been resolved:
i2c: lpi2c: Avoid calling clk_get_rate during transfer
Instead of repeatedly calling clk_get_rate for each transfer, lock
the clock rate and cache the value.
A deadlock has been observed while adding tlv320aic32x4 audio codec to
the system. When this clock provider adds its clock, the clk mutex is
locked already, it needs to access i2c, which in return needs the mutex
for clk_get_rate as well.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
a55fa9d0e42e31b0292540e6324d481aad307644 , < d038693e08adf9c162c6377800495e4f5a2df045
(git)
Affected: a55fa9d0e42e31b0292540e6324d481aad307644 , < 2b42e9587a7a9c7b824e0feb92958f258263963e (git) Affected: a55fa9d0e42e31b0292540e6324d481aad307644 , < 4268254a39484fc11ba991ae148bacbe75d9cc0a (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:55.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b42e9587a7a9c7b824e0feb92958f258263963e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4268254a39484fc11ba991ae148bacbe75d9cc0a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:03:13.465899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:23.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-imx-lpi2c.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d038693e08adf9c162c6377800495e4f5a2df045",
"status": "affected",
"version": "a55fa9d0e42e31b0292540e6324d481aad307644",
"versionType": "git"
},
{
"lessThan": "2b42e9587a7a9c7b824e0feb92958f258263963e",
"status": "affected",
"version": "a55fa9d0e42e31b0292540e6324d481aad307644",
"versionType": "git"
},
{
"lessThan": "4268254a39484fc11ba991ae148bacbe75d9cc0a",
"status": "affected",
"version": "a55fa9d0e42e31b0292540e6324d481aad307644",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-imx-lpi2c.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.7",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: lpi2c: Avoid calling clk_get_rate during transfer\n\nInstead of repeatedly calling clk_get_rate for each transfer, lock\nthe clock rate and cache the value.\nA deadlock has been observed while adding tlv320aic32x4 audio codec to\nthe system. When this clock provider adds its clock, the clk mutex is\nlocked already, it needs to access i2c, which in return needs the mutex\nfor clk_get_rate as well."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:36:53.734Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d038693e08adf9c162c6377800495e4f5a2df045"
},
{
"url": "https://git.kernel.org/stable/c/2b42e9587a7a9c7b824e0feb92958f258263963e"
},
{
"url": "https://git.kernel.org/stable/c/4268254a39484fc11ba991ae148bacbe75d9cc0a"
}
],
"title": "i2c: lpi2c: Avoid calling clk_get_rate during transfer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40965",
"datePublished": "2024-07-12T12:32:05.453Z",
"dateReserved": "2024-07-12T12:17:45.602Z",
"dateUpdated": "2026-01-05T10:36:53.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49888 (GCVE-0-2024-49888)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-05-04 09:40
VLAI?
EPSS
Title
bpf: Fix a sdiv overflow issue
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix a sdiv overflow issue
Zac Ecob reported a problem where a bpf program may cause kernel crash due
to the following error:
Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI
The failure is due to the below signed divide:
LLONG_MIN/-1 where LLONG_MIN equals to -9,223,372,036,854,775,808.
LLONG_MIN/-1 is supposed to give a positive number 9,223,372,036,854,775,808,
but it is impossible since for 64-bit system, the maximum positive
number is 9,223,372,036,854,775,807. On x86_64, LLONG_MIN/-1 will
cause a kernel exception. On arm64, the result for LLONG_MIN/-1 is
LLONG_MIN.
Further investigation found all the following sdiv/smod cases may trigger
an exception when bpf program is running on x86_64 platform:
- LLONG_MIN/-1 for 64bit operation
- INT_MIN/-1 for 32bit operation
- LLONG_MIN%-1 for 64bit operation
- INT_MIN%-1 for 32bit operation
where -1 can be an immediate or in a register.
On arm64, there are no exceptions:
- LLONG_MIN/-1 = LLONG_MIN
- INT_MIN/-1 = INT_MIN
- LLONG_MIN%-1 = 0
- INT_MIN%-1 = 0
where -1 can be an immediate or in a register.
Insn patching is needed to handle the above cases and the patched codes
produced results aligned with above arm64 result. The below are pseudo
codes to handle sdiv/smod exceptions including both divisor -1 and divisor 0
and the divisor is stored in a register.
sdiv:
tmp = rX
tmp += 1 /* [-1, 0] -> [0, 1]
if tmp >(unsigned) 1 goto L2
if tmp == 0 goto L1
rY = 0
L1:
rY = -rY;
goto L3
L2:
rY /= rX
L3:
smod:
tmp = rX
tmp += 1 /* [-1, 0] -> [0, 1]
if tmp >(unsigned) 1 goto L1
if tmp == 1 (is64 ? goto L2 : goto L3)
rY = 0;
goto L2
L1:
rY %= rX
L2:
goto L4 // only when !is64
L3:
wY = wY // only when !is64
L4:
[1] https://lore.kernel.org/bpf/tPJLTEh7S_DxFEqAI2Ji5MBSoZVg7_G-Py2iaZpAaWtM961fFTWtsnlzwvTbzBzaUzwQAoNATXKUlt0LZOFgnDcIyKCswAnAGdUF3LBrhGQ=@protonmail.com/
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
ec0e2da95f72d4a46050a4d994e4fe471474fd80 , < 4902a6a0dc593c82055fc8c9ada371bafe26c9cc
(git)
Affected: ec0e2da95f72d4a46050a4d994e4fe471474fd80 , < d22e45a369afc7c28f11acfa5b5e8e478227ca5d (git) Affected: ec0e2da95f72d4a46050a4d994e4fe471474fd80 , < 7dd34d7b7dcf9309fc6224caf4dd5b35bedddcb7 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:44:44.632925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:49.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/verifier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4902a6a0dc593c82055fc8c9ada371bafe26c9cc",
"status": "affected",
"version": "ec0e2da95f72d4a46050a4d994e4fe471474fd80",
"versionType": "git"
},
{
"lessThan": "d22e45a369afc7c28f11acfa5b5e8e478227ca5d",
"status": "affected",
"version": "ec0e2da95f72d4a46050a4d994e4fe471474fd80",
"versionType": "git"
},
{
"lessThan": "7dd34d7b7dcf9309fc6224caf4dd5b35bedddcb7",
"status": "affected",
"version": "ec0e2da95f72d4a46050a4d994e4fe471474fd80",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/verifier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a sdiv overflow issue\n\nZac Ecob reported a problem where a bpf program may cause kernel crash due\nto the following error:\n Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\n\nThe failure is due to the below signed divide:\n LLONG_MIN/-1 where LLONG_MIN equals to -9,223,372,036,854,775,808.\nLLONG_MIN/-1 is supposed to give a positive number 9,223,372,036,854,775,808,\nbut it is impossible since for 64-bit system, the maximum positive\nnumber is 9,223,372,036,854,775,807. On x86_64, LLONG_MIN/-1 will\ncause a kernel exception. On arm64, the result for LLONG_MIN/-1 is\nLLONG_MIN.\n\nFurther investigation found all the following sdiv/smod cases may trigger\nan exception when bpf program is running on x86_64 platform:\n - LLONG_MIN/-1 for 64bit operation\n - INT_MIN/-1 for 32bit operation\n - LLONG_MIN%-1 for 64bit operation\n - INT_MIN%-1 for 32bit operation\nwhere -1 can be an immediate or in a register.\n\nOn arm64, there are no exceptions:\n - LLONG_MIN/-1 = LLONG_MIN\n - INT_MIN/-1 = INT_MIN\n - LLONG_MIN%-1 = 0\n - INT_MIN%-1 = 0\nwhere -1 can be an immediate or in a register.\n\nInsn patching is needed to handle the above cases and the patched codes\nproduced results aligned with above arm64 result. The below are pseudo\ncodes to handle sdiv/smod exceptions including both divisor -1 and divisor 0\nand the divisor is stored in a register.\n\nsdiv:\n tmp = rX\n tmp += 1 /* [-1, 0] -\u003e [0, 1]\n if tmp \u003e(unsigned) 1 goto L2\n if tmp == 0 goto L1\n rY = 0\n L1:\n rY = -rY;\n goto L3\n L2:\n rY /= rX\n L3:\n\nsmod:\n tmp = rX\n tmp += 1 /* [-1, 0] -\u003e [0, 1]\n if tmp \u003e(unsigned) 1 goto L1\n if tmp == 1 (is64 ? goto L2 : goto L3)\n rY = 0;\n goto L2\n L1:\n rY %= rX\n L2:\n goto L4 // only when !is64\n L3:\n wY = wY // only when !is64\n L4:\n\n [1] https://lore.kernel.org/bpf/tPJLTEh7S_DxFEqAI2Ji5MBSoZVg7_G-Py2iaZpAaWtM961fFTWtsnlzwvTbzBzaUzwQAoNATXKUlt0LZOFgnDcIyKCswAnAGdUF3LBrhGQ=@protonmail.com/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:40:31.703Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4902a6a0dc593c82055fc8c9ada371bafe26c9cc"
},
{
"url": "https://git.kernel.org/stable/c/d22e45a369afc7c28f11acfa5b5e8e478227ca5d"
},
{
"url": "https://git.kernel.org/stable/c/7dd34d7b7dcf9309fc6224caf4dd5b35bedddcb7"
}
],
"title": "bpf: Fix a sdiv overflow issue",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49888",
"datePublished": "2024-10-21T18:01:24.235Z",
"dateReserved": "2024-10-21T12:17:06.022Z",
"dateUpdated": "2025-05-04T09:40:31.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49867 (GCVE-0-2024-49867)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2026-01-05 10:54
VLAI?
EPSS
Title
btrfs: wait for fixup workers before stopping cleaner kthread during umount
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: wait for fixup workers before stopping cleaner kthread during umount
During unmount, at close_ctree(), we have the following steps in this order:
1) Park the cleaner kthread - this doesn't destroy the kthread, it basically
halts its execution (wake ups against it work but do nothing);
2) We stop the cleaner kthread - this results in freeing the respective
struct task_struct;
3) We call btrfs_stop_all_workers() which waits for any jobs running in all
the work queues and then free the work queues.
Syzbot reported a case where a fixup worker resulted in a crash when doing
a delayed iput on its inode while attempting to wake up the cleaner at
btrfs_add_delayed_iput(), because the task_struct of the cleaner kthread
was already freed. This can happen during unmount because we don't wait
for any fixup workers still running before we call kthread_stop() against
the cleaner kthread, which stops and free all its resources.
Fix this by waiting for any fixup workers at close_ctree() before we call
kthread_stop() against the cleaner and run pending delayed iputs.
The stack traces reported by syzbot were the following:
BUG: KASAN: slab-use-after-free in __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065
Read of size 8 at addr ffff8880272a8a18 by task kworker/u8:3/52
CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.12.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: btrfs-fixup btrfs_work_helper
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:377 [inline]
print_report+0x169/0x550 mm/kasan/report.c:488
kasan_report+0x143/0x180 mm/kasan/report.c:601
__lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]
try_to_wake_up+0xb0/0x1480 kernel/sched/core.c:4154
btrfs_writepage_fixup_worker+0xc16/0xdf0 fs/btrfs/inode.c:2842
btrfs_work_helper+0x390/0xc50 fs/btrfs/async-thread.c:314
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Allocated by task 2:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
unpoison_slab_object mm/kasan/common.c:319 [inline]
__kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345
kasan_slab_alloc include/linux/kasan.h:247 [inline]
slab_post_alloc_hook mm/slub.c:4086 [inline]
slab_alloc_node mm/slub.c:4135 [inline]
kmem_cache_alloc_node_noprof+0x16b/0x320 mm/slub.c:4187
alloc_task_struct_node kernel/fork.c:180 [inline]
dup_task_struct+0x57/0x8c0 kernel/fork.c:1107
copy_process+0x5d1/0x3d50 kernel/fork.c:2206
kernel_clone+0x223/0x880 kernel/fork.c:2787
kernel_thread+0x1bc/0x240 kernel/fork.c:2849
create_kthread kernel/kthread.c:412 [inline]
kthreadd+0x60d/0x810 kernel/kthread.c:765
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Freed by task 61:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579
poison_slab_object mm/kasan/common.c:247 [inline]
__kasan_slab_free+0x59/0x70 mm/kasan/common.c:264
kasan_slab_free include/linux/kasan.h:230 [inline]
slab_free_h
---truncated---
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
7a97311de48d56af6db4c5819f95faf9b0b23b1a , < a71349b692ab34ea197949e13e3cc42570fe73d9
(git)
Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < 70b60c8d9b42763d6629e44f448aa5d8ae477d61 (git) Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < 4c98fe0dfa2ae83c4631699695506d8941db4bfe (git) Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < 9da40aea63f8769f28afb91aea0fac4cf6fbbb65 (git) Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < ed87190e9d9c80aad220fb6b0b03a84d22e2c95b (git) Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < bf0de0f9a0544c11f96f93206da04ab87dcea1f4 (git) Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < 65d11eb276836d49003a8060cf31fa2284ad1047 (git) Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < 41fd1e94066a815a7ab0a7025359e9b40e4b3576 (git) Affected: 6026fd9da213daab95469356fe7fdcf29ae1a296 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49867",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:47:28.241887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:52.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:34.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/disk-io.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a71349b692ab34ea197949e13e3cc42570fe73d9",
"status": "affected",
"version": "7a97311de48d56af6db4c5819f95faf9b0b23b1a",
"versionType": "git"
},
{
"lessThan": "70b60c8d9b42763d6629e44f448aa5d8ae477d61",
"status": "affected",
"version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
"versionType": "git"
},
{
"lessThan": "4c98fe0dfa2ae83c4631699695506d8941db4bfe",
"status": "affected",
"version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
"versionType": "git"
},
{
"lessThan": "9da40aea63f8769f28afb91aea0fac4cf6fbbb65",
"status": "affected",
"version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
"versionType": "git"
},
{
"lessThan": "ed87190e9d9c80aad220fb6b0b03a84d22e2c95b",
"status": "affected",
"version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
"versionType": "git"
},
{
"lessThan": "bf0de0f9a0544c11f96f93206da04ab87dcea1f4",
"status": "affected",
"version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
"versionType": "git"
},
{
"lessThan": "65d11eb276836d49003a8060cf31fa2284ad1047",
"status": "affected",
"version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
"versionType": "git"
},
{
"lessThan": "41fd1e94066a815a7ab0a7025359e9b40e4b3576",
"status": "affected",
"version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
"versionType": "git"
},
{
"status": "affected",
"version": "6026fd9da213daab95469356fe7fdcf29ae1a296",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/disk-io.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "5.4.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: wait for fixup workers before stopping cleaner kthread during umount\n\nDuring unmount, at close_ctree(), we have the following steps in this order:\n\n1) Park the cleaner kthread - this doesn\u0027t destroy the kthread, it basically\n halts its execution (wake ups against it work but do nothing);\n\n2) We stop the cleaner kthread - this results in freeing the respective\n struct task_struct;\n\n3) We call btrfs_stop_all_workers() which waits for any jobs running in all\n the work queues and then free the work queues.\n\nSyzbot reported a case where a fixup worker resulted in a crash when doing\na delayed iput on its inode while attempting to wake up the cleaner at\nbtrfs_add_delayed_iput(), because the task_struct of the cleaner kthread\nwas already freed. This can happen during unmount because we don\u0027t wait\nfor any fixup workers still running before we call kthread_stop() against\nthe cleaner kthread, which stops and free all its resources.\n\nFix this by waiting for any fixup workers at close_ctree() before we call\nkthread_stop() against the cleaner and run pending delayed iputs.\n\nThe stack traces reported by syzbot were the following:\n\n BUG: KASAN: slab-use-after-free in __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065\n Read of size 8 at addr ffff8880272a8a18 by task kworker/u8:3/52\n\n CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.12.0-rc1-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n Workqueue: btrfs-fixup btrfs_work_helper\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162\n class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]\n try_to_wake_up+0xb0/0x1480 kernel/sched/core.c:4154\n btrfs_writepage_fixup_worker+0xc16/0xdf0 fs/btrfs/inode.c:2842\n btrfs_work_helper+0x390/0xc50 fs/btrfs/async-thread.c:314\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 2:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:319 [inline]\n __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345\n kasan_slab_alloc include/linux/kasan.h:247 [inline]\n slab_post_alloc_hook mm/slub.c:4086 [inline]\n slab_alloc_node mm/slub.c:4135 [inline]\n kmem_cache_alloc_node_noprof+0x16b/0x320 mm/slub.c:4187\n alloc_task_struct_node kernel/fork.c:180 [inline]\n dup_task_struct+0x57/0x8c0 kernel/fork.c:1107\n copy_process+0x5d1/0x3d50 kernel/fork.c:2206\n kernel_clone+0x223/0x880 kernel/fork.c:2787\n kernel_thread+0x1bc/0x240 kernel/fork.c:2849\n create_kthread kernel/kthread.c:412 [inline]\n kthreadd+0x60d/0x810 kernel/kthread.c:765\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\n Freed by task 61:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:230 [inline]\n slab_free_h\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:54:09.222Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a71349b692ab34ea197949e13e3cc42570fe73d9"
},
{
"url": "https://git.kernel.org/stable/c/70b60c8d9b42763d6629e44f448aa5d8ae477d61"
},
{
"url": "https://git.kernel.org/stable/c/4c98fe0dfa2ae83c4631699695506d8941db4bfe"
},
{
"url": "https://git.kernel.org/stable/c/9da40aea63f8769f28afb91aea0fac4cf6fbbb65"
},
{
"url": "https://git.kernel.org/stable/c/ed87190e9d9c80aad220fb6b0b03a84d22e2c95b"
},
{
"url": "https://git.kernel.org/stable/c/bf0de0f9a0544c11f96f93206da04ab87dcea1f4"
},
{
"url": "https://git.kernel.org/stable/c/65d11eb276836d49003a8060cf31fa2284ad1047"
},
{
"url": "https://git.kernel.org/stable/c/41fd1e94066a815a7ab0a7025359e9b40e4b3576"
}
],
"title": "btrfs: wait for fixup workers before stopping cleaner kthread during umount",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49867",
"datePublished": "2024-10-21T18:01:09.962Z",
"dateReserved": "2024-10-21T12:17:06.018Z",
"dateUpdated": "2026-01-05T10:54:09.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49881 (GCVE-0-2024-49881)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 22:22
VLAI?
EPSS
Title
ext4: update orig_path in ext4_find_extent()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: update orig_path in ext4_find_extent()
In ext4_find_extent(), if the path is not big enough, we free it and set
*orig_path to NULL. But after reallocating and successfully initializing
the path, we don't update *orig_path, in which case the caller gets a
valid path but a NULL ppath, and this may cause a NULL pointer dereference
or a path memory leak. For example:
ext4_split_extent
path = *ppath = 2000
ext4_find_extent
if (depth > path[0].p_maxdepth)
kfree(path = 2000);
*orig_path = path = NULL;
path = kcalloc() = 3000
ext4_split_extent_at(*ppath = NULL)
path = *ppath;
ex = path[depth].p_ext;
// NULL pointer dereference!
==================================================================
BUG: kernel NULL pointer dereference, address: 0000000000000010
CPU: 6 UID: 0 PID: 576 Comm: fsstress Not tainted 6.11.0-rc2-dirty #847
RIP: 0010:ext4_split_extent_at+0x6d/0x560
Call Trace:
<TASK>
ext4_split_extent.isra.0+0xcb/0x1b0
ext4_ext_convert_to_initialized+0x168/0x6c0
ext4_ext_handle_unwritten_extents+0x325/0x4d0
ext4_ext_map_blocks+0x520/0xdb0
ext4_map_blocks+0x2b0/0x690
ext4_iomap_begin+0x20e/0x2c0
[...]
==================================================================
Therefore, *orig_path is updated when the extent lookup succeeds, so that
the caller can safely use path or *ppath.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
10809df84a4d868db61af621bae3658494165279 , < ec0c0beb9b777cdd1edd7df9b36e0f3e67e2bdff
(git)
Affected: 10809df84a4d868db61af621bae3658494165279 , < 6766937d0327000ac1b87c97bbecdd28b0dd6599 (git) Affected: 10809df84a4d868db61af621bae3658494165279 , < a9fcb1717d75061d3653ed69365c8d45331815cd (git) Affected: 10809df84a4d868db61af621bae3658494165279 , < 6801ed1298204d16a38571091e31178bfdc3c679 (git) Affected: 10809df84a4d868db61af621bae3658494165279 , < f55ecc58d07a6c1f6d6d5b5af125c25f8da0bda2 (git) Affected: 10809df84a4d868db61af621bae3658494165279 , < b63481b3a388ee2df9e295f97273226140422a42 (git) Affected: 10809df84a4d868db61af621bae3658494165279 , < 11b230100d6801c014fab2afabc8bdea304c1b96 (git) Affected: 10809df84a4d868db61af621bae3658494165279 , < 5b4b2dcace35f618fe361a87bae6f0d13af31bc1 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49881",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:45:38.096654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:50.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:46.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/extents.c",
"fs/ext4/move_extent.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ec0c0beb9b777cdd1edd7df9b36e0f3e67e2bdff",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "6766937d0327000ac1b87c97bbecdd28b0dd6599",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "a9fcb1717d75061d3653ed69365c8d45331815cd",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "6801ed1298204d16a38571091e31178bfdc3c679",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "f55ecc58d07a6c1f6d6d5b5af125c25f8da0bda2",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "b63481b3a388ee2df9e295f97273226140422a42",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "11b230100d6801c014fab2afabc8bdea304c1b96",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "5b4b2dcace35f618fe361a87bae6f0d13af31bc1",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/extents.c",
"fs/ext4/move_extent.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: update orig_path in ext4_find_extent()\n\nIn ext4_find_extent(), if the path is not big enough, we free it and set\n*orig_path to NULL. But after reallocating and successfully initializing\nthe path, we don\u0027t update *orig_path, in which case the caller gets a\nvalid path but a NULL ppath, and this may cause a NULL pointer dereference\nor a path memory leak. For example:\n\next4_split_extent\n path = *ppath = 2000\n ext4_find_extent\n if (depth \u003e path[0].p_maxdepth)\n kfree(path = 2000);\n *orig_path = path = NULL;\n path = kcalloc() = 3000\n ext4_split_extent_at(*ppath = NULL)\n path = *ppath;\n ex = path[depth].p_ext;\n // NULL pointer dereference!\n\n==================================================================\nBUG: kernel NULL pointer dereference, address: 0000000000000010\nCPU: 6 UID: 0 PID: 576 Comm: fsstress Not tainted 6.11.0-rc2-dirty #847\nRIP: 0010:ext4_split_extent_at+0x6d/0x560\nCall Trace:\n \u003cTASK\u003e\n ext4_split_extent.isra.0+0xcb/0x1b0\n ext4_ext_convert_to_initialized+0x168/0x6c0\n ext4_ext_handle_unwritten_extents+0x325/0x4d0\n ext4_ext_map_blocks+0x520/0xdb0\n ext4_map_blocks+0x2b0/0x690\n ext4_iomap_begin+0x20e/0x2c0\n[...]\n==================================================================\n\nTherefore, *orig_path is updated when the extent lookup succeeds, so that\nthe caller can safely use path or *ppath."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:40:16.085Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ec0c0beb9b777cdd1edd7df9b36e0f3e67e2bdff"
},
{
"url": "https://git.kernel.org/stable/c/6766937d0327000ac1b87c97bbecdd28b0dd6599"
},
{
"url": "https://git.kernel.org/stable/c/a9fcb1717d75061d3653ed69365c8d45331815cd"
},
{
"url": "https://git.kernel.org/stable/c/6801ed1298204d16a38571091e31178bfdc3c679"
},
{
"url": "https://git.kernel.org/stable/c/f55ecc58d07a6c1f6d6d5b5af125c25f8da0bda2"
},
{
"url": "https://git.kernel.org/stable/c/b63481b3a388ee2df9e295f97273226140422a42"
},
{
"url": "https://git.kernel.org/stable/c/11b230100d6801c014fab2afabc8bdea304c1b96"
},
{
"url": "https://git.kernel.org/stable/c/5b4b2dcace35f618fe361a87bae6f0d13af31bc1"
}
],
"title": "ext4: update orig_path in ext4_find_extent()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49881",
"datePublished": "2024-10-21T18:01:19.478Z",
"dateReserved": "2024-10-21T12:17:06.021Z",
"dateUpdated": "2025-11-03T22:22:46.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47727 (GCVE-0-2024-47727)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
x86/tdx: Fix "in-kernel MMIO" check
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/tdx: Fix "in-kernel MMIO" check
TDX only supports kernel-initiated MMIO operations. The handle_mmio()
function checks if the #VE exception occurred in the kernel and rejects
the operation if it did not.
However, userspace can deceive the kernel into performing MMIO on its
behalf. For example, if userspace can point a syscall to an MMIO address,
syscall does get_user() or put_user() on it, triggering MMIO #VE. The
kernel will treat the #VE as in-kernel MMIO.
Ensure that the target MMIO address is within the kernel before decoding
instruction.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
31d58c4e557d46fa7f8557714250fb6f89c941ae , < 25703a3c980e21548774eea8c8a87a75c5c8f58c
(git)
Affected: 31d58c4e557d46fa7f8557714250fb6f89c941ae , < 4c0c5dcb5471de5fc8f0a1c4980e5815339e1cee (git) Affected: 31d58c4e557d46fa7f8557714250fb6f89c941ae , < 18ecd5b74682839e7cdafb7cd1ec106df7baa18c (git) Affected: 31d58c4e557d46fa7f8557714250fb6f89c941ae , < bca2e29f7e26ce7c3522f8b324c0bd85612f68e3 (git) Affected: 31d58c4e557d46fa7f8557714250fb6f89c941ae , < d4fc4d01471528da8a9797a065982e05090e1d81 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:01:01.673306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:16.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:23.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/coco/tdx/tdx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "25703a3c980e21548774eea8c8a87a75c5c8f58c",
"status": "affected",
"version": "31d58c4e557d46fa7f8557714250fb6f89c941ae",
"versionType": "git"
},
{
"lessThan": "4c0c5dcb5471de5fc8f0a1c4980e5815339e1cee",
"status": "affected",
"version": "31d58c4e557d46fa7f8557714250fb6f89c941ae",
"versionType": "git"
},
{
"lessThan": "18ecd5b74682839e7cdafb7cd1ec106df7baa18c",
"status": "affected",
"version": "31d58c4e557d46fa7f8557714250fb6f89c941ae",
"versionType": "git"
},
{
"lessThan": "bca2e29f7e26ce7c3522f8b324c0bd85612f68e3",
"status": "affected",
"version": "31d58c4e557d46fa7f8557714250fb6f89c941ae",
"versionType": "git"
},
{
"lessThan": "d4fc4d01471528da8a9797a065982e05090e1d81",
"status": "affected",
"version": "31d58c4e557d46fa7f8557714250fb6f89c941ae",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/coco/tdx/tdx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Fix \"in-kernel MMIO\" check\n\nTDX only supports kernel-initiated MMIO operations. The handle_mmio()\nfunction checks if the #VE exception occurred in the kernel and rejects\nthe operation if it did not.\n\nHowever, userspace can deceive the kernel into performing MMIO on its\nbehalf. For example, if userspace can point a syscall to an MMIO address,\nsyscall does get_user() or put_user() on it, triggering MMIO #VE. The\nkernel will treat the #VE as in-kernel MMIO.\n\nEnsure that the target MMIO address is within the kernel before decoding\ninstruction."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:38:22.222Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/25703a3c980e21548774eea8c8a87a75c5c8f58c"
},
{
"url": "https://git.kernel.org/stable/c/4c0c5dcb5471de5fc8f0a1c4980e5815339e1cee"
},
{
"url": "https://git.kernel.org/stable/c/18ecd5b74682839e7cdafb7cd1ec106df7baa18c"
},
{
"url": "https://git.kernel.org/stable/c/bca2e29f7e26ce7c3522f8b324c0bd85612f68e3"
},
{
"url": "https://git.kernel.org/stable/c/d4fc4d01471528da8a9797a065982e05090e1d81"
}
],
"title": "x86/tdx: Fix \"in-kernel MMIO\" check",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47727",
"datePublished": "2024-10-21T12:14:00.330Z",
"dateReserved": "2024-09-30T16:00:12.957Z",
"dateUpdated": "2025-11-03T22:21:23.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49890 (GCVE-0-2024-49890)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 22:22
VLAI?
EPSS
Title
drm/amd/pm: ensure the fw_info is not null before using it
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: ensure the fw_info is not null before using it
This resolves the dereference null return value warning
reported by Coverity.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
3bace359149391c6547cefe3bf729f365bcf3ef6 , < 29f388945770bd0a6c82711436b2bc98b0dfac92
(git)
Affected: 3bace359149391c6547cefe3bf729f365bcf3ef6 , < 9550d8d6f19fac7623f044ae8d9503825b325497 (git) Affected: 3bace359149391c6547cefe3bf729f365bcf3ef6 , < fd5f4ac1a986f0e7e9fa019201b5890554f87bcf (git) Affected: 3bace359149391c6547cefe3bf729f365bcf3ef6 , < b511474f49588cdca355ebfce54e7eddbf7b75a5 (git) Affected: 3bace359149391c6547cefe3bf729f365bcf3ef6 , < 8adf4408d482faa51b2c14e60bfd9946ec1911a4 (git) Affected: 3bace359149391c6547cefe3bf729f365bcf3ef6 , < 016bf0294b401246471c6710c6bf9251616228b6 (git) Affected: 3bace359149391c6547cefe3bf729f365bcf3ef6 , < 186fb12e7a7b038c2710ceb2fb74068f1b5d55a4 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49890",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:44:27.910484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:49.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:55.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/processpptables.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "29f388945770bd0a6c82711436b2bc98b0dfac92",
"status": "affected",
"version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
"versionType": "git"
},
{
"lessThan": "9550d8d6f19fac7623f044ae8d9503825b325497",
"status": "affected",
"version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
"versionType": "git"
},
{
"lessThan": "fd5f4ac1a986f0e7e9fa019201b5890554f87bcf",
"status": "affected",
"version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
"versionType": "git"
},
{
"lessThan": "b511474f49588cdca355ebfce54e7eddbf7b75a5",
"status": "affected",
"version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
"versionType": "git"
},
{
"lessThan": "8adf4408d482faa51b2c14e60bfd9946ec1911a4",
"status": "affected",
"version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
"versionType": "git"
},
{
"lessThan": "016bf0294b401246471c6710c6bf9251616228b6",
"status": "affected",
"version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
"versionType": "git"
},
{
"lessThan": "186fb12e7a7b038c2710ceb2fb74068f1b5d55a4",
"status": "affected",
"version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/processpptables.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.5"
},
{
"lessThan": "4.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: ensure the fw_info is not null before using it\n\nThis resolves the dereference null return value warning\nreported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:18.406Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/29f388945770bd0a6c82711436b2bc98b0dfac92"
},
{
"url": "https://git.kernel.org/stable/c/9550d8d6f19fac7623f044ae8d9503825b325497"
},
{
"url": "https://git.kernel.org/stable/c/fd5f4ac1a986f0e7e9fa019201b5890554f87bcf"
},
{
"url": "https://git.kernel.org/stable/c/b511474f49588cdca355ebfce54e7eddbf7b75a5"
},
{
"url": "https://git.kernel.org/stable/c/8adf4408d482faa51b2c14e60bfd9946ec1911a4"
},
{
"url": "https://git.kernel.org/stable/c/016bf0294b401246471c6710c6bf9251616228b6"
},
{
"url": "https://git.kernel.org/stable/c/186fb12e7a7b038c2710ceb2fb74068f1b5d55a4"
}
],
"title": "drm/amd/pm: ensure the fw_info is not null before using it",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49890",
"datePublished": "2024-10-21T18:01:25.634Z",
"dateReserved": "2024-10-21T12:17:06.025Z",
"dateUpdated": "2025-11-03T22:22:55.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47692 (GCVE-0-2024-47692)
Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-11-03 22:20
VLAI?
EPSS
Title
nfsd: return -EINVAL when namelen is 0
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfsd: return -EINVAL when namelen is 0
When we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may
result in namelen being 0, which will cause memdup_user() to return
ZERO_SIZE_PTR.
When we access the name.data that has been assigned the value of
ZERO_SIZE_PTR in nfs4_client_to_reclaim(), null pointer dereference is
triggered.
[ T1205] ==================================================================
[ T1205] BUG: KASAN: null-ptr-deref in nfs4_client_to_reclaim+0xe9/0x260
[ T1205] Read of size 1 at addr 0000000000000010 by task nfsdcld/1205
[ T1205]
[ T1205] CPU: 11 PID: 1205 Comm: nfsdcld Not tainted 5.10.0-00003-g2c1423731b8d #406
[ T1205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014
[ T1205] Call Trace:
[ T1205] dump_stack+0x9a/0xd0
[ T1205] ? nfs4_client_to_reclaim+0xe9/0x260
[ T1205] __kasan_report.cold+0x34/0x84
[ T1205] ? nfs4_client_to_reclaim+0xe9/0x260
[ T1205] kasan_report+0x3a/0x50
[ T1205] nfs4_client_to_reclaim+0xe9/0x260
[ T1205] ? nfsd4_release_lockowner+0x410/0x410
[ T1205] cld_pipe_downcall+0x5ca/0x760
[ T1205] ? nfsd4_cld_tracking_exit+0x1d0/0x1d0
[ T1205] ? down_write_killable_nested+0x170/0x170
[ T1205] ? avc_policy_seqno+0x28/0x40
[ T1205] ? selinux_file_permission+0x1b4/0x1e0
[ T1205] rpc_pipe_write+0x84/0xb0
[ T1205] vfs_write+0x143/0x520
[ T1205] ksys_write+0xc9/0x170
[ T1205] ? __ia32_sys_read+0x50/0x50
[ T1205] ? ktime_get_coarse_real_ts64+0xfe/0x110
[ T1205] ? ktime_get_coarse_real_ts64+0xa2/0x110
[ T1205] do_syscall_64+0x33/0x40
[ T1205] entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ T1205] RIP: 0033:0x7fdbdb761bc7
[ T1205] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 514
[ T1205] RSP: 002b:00007fff8c4b7248 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ T1205] RAX: ffffffffffffffda RBX: 000000000000042b RCX: 00007fdbdb761bc7
[ T1205] RDX: 000000000000042b RSI: 00007fff8c4b75f0 RDI: 0000000000000008
[ T1205] RBP: 00007fdbdb761bb0 R08: 0000000000000000 R09: 0000000000000001
[ T1205] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000042b
[ T1205] R13: 0000000000000008 R14: 00007fff8c4b75f0 R15: 0000000000000000
[ T1205] ==================================================================
Fix it by checking namelen.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
74725959c33c14114fdce1e36e3504d106584d53 , < 6d07040ae5c2214e39c7444d898039c9e655a79a
(git)
Affected: 74725959c33c14114fdce1e36e3504d106584d53 , < 0f1d007bbea38a61cf9c5392708dc70ae9d84a3d (git) Affected: 74725959c33c14114fdce1e36e3504d106584d53 , < b7b7a8df41ef18862dd6b22289fb46c2c12398af (git) Affected: 74725959c33c14114fdce1e36e3504d106584d53 , < 84a563d136faf514fdad1ade28d7a142fd313cb8 (git) Affected: 74725959c33c14114fdce1e36e3504d106584d53 , < 318f70857caab3da9a6ada9bc8c1f4f7591b695e (git) Affected: 74725959c33c14114fdce1e36e3504d106584d53 , < 766d5fbd78f7a52b3888449a0358760477b74602 (git) Affected: 74725959c33c14114fdce1e36e3504d106584d53 , < 1ff8be8d008b9ddc8e7043fbddd37d5d451b271b (git) Affected: 74725959c33c14114fdce1e36e3504d106584d53 , < 22451a16b7ab7debefce660672566be887db1637 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47692",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:05:46.297189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:14:14.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:20:56.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfsd/nfs4recover.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6d07040ae5c2214e39c7444d898039c9e655a79a",
"status": "affected",
"version": "74725959c33c14114fdce1e36e3504d106584d53",
"versionType": "git"
},
{
"lessThan": "0f1d007bbea38a61cf9c5392708dc70ae9d84a3d",
"status": "affected",
"version": "74725959c33c14114fdce1e36e3504d106584d53",
"versionType": "git"
},
{
"lessThan": "b7b7a8df41ef18862dd6b22289fb46c2c12398af",
"status": "affected",
"version": "74725959c33c14114fdce1e36e3504d106584d53",
"versionType": "git"
},
{
"lessThan": "84a563d136faf514fdad1ade28d7a142fd313cb8",
"status": "affected",
"version": "74725959c33c14114fdce1e36e3504d106584d53",
"versionType": "git"
},
{
"lessThan": "318f70857caab3da9a6ada9bc8c1f4f7591b695e",
"status": "affected",
"version": "74725959c33c14114fdce1e36e3504d106584d53",
"versionType": "git"
},
{
"lessThan": "766d5fbd78f7a52b3888449a0358760477b74602",
"status": "affected",
"version": "74725959c33c14114fdce1e36e3504d106584d53",
"versionType": "git"
},
{
"lessThan": "1ff8be8d008b9ddc8e7043fbddd37d5d451b271b",
"status": "affected",
"version": "74725959c33c14114fdce1e36e3504d106584d53",
"versionType": "git"
},
{
"lessThan": "22451a16b7ab7debefce660672566be887db1637",
"status": "affected",
"version": "74725959c33c14114fdce1e36e3504d106584d53",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfsd/nfs4recover.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: return -EINVAL when namelen is 0\n\nWhen we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may\nresult in namelen being 0, which will cause memdup_user() to return\nZERO_SIZE_PTR.\nWhen we access the name.data that has been assigned the value of\nZERO_SIZE_PTR in nfs4_client_to_reclaim(), null pointer dereference is\ntriggered.\n\n[ T1205] ==================================================================\n[ T1205] BUG: KASAN: null-ptr-deref in nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] Read of size 1 at addr 0000000000000010 by task nfsdcld/1205\n[ T1205]\n[ T1205] CPU: 11 PID: 1205 Comm: nfsdcld Not tainted 5.10.0-00003-g2c1423731b8d #406\n[ T1205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014\n[ T1205] Call Trace:\n[ T1205] dump_stack+0x9a/0xd0\n[ T1205] ? nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] __kasan_report.cold+0x34/0x84\n[ T1205] ? nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] kasan_report+0x3a/0x50\n[ T1205] nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] ? nfsd4_release_lockowner+0x410/0x410\n[ T1205] cld_pipe_downcall+0x5ca/0x760\n[ T1205] ? nfsd4_cld_tracking_exit+0x1d0/0x1d0\n[ T1205] ? down_write_killable_nested+0x170/0x170\n[ T1205] ? avc_policy_seqno+0x28/0x40\n[ T1205] ? selinux_file_permission+0x1b4/0x1e0\n[ T1205] rpc_pipe_write+0x84/0xb0\n[ T1205] vfs_write+0x143/0x520\n[ T1205] ksys_write+0xc9/0x170\n[ T1205] ? __ia32_sys_read+0x50/0x50\n[ T1205] ? ktime_get_coarse_real_ts64+0xfe/0x110\n[ T1205] ? ktime_get_coarse_real_ts64+0xa2/0x110\n[ T1205] do_syscall_64+0x33/0x40\n[ T1205] entry_SYSCALL_64_after_hwframe+0x67/0xd1\n[ T1205] RIP: 0033:0x7fdbdb761bc7\n[ T1205] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 514\n[ T1205] RSP: 002b:00007fff8c4b7248 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ T1205] RAX: ffffffffffffffda RBX: 000000000000042b RCX: 00007fdbdb761bc7\n[ T1205] RDX: 000000000000042b RSI: 00007fff8c4b75f0 RDI: 0000000000000008\n[ T1205] RBP: 00007fdbdb761bb0 R08: 0000000000000000 R09: 0000000000000001\n[ T1205] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000042b\n[ T1205] R13: 0000000000000008 R14: 00007fff8c4b75f0 R15: 0000000000000000\n[ T1205] ==================================================================\n\nFix it by checking namelen."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:37:29.902Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6d07040ae5c2214e39c7444d898039c9e655a79a"
},
{
"url": "https://git.kernel.org/stable/c/0f1d007bbea38a61cf9c5392708dc70ae9d84a3d"
},
{
"url": "https://git.kernel.org/stable/c/b7b7a8df41ef18862dd6b22289fb46c2c12398af"
},
{
"url": "https://git.kernel.org/stable/c/84a563d136faf514fdad1ade28d7a142fd313cb8"
},
{
"url": "https://git.kernel.org/stable/c/318f70857caab3da9a6ada9bc8c1f4f7591b695e"
},
{
"url": "https://git.kernel.org/stable/c/766d5fbd78f7a52b3888449a0358760477b74602"
},
{
"url": "https://git.kernel.org/stable/c/1ff8be8d008b9ddc8e7043fbddd37d5d451b271b"
},
{
"url": "https://git.kernel.org/stable/c/22451a16b7ab7debefce660672566be887db1637"
}
],
"title": "nfsd: return -EINVAL when namelen is 0",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47692",
"datePublished": "2024-10-21T11:53:31.238Z",
"dateReserved": "2024-09-30T16:00:12.942Z",
"dateUpdated": "2025-11-03T22:20:56.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46811 (GCVE-0-2024-46811)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-07-11 17:20
VLAI?
EPSS
Title
drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box
[Why]
Coverity reports OVERRUN warning. soc.num_states could
be 40. But array range of bw_params->clk_table.entries is 8.
[How]
Assert if soc.num_states greater than 8.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 4003bac784380fed1f94f197350567eaa73a409d
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < aba188d6f4ebaf52acf13f204db2bd2c22072504 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 188fd1616ec43033cedbe343b6579e9921e2d898 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:19:04.715171Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:19:16.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dml/dcn302/dcn302_fpu.c",
"drivers/gpu/drm/amd/display/dc/dml/dcn303/dcn303_fpu.c",
"drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c",
"drivers/gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4003bac784380fed1f94f197350567eaa73a409d",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "aba188d6f4ebaf52acf13f204db2bd2c22072504",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "188fd1616ec43033cedbe343b6579e9921e2d898",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dml/dcn302/dcn302_fpu.c",
"drivers/gpu/drm/amd/display/dc/dml/dcn303/dcn303_fpu.c",
"drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c",
"drivers/gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.50",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.50",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box\n\n[Why]\nCoverity reports OVERRUN warning. soc.num_states could\nbe 40. But array range of bw_params-\u003eclk_table.entries is 8.\n\n[How]\nAssert if soc.num_states greater than 8."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:20:35.807Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4003bac784380fed1f94f197350567eaa73a409d"
},
{
"url": "https://git.kernel.org/stable/c/aba188d6f4ebaf52acf13f204db2bd2c22072504"
},
{
"url": "https://git.kernel.org/stable/c/188fd1616ec43033cedbe343b6579e9921e2d898"
}
],
"title": "drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46811",
"datePublished": "2024-09-27T12:35:54.445Z",
"dateReserved": "2024-09-11T15:12:18.283Z",
"dateUpdated": "2025-07-11T17:20:35.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50014 (GCVE-0-2024-50014)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:54 – Updated: 2026-01-05 10:54
VLAI?
EPSS
Title
ext4: fix access to uninitialised lock in fc replay path
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix access to uninitialised lock in fc replay path
The following kernel trace can be triggered with fstest generic/629 when
executed against a filesystem with fast-commit feature enabled:
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 0 PID: 866 Comm: mount Not tainted 6.10.0+ #11
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x66/0x90
register_lock_class+0x759/0x7d0
__lock_acquire+0x85/0x2630
? __find_get_block+0xb4/0x380
lock_acquire+0xd1/0x2d0
? __ext4_journal_get_write_access+0xd5/0x160
_raw_spin_lock+0x33/0x40
? __ext4_journal_get_write_access+0xd5/0x160
__ext4_journal_get_write_access+0xd5/0x160
ext4_reserve_inode_write+0x61/0xb0
__ext4_mark_inode_dirty+0x79/0x270
? ext4_ext_replay_set_iblocks+0x2f8/0x450
ext4_ext_replay_set_iblocks+0x330/0x450
ext4_fc_replay+0x14c8/0x1540
? jread+0x88/0x2e0
? rcu_is_watching+0x11/0x40
do_one_pass+0x447/0xd00
jbd2_journal_recover+0x139/0x1b0
jbd2_journal_load+0x96/0x390
ext4_load_and_init_journal+0x253/0xd40
ext4_fill_super+0x2cc6/0x3180
...
In the replay path there's an attempt to lock sbi->s_bdev_wb_lock in
function ext4_check_bdev_write_error(). Unfortunately, at this point this
spinlock has not been initialized yet. Moving it's initialization to an
earlier point in __ext4_fill_super() fixes this splat.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
01efe93a5aa20a19b390426718dc214898a7c2ec , < 6e35f560daebe40264c95e9a1ab03110d4997df6
(git)
Affected: 01efe93a5aa20a19b390426718dc214898a7c2ec , < d157fc20ca5239fd56965a5a8aa1a0e25919891a (git) Affected: 01efe93a5aa20a19b390426718dc214898a7c2ec , < b002031d585a14eed511117dda8c6452a804d508 (git) Affected: 01efe93a5aa20a19b390426718dc214898a7c2ec , < 23dfdb56581ad92a9967bcd720c8c23356af74c1 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:28:16.018937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:48.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:43:00.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6e35f560daebe40264c95e9a1ab03110d4997df6",
"status": "affected",
"version": "01efe93a5aa20a19b390426718dc214898a7c2ec",
"versionType": "git"
},
{
"lessThan": "d157fc20ca5239fd56965a5a8aa1a0e25919891a",
"status": "affected",
"version": "01efe93a5aa20a19b390426718dc214898a7c2ec",
"versionType": "git"
},
{
"lessThan": "b002031d585a14eed511117dda8c6452a804d508",
"status": "affected",
"version": "01efe93a5aa20a19b390426718dc214898a7c2ec",
"versionType": "git"
},
{
"lessThan": "23dfdb56581ad92a9967bcd720c8c23356af74c1",
"status": "affected",
"version": "01efe93a5aa20a19b390426718dc214898a7c2ec",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.75",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix access to uninitialised lock in fc replay path\n\nThe following kernel trace can be triggered with fstest generic/629 when\nexecuted against a filesystem with fast-commit feature enabled:\n\nINFO: trying to register non-static key.\nThe code is fine but needs lockdep annotation, or maybe\nyou didn\u0027t initialize this object before use?\nturning off the locking correctness validator.\nCPU: 0 PID: 866 Comm: mount Not tainted 6.10.0+ #11\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x66/0x90\n register_lock_class+0x759/0x7d0\n __lock_acquire+0x85/0x2630\n ? __find_get_block+0xb4/0x380\n lock_acquire+0xd1/0x2d0\n ? __ext4_journal_get_write_access+0xd5/0x160\n _raw_spin_lock+0x33/0x40\n ? __ext4_journal_get_write_access+0xd5/0x160\n __ext4_journal_get_write_access+0xd5/0x160\n ext4_reserve_inode_write+0x61/0xb0\n __ext4_mark_inode_dirty+0x79/0x270\n ? ext4_ext_replay_set_iblocks+0x2f8/0x450\n ext4_ext_replay_set_iblocks+0x330/0x450\n ext4_fc_replay+0x14c8/0x1540\n ? jread+0x88/0x2e0\n ? rcu_is_watching+0x11/0x40\n do_one_pass+0x447/0xd00\n jbd2_journal_recover+0x139/0x1b0\n jbd2_journal_load+0x96/0x390\n ext4_load_and_init_journal+0x253/0xd40\n ext4_fill_super+0x2cc6/0x3180\n...\n\nIn the replay path there\u0027s an attempt to lock sbi-\u003es_bdev_wb_lock in\nfunction ext4_check_bdev_write_error(). Unfortunately, at this point this\nspinlock has not been initialized yet. Moving it\u0027s initialization to an\nearlier point in __ext4_fill_super() fixes this splat."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:54:44.048Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6e35f560daebe40264c95e9a1ab03110d4997df6"
},
{
"url": "https://git.kernel.org/stable/c/d157fc20ca5239fd56965a5a8aa1a0e25919891a"
},
{
"url": "https://git.kernel.org/stable/c/b002031d585a14eed511117dda8c6452a804d508"
},
{
"url": "https://git.kernel.org/stable/c/23dfdb56581ad92a9967bcd720c8c23356af74c1"
}
],
"title": "ext4: fix access to uninitialised lock in fc replay path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50014",
"datePublished": "2024-10-21T18:54:05.764Z",
"dateReserved": "2024-10-21T12:17:06.062Z",
"dateUpdated": "2026-01-05T10:54:44.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52917 (GCVE-0-2023-52917)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:13 – Updated: 2025-03-03 08:12
VLAI?
EPSS
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-03-03T08:12:05.224Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52917",
"datePublished": "2024-10-21T12:13:56.253Z",
"dateRejected": "2025-03-03T08:12:05.224Z",
"dateReserved": "2024-08-21T06:07:11.017Z",
"dateUpdated": "2025-03-03T08:12:05.224Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47730 (GCVE-0-2024-47730)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
crypto: hisilicon/qm - inject error before stopping queue
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: hisilicon/qm - inject error before stopping queue
The master ooo cannot be completely closed when the
accelerator core reports memory error. Therefore, the driver
needs to inject the qm error to close the master ooo. Currently,
the qm error is injected after stopping queue, memory may be
released immediately after stopping queue, causing the device to
access the released memory. Therefore, error is injected to close master
ooo before stopping queue to ensure that the device does not access
the released memory.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
6c6dd5802c2d6769fa589c0e8de54299def199a7 , < 85e81103033324d7a271dafb584991da39554a89
(git)
Affected: 6c6dd5802c2d6769fa589c0e8de54299def199a7 , < 801d64177faaec184cee1e1aa4d8487df1364a54 (git) Affected: 6c6dd5802c2d6769fa589c0e8de54299def199a7 , < 98d3be34c9153eceadb56de50d9f9347e88d86e4 (git) Affected: 6c6dd5802c2d6769fa589c0e8de54299def199a7 , < aa3e0db35a60002fb34ef0e4ad203aa59fd00203 (git) Affected: 6c6dd5802c2d6769fa589c0e8de54299def199a7 , < f8024f12752e32ffbbf59e1c09d949f977ff743f (git) Affected: 6c6dd5802c2d6769fa589c0e8de54299def199a7 , < c5f5b813e546f7fe133539c3d7a5086cc8dd2aa1 (git) Affected: 6c6dd5802c2d6769fa589c0e8de54299def199a7 , < b04f06fc0243600665b3b50253869533b7938468 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:00:38.367655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:16.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:26.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/hisilicon/qm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "85e81103033324d7a271dafb584991da39554a89",
"status": "affected",
"version": "6c6dd5802c2d6769fa589c0e8de54299def199a7",
"versionType": "git"
},
{
"lessThan": "801d64177faaec184cee1e1aa4d8487df1364a54",
"status": "affected",
"version": "6c6dd5802c2d6769fa589c0e8de54299def199a7",
"versionType": "git"
},
{
"lessThan": "98d3be34c9153eceadb56de50d9f9347e88d86e4",
"status": "affected",
"version": "6c6dd5802c2d6769fa589c0e8de54299def199a7",
"versionType": "git"
},
{
"lessThan": "aa3e0db35a60002fb34ef0e4ad203aa59fd00203",
"status": "affected",
"version": "6c6dd5802c2d6769fa589c0e8de54299def199a7",
"versionType": "git"
},
{
"lessThan": "f8024f12752e32ffbbf59e1c09d949f977ff743f",
"status": "affected",
"version": "6c6dd5802c2d6769fa589c0e8de54299def199a7",
"versionType": "git"
},
{
"lessThan": "c5f5b813e546f7fe133539c3d7a5086cc8dd2aa1",
"status": "affected",
"version": "6c6dd5802c2d6769fa589c0e8de54299def199a7",
"versionType": "git"
},
{
"lessThan": "b04f06fc0243600665b3b50253869533b7938468",
"status": "affected",
"version": "6c6dd5802c2d6769fa589c0e8de54299def199a7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/hisilicon/qm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/qm - inject error before stopping queue\n\nThe master ooo cannot be completely closed when the\naccelerator core reports memory error. Therefore, the driver\nneeds to inject the qm error to close the master ooo. Currently,\nthe qm error is injected after stopping queue, memory may be\nreleased immediately after stopping queue, causing the device to\naccess the released memory. Therefore, error is injected to close master\nooo before stopping queue to ensure that the device does not access\nthe released memory."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:38:26.750Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/85e81103033324d7a271dafb584991da39554a89"
},
{
"url": "https://git.kernel.org/stable/c/801d64177faaec184cee1e1aa4d8487df1364a54"
},
{
"url": "https://git.kernel.org/stable/c/98d3be34c9153eceadb56de50d9f9347e88d86e4"
},
{
"url": "https://git.kernel.org/stable/c/aa3e0db35a60002fb34ef0e4ad203aa59fd00203"
},
{
"url": "https://git.kernel.org/stable/c/f8024f12752e32ffbbf59e1c09d949f977ff743f"
},
{
"url": "https://git.kernel.org/stable/c/c5f5b813e546f7fe133539c3d7a5086cc8dd2aa1"
},
{
"url": "https://git.kernel.org/stable/c/b04f06fc0243600665b3b50253869533b7938468"
}
],
"title": "crypto: hisilicon/qm - inject error before stopping queue",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47730",
"datePublished": "2024-10-21T12:14:02.378Z",
"dateReserved": "2024-09-30T16:00:12.957Z",
"dateUpdated": "2025-11-03T22:21:26.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46770 (GCVE-0-2024-46770)
Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2025-11-03 22:18
VLAI?
EPSS
Title
ice: Add netif_device_attach/detach into PF reset flow
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: Add netif_device_attach/detach into PF reset flow
Ethtool callbacks can be executed while reset is in progress and try to
access deleted resources, e.g. getting coalesce settings can result in a
NULL pointer dereference seen below.
Reproduction steps:
Once the driver is fully initialized, trigger reset:
# echo 1 > /sys/class/net/<interface>/device/reset
when reset is in progress try to get coalesce settings using ethtool:
# ethtool -c <interface>
BUG: kernel NULL pointer dereference, address: 0000000000000020
PGD 0 P4D 0
Oops: Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 11 PID: 19713 Comm: ethtool Tainted: G S 6.10.0-rc7+ #7
RIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice]
RSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206
RAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000
R13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40
FS: 00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0
Call Trace:
<TASK>
ice_get_coalesce+0x17/0x30 [ice]
coalesce_prepare_data+0x61/0x80
ethnl_default_doit+0xde/0x340
genl_family_rcv_msg_doit+0xf2/0x150
genl_rcv_msg+0x1b3/0x2c0
netlink_rcv_skb+0x5b/0x110
genl_rcv+0x28/0x40
netlink_unicast+0x19c/0x290
netlink_sendmsg+0x222/0x490
__sys_sendto+0x1df/0x1f0
__x64_sys_sendto+0x24/0x30
do_syscall_64+0x82/0x160
entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7faee60d8e27
Calling netif_device_detach() before reset makes the net core not call
the driver when ethtool command is issued, the attempt to execute an
ethtool command during reset will result in the following message:
netlink error: No such device
instead of NULL pointer dereference. Once reset is done and
ice_rebuild() is executing, the netif_device_attach() is called to allow
for ethtool operations to occur again in a safe manner.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
fcea6f3da546b93050f3534aadea7bd96c1d7349 , < 9e3ffb839249eca113062587659224f856fe14e5
(git)
Affected: fcea6f3da546b93050f3534aadea7bd96c1d7349 , < efe8effe138044a4747d1112ebb8c454d1663723 (git) Affected: fcea6f3da546b93050f3534aadea7bd96c1d7349 , < 36486c9e8e01b84faaee47203eac0b7e9cc7fa4a (git) Affected: fcea6f3da546b93050f3534aadea7bd96c1d7349 , < d11a67634227f9f9da51938af085fb41a733848f (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:40:57.539269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:41:12.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:18:10.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9e3ffb839249eca113062587659224f856fe14e5",
"status": "affected",
"version": "fcea6f3da546b93050f3534aadea7bd96c1d7349",
"versionType": "git"
},
{
"lessThan": "efe8effe138044a4747d1112ebb8c454d1663723",
"status": "affected",
"version": "fcea6f3da546b93050f3534aadea7bd96c1d7349",
"versionType": "git"
},
{
"lessThan": "36486c9e8e01b84faaee47203eac0b7e9cc7fa4a",
"status": "affected",
"version": "fcea6f3da546b93050f3534aadea7bd96c1d7349",
"versionType": "git"
},
{
"lessThan": "d11a67634227f9f9da51938af085fb41a733848f",
"status": "affected",
"version": "fcea6f3da546b93050f3534aadea7bd96c1d7349",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.110",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add netif_device_attach/detach into PF reset flow\n\nEthtool callbacks can be executed while reset is in progress and try to\naccess deleted resources, e.g. getting coalesce settings can result in a\nNULL pointer dereference seen below.\n\nReproduction steps:\nOnce the driver is fully initialized, trigger reset:\n\t# echo 1 \u003e /sys/class/net/\u003cinterface\u003e/device/reset\nwhen reset is in progress try to get coalesce settings using ethtool:\n\t# ethtool -c \u003cinterface\u003e\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP PTI\nCPU: 11 PID: 19713 Comm: ethtool Tainted: G S 6.10.0-rc7+ #7\nRIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice]\nRSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206\nRAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000\nR13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40\nFS: 00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0\nCall Trace:\n\u003cTASK\u003e\nice_get_coalesce+0x17/0x30 [ice]\ncoalesce_prepare_data+0x61/0x80\nethnl_default_doit+0xde/0x340\ngenl_family_rcv_msg_doit+0xf2/0x150\ngenl_rcv_msg+0x1b3/0x2c0\nnetlink_rcv_skb+0x5b/0x110\ngenl_rcv+0x28/0x40\nnetlink_unicast+0x19c/0x290\nnetlink_sendmsg+0x222/0x490\n__sys_sendto+0x1df/0x1f0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x82/0x160\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7faee60d8e27\n\nCalling netif_device_detach() before reset makes the net core not call\nthe driver when ethtool command is issued, the attempt to execute an\nethtool command during reset will result in the following message:\n\n netlink error: No such device\n\ninstead of NULL pointer dereference. Once reset is done and\nice_rebuild() is executing, the netif_device_attach() is called to allow\nfor ethtool operations to occur again in a safe manner."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:33:52.751Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9e3ffb839249eca113062587659224f856fe14e5"
},
{
"url": "https://git.kernel.org/stable/c/efe8effe138044a4747d1112ebb8c454d1663723"
},
{
"url": "https://git.kernel.org/stable/c/36486c9e8e01b84faaee47203eac0b7e9cc7fa4a"
},
{
"url": "https://git.kernel.org/stable/c/d11a67634227f9f9da51938af085fb41a733848f"
}
],
"title": "ice: Add netif_device_attach/detach into PF reset flow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46770",
"datePublished": "2024-09-18T07:12:28.607Z",
"dateReserved": "2024-09-11T15:12:18.274Z",
"dateUpdated": "2025-11-03T22:18:10.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49855 (GCVE-0-2024-49855)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:18 – Updated: 2025-11-03 22:22
VLAI?
EPSS
Title
nbd: fix race between timeout and normal completion
Summary
In the Linux kernel, the following vulnerability has been resolved:
nbd: fix race between timeout and normal completion
If request timetout is handled by nbd_requeue_cmd(), normal completion
has to be stopped for avoiding to complete this requeued request, other
use-after-free can be triggered.
Fix the race by clearing NBD_CMD_INFLIGHT in nbd_requeue_cmd(), meantime
make sure that cmd->lock is grabbed for clearing the flag and the
requeue.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
2895f1831e911ca87d4efdf43e35eb72a0c7e66e , < 9c25faf72d780a9c71081710cd48759d61ff6e9b
(git)
Affected: 2895f1831e911ca87d4efdf43e35eb72a0c7e66e , < 6e73b946a379a1dfbb62626af93843bdfb53753d (git) Affected: 2895f1831e911ca87d4efdf43e35eb72a0c7e66e , < 5236ada8ebbd9e7461f17477357582f5be4f46f7 (git) Affected: 2895f1831e911ca87d4efdf43e35eb72a0c7e66e , < 9a74c3e6c0d686c26ba2aab66d15ddb89dc139cc (git) Affected: 2895f1831e911ca87d4efdf43e35eb72a0c7e66e , < c9ea57c91f03bcad415e1a20113bdb2077bcf990 (git) Affected: cdf62c535a9bfd5ff0eef4b91669da39d8abc0c3 (git) Affected: 5171ef20bae852ff38f4cfdb368bcdcc744776d0 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:56:24.992815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:11.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:24.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/block/nbd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9c25faf72d780a9c71081710cd48759d61ff6e9b",
"status": "affected",
"version": "2895f1831e911ca87d4efdf43e35eb72a0c7e66e",
"versionType": "git"
},
{
"lessThan": "6e73b946a379a1dfbb62626af93843bdfb53753d",
"status": "affected",
"version": "2895f1831e911ca87d4efdf43e35eb72a0c7e66e",
"versionType": "git"
},
{
"lessThan": "5236ada8ebbd9e7461f17477357582f5be4f46f7",
"status": "affected",
"version": "2895f1831e911ca87d4efdf43e35eb72a0c7e66e",
"versionType": "git"
},
{
"lessThan": "9a74c3e6c0d686c26ba2aab66d15ddb89dc139cc",
"status": "affected",
"version": "2895f1831e911ca87d4efdf43e35eb72a0c7e66e",
"versionType": "git"
},
{
"lessThan": "c9ea57c91f03bcad415e1a20113bdb2077bcf990",
"status": "affected",
"version": "2895f1831e911ca87d4efdf43e35eb72a0c7e66e",
"versionType": "git"
},
{
"status": "affected",
"version": "cdf62c535a9bfd5ff0eef4b91669da39d8abc0c3",
"versionType": "git"
},
{
"status": "affected",
"version": "5171ef20bae852ff38f4cfdb368bcdcc744776d0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/block/nbd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.18.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix race between timeout and normal completion\n\nIf request timetout is handled by nbd_requeue_cmd(), normal completion\nhas to be stopped for avoiding to complete this requeued request, other\nuse-after-free can be triggered.\n\nFix the race by clearing NBD_CMD_INFLIGHT in nbd_requeue_cmd(), meantime\nmake sure that cmd-\u003elock is grabbed for clearing the flag and the\nrequeue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:59:09.061Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9c25faf72d780a9c71081710cd48759d61ff6e9b"
},
{
"url": "https://git.kernel.org/stable/c/6e73b946a379a1dfbb62626af93843bdfb53753d"
},
{
"url": "https://git.kernel.org/stable/c/5236ada8ebbd9e7461f17477357582f5be4f46f7"
},
{
"url": "https://git.kernel.org/stable/c/9a74c3e6c0d686c26ba2aab66d15ddb89dc139cc"
},
{
"url": "https://git.kernel.org/stable/c/c9ea57c91f03bcad415e1a20113bdb2077bcf990"
}
],
"title": "nbd: fix race between timeout and normal completion",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49855",
"datePublished": "2024-10-21T12:18:47.391Z",
"dateReserved": "2024-10-21T12:17:06.016Z",
"dateUpdated": "2025-11-03T22:22:24.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48975 (GCVE-0-2022-48975)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
gpiolib: fix memory leak in gpiochip_setup_dev()
Summary
In the Linux kernel, the following vulnerability has been resolved:
gpiolib: fix memory leak in gpiochip_setup_dev()
Here is a backtrace report about memory leak detected in
gpiochip_setup_dev():
unreferenced object 0xffff88810b406400 (size 512):
comm "python3", pid 1682, jiffies 4295346908 (age 24.090s)
backtrace:
kmalloc_trace
device_add device_private_init at drivers/base/core.c:3361
(inlined by) device_add at drivers/base/core.c:3411
cdev_device_add
gpiolib_cdev_register
gpiochip_setup_dev
gpiochip_add_data_with_key
gcdev_register() & gcdev_unregister() would call device_add() &
device_del() (no matter CONFIG_GPIO_CDEV is enabled or not) to
register/unregister device.
However, if device_add() succeeds, some resource (like
struct device_private allocated by device_private_init())
is not released by device_del().
Therefore, after device_add() succeeds by gcdev_register(), it
needs to call put_device() to release resource in the error handle
path.
Here we move forward the register of release function, and let it
release every piece of resource by put_device() instead of kfree().
While at it, fix another subtle issue, i.e. when gc->ngpio is equal
to 0, we still call kcalloc() and, in case of further error, kfree()
on the ZERO_PTR pointer, which is not NULL. It's not a bug per se,
but rather waste of the resources and potentially wrong expectation
about contents of the gdev->descs variable.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
159f3cd92f17c61a4e2a47456de5865b114ef88e , < 6daaa84b621485fe28c401be18debf92ae8ef04a
(git)
Affected: 159f3cd92f17c61a4e2a47456de5865b114ef88e , < 371363716398ed718e389bea8c5e9843a79dde4e (git) Affected: 159f3cd92f17c61a4e2a47456de5865b114ef88e , < ec851b23084b3a0af8bf0f5e51d33a8d678bdc49 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:18:35.922105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:37.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpiolib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6daaa84b621485fe28c401be18debf92ae8ef04a",
"status": "affected",
"version": "159f3cd92f17c61a4e2a47456de5865b114ef88e",
"versionType": "git"
},
{
"lessThan": "371363716398ed718e389bea8c5e9843a79dde4e",
"status": "affected",
"version": "159f3cd92f17c61a4e2a47456de5865b114ef88e",
"versionType": "git"
},
{
"lessThan": "ec851b23084b3a0af8bf0f5e51d33a8d678bdc49",
"status": "affected",
"version": "159f3cd92f17c61a4e2a47456de5865b114ef88e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpiolib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.6"
},
{
"lessThan": "4.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: fix memory leak in gpiochip_setup_dev()\n\nHere is a backtrace report about memory leak detected in\ngpiochip_setup_dev():\n\nunreferenced object 0xffff88810b406400 (size 512):\n comm \"python3\", pid 1682, jiffies 4295346908 (age 24.090s)\n backtrace:\n kmalloc_trace\n device_add\t\tdevice_private_init at drivers/base/core.c:3361\n\t\t\t(inlined by) device_add at drivers/base/core.c:3411\n cdev_device_add\n gpiolib_cdev_register\n gpiochip_setup_dev\n gpiochip_add_data_with_key\n\ngcdev_register() \u0026 gcdev_unregister() would call device_add() \u0026\ndevice_del() (no matter CONFIG_GPIO_CDEV is enabled or not) to\nregister/unregister device.\n\nHowever, if device_add() succeeds, some resource (like\nstruct device_private allocated by device_private_init())\nis not released by device_del().\n\nTherefore, after device_add() succeeds by gcdev_register(), it\nneeds to call put_device() to release resource in the error handle\npath.\n\nHere we move forward the register of release function, and let it\nrelease every piece of resource by put_device() instead of kfree().\n\nWhile at it, fix another subtle issue, i.e. when gc-\u003engpio is equal\nto 0, we still call kcalloc() and, in case of further error, kfree()\non the ZERO_PTR pointer, which is not NULL. It\u0027s not a bug per se,\nbut rather waste of the resources and potentially wrong expectation\nabout contents of the gdev-\u003edescs variable."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:14.777Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6daaa84b621485fe28c401be18debf92ae8ef04a"
},
{
"url": "https://git.kernel.org/stable/c/371363716398ed718e389bea8c5e9843a79dde4e"
},
{
"url": "https://git.kernel.org/stable/c/ec851b23084b3a0af8bf0f5e51d33a8d678bdc49"
}
],
"title": "gpiolib: fix memory leak in gpiochip_setup_dev()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48975",
"datePublished": "2024-10-21T20:05:55.091Z",
"dateReserved": "2024-08-22T01:27:53.631Z",
"dateUpdated": "2025-05-04T08:27:14.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47416 (GCVE-0-2021-47416)
Vulnerability from cvelistv5 – Published: 2024-05-21 15:04 – Updated: 2025-05-04 07:10
VLAI?
EPSS
Title
phy: mdio: fix memory leak
Summary
In the Linux kernel, the following vulnerability has been resolved:
phy: mdio: fix memory leak
Syzbot reported memory leak in MDIO bus interface, the problem was in
wrong state logic.
MDIOBUS_ALLOCATED indicates 2 states:
1. Bus is only allocated
2. Bus allocated and __mdiobus_register() fails, but
device_register() was called
In case of device_register() has been called we should call put_device()
to correctly free the memory allocated for this device, but mdiobus_free()
calls just kfree(dev) in case of MDIOBUS_ALLOCATED state
To avoid this behaviour we need to set bus->state to MDIOBUS_UNREGISTERED
_before_ calling device_register(), because put_device() should be
called even in case of device_register() failure.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
46abc02175b3c246dd5141d878f565a8725060c9 , < 25e9f88c7e3cc35f5e3d3db199660d28a15df639
(git)
Affected: 46abc02175b3c246dd5141d878f565a8725060c9 , < 2250392d930bd0d989f24d355d6355b0150256e7 (git) Affected: 46abc02175b3c246dd5141d878f565a8725060c9 , < f4f502a04ee1e543825af78f47eb7785015cd9f6 (git) Affected: 46abc02175b3c246dd5141d878f565a8725060c9 , < 2397b9e118721292429fea8807a698e71b94795f (git) Affected: 46abc02175b3c246dd5141d878f565a8725060c9 , < 414bb4ead1362ef2c8592db723c017258f213988 (git) Affected: 46abc02175b3c246dd5141d878f565a8725060c9 , < 0d2dd40a7be61b89a7c99dae8ee96389d27b413a (git) Affected: 46abc02175b3c246dd5141d878f565a8725060c9 , < 064c2616234a7394867c924b5c1303974f3a4f4d (git) Affected: 46abc02175b3c246dd5141d878f565a8725060c9 , < ca6e11c337daf7925ff8a2aac8e84490a8691905 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47416",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T17:32:44.904318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:14.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:39:59.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25e9f88c7e3cc35f5e3d3db199660d28a15df639"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2250392d930bd0d989f24d355d6355b0150256e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f4f502a04ee1e543825af78f47eb7785015cd9f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2397b9e118721292429fea8807a698e71b94795f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/414bb4ead1362ef2c8592db723c017258f213988"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d2dd40a7be61b89a7c99dae8ee96389d27b413a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/064c2616234a7394867c924b5c1303974f3a4f4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca6e11c337daf7925ff8a2aac8e84490a8691905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/phy/mdio_bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "25e9f88c7e3cc35f5e3d3db199660d28a15df639",
"status": "affected",
"version": "46abc02175b3c246dd5141d878f565a8725060c9",
"versionType": "git"
},
{
"lessThan": "2250392d930bd0d989f24d355d6355b0150256e7",
"status": "affected",
"version": "46abc02175b3c246dd5141d878f565a8725060c9",
"versionType": "git"
},
{
"lessThan": "f4f502a04ee1e543825af78f47eb7785015cd9f6",
"status": "affected",
"version": "46abc02175b3c246dd5141d878f565a8725060c9",
"versionType": "git"
},
{
"lessThan": "2397b9e118721292429fea8807a698e71b94795f",
"status": "affected",
"version": "46abc02175b3c246dd5141d878f565a8725060c9",
"versionType": "git"
},
{
"lessThan": "414bb4ead1362ef2c8592db723c017258f213988",
"status": "affected",
"version": "46abc02175b3c246dd5141d878f565a8725060c9",
"versionType": "git"
},
{
"lessThan": "0d2dd40a7be61b89a7c99dae8ee96389d27b413a",
"status": "affected",
"version": "46abc02175b3c246dd5141d878f565a8725060c9",
"versionType": "git"
},
{
"lessThan": "064c2616234a7394867c924b5c1303974f3a4f4d",
"status": "affected",
"version": "46abc02175b3c246dd5141d878f565a8725060c9",
"versionType": "git"
},
{
"lessThan": "ca6e11c337daf7925ff8a2aac8e84490a8691905",
"status": "affected",
"version": "46abc02175b3c246dd5141d878f565a8725060c9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/phy/mdio_bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.28"
},
{
"lessThan": "2.6.28",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.289",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.287",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.251",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.73",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.14.*",
"status": "unaffected",
"version": "5.14.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.289",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.287",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.251",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.211",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.153",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.73",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14.12",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15",
"versionStartIncluding": "2.6.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: mdio: fix memory leak\n\nSyzbot reported memory leak in MDIO bus interface, the problem was in\nwrong state logic.\n\nMDIOBUS_ALLOCATED indicates 2 states:\n\t1. Bus is only allocated\n\t2. Bus allocated and __mdiobus_register() fails, but\n\t device_register() was called\n\nIn case of device_register() has been called we should call put_device()\nto correctly free the memory allocated for this device, but mdiobus_free()\ncalls just kfree(dev) in case of MDIOBUS_ALLOCATED state\n\nTo avoid this behaviour we need to set bus-\u003estate to MDIOBUS_UNREGISTERED\n_before_ calling device_register(), because put_device() should be\ncalled even in case of device_register() failure."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:10:28.073Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/25e9f88c7e3cc35f5e3d3db199660d28a15df639"
},
{
"url": "https://git.kernel.org/stable/c/2250392d930bd0d989f24d355d6355b0150256e7"
},
{
"url": "https://git.kernel.org/stable/c/f4f502a04ee1e543825af78f47eb7785015cd9f6"
},
{
"url": "https://git.kernel.org/stable/c/2397b9e118721292429fea8807a698e71b94795f"
},
{
"url": "https://git.kernel.org/stable/c/414bb4ead1362ef2c8592db723c017258f213988"
},
{
"url": "https://git.kernel.org/stable/c/0d2dd40a7be61b89a7c99dae8ee96389d27b413a"
},
{
"url": "https://git.kernel.org/stable/c/064c2616234a7394867c924b5c1303974f3a4f4d"
},
{
"url": "https://git.kernel.org/stable/c/ca6e11c337daf7925ff8a2aac8e84490a8691905"
}
],
"title": "phy: mdio: fix memory leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47416",
"datePublished": "2024-05-21T15:04:06.042Z",
"dateReserved": "2024-05-21T14:58:30.818Z",
"dateUpdated": "2025-05-04T07:10:28.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49996 (GCVE-0-2024-49996)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 20:42
VLAI?
EPSS
Title
cifs: Fix buffer overflow when parsing NFS reparse points
Summary
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix buffer overflow when parsing NFS reparse points
ReparseDataLength is sum of the InodeType size and DataBuffer size.
So to get DataBuffer size it is needed to subtract InodeType's size from
ReparseDataLength.
Function cifs_strndup_from_utf16() is currentlly accessing buf->DataBuffer
at position after the end of the buffer because it does not subtract
InodeType size from the length. Fix this problem and correctly subtract
variable len.
Member InodeType is present only when reparse buffer is large enough. Check
for ReparseDataLength before accessing InodeType to prevent another invalid
memory access.
Major and minor rdev values are present also only when reparse buffer is
large enough. Check for reparse buffer size before calling reparse_mkdev().
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
d5ecebc4900df7f6e8dff0717574668885110553 , < 7b222d6cb87077faf56a687a72af1951cf78c8a9
(git)
Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < 73b078e3314d4854fd8286f3ba65c860ddd3a3dd (git) Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < 01cdddde39b065074fd48f07027757783cbf5b7d (git) Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < ec79e6170bcae8a6036a4b6960f5e7e59a785601 (git) Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < c6db81c550cea0c73bd72ef55f579991e0e4ba07 (git) Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < 803b3a39cb096d8718c0aebc03fd19f11c7dc919 (git) Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < c173d47b69f07cd7ca08efb4e458adbd4725d8e9 (git) Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < e2a8910af01653c1c268984855629d71fb81f404 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:30:36.265660Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:41.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:42:50.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/client/reparse.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7b222d6cb87077faf56a687a72af1951cf78c8a9",
"status": "affected",
"version": "d5ecebc4900df7f6e8dff0717574668885110553",
"versionType": "git"
},
{
"lessThan": "73b078e3314d4854fd8286f3ba65c860ddd3a3dd",
"status": "affected",
"version": "d5ecebc4900df7f6e8dff0717574668885110553",
"versionType": "git"
},
{
"lessThan": "01cdddde39b065074fd48f07027757783cbf5b7d",
"status": "affected",
"version": "d5ecebc4900df7f6e8dff0717574668885110553",
"versionType": "git"
},
{
"lessThan": "ec79e6170bcae8a6036a4b6960f5e7e59a785601",
"status": "affected",
"version": "d5ecebc4900df7f6e8dff0717574668885110553",
"versionType": "git"
},
{
"lessThan": "c6db81c550cea0c73bd72ef55f579991e0e4ba07",
"status": "affected",
"version": "d5ecebc4900df7f6e8dff0717574668885110553",
"versionType": "git"
},
{
"lessThan": "803b3a39cb096d8718c0aebc03fd19f11c7dc919",
"status": "affected",
"version": "d5ecebc4900df7f6e8dff0717574668885110553",
"versionType": "git"
},
{
"lessThan": "c173d47b69f07cd7ca08efb4e458adbd4725d8e9",
"status": "affected",
"version": "d5ecebc4900df7f6e8dff0717574668885110553",
"versionType": "git"
},
{
"lessThan": "e2a8910af01653c1c268984855629d71fb81f404",
"status": "affected",
"version": "d5ecebc4900df7f6e8dff0717574668885110553",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/client/reparse.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.287",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.287",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.231",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix buffer overflow when parsing NFS reparse points\n\nReparseDataLength is sum of the InodeType size and DataBuffer size.\nSo to get DataBuffer size it is needed to subtract InodeType\u0027s size from\nReparseDataLength.\n\nFunction cifs_strndup_from_utf16() is currentlly accessing buf-\u003eDataBuffer\nat position after the end of the buffer because it does not subtract\nInodeType size from the length. Fix this problem and correctly subtract\nvariable len.\n\nMember InodeType is present only when reparse buffer is large enough. Check\nfor ReparseDataLength before accessing InodeType to prevent another invalid\nmemory access.\n\nMajor and minor rdev values are present also only when reparse buffer is\nlarge enough. Check for reparse buffer size before calling reparse_mkdev()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:43:17.347Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7b222d6cb87077faf56a687a72af1951cf78c8a9"
},
{
"url": "https://git.kernel.org/stable/c/73b078e3314d4854fd8286f3ba65c860ddd3a3dd"
},
{
"url": "https://git.kernel.org/stable/c/01cdddde39b065074fd48f07027757783cbf5b7d"
},
{
"url": "https://git.kernel.org/stable/c/ec79e6170bcae8a6036a4b6960f5e7e59a785601"
},
{
"url": "https://git.kernel.org/stable/c/c6db81c550cea0c73bd72ef55f579991e0e4ba07"
},
{
"url": "https://git.kernel.org/stable/c/803b3a39cb096d8718c0aebc03fd19f11c7dc919"
},
{
"url": "https://git.kernel.org/stable/c/c173d47b69f07cd7ca08efb4e458adbd4725d8e9"
},
{
"url": "https://git.kernel.org/stable/c/e2a8910af01653c1c268984855629d71fb81f404"
}
],
"title": "cifs: Fix buffer overflow when parsing NFS reparse points",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49996",
"datePublished": "2024-10-21T18:02:37.046Z",
"dateReserved": "2024-10-21T12:17:06.056Z",
"dateUpdated": "2025-11-03T20:42:50.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49900 (GCVE-0-2024-49900)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2026-01-05 10:54
VLAI?
EPSS
Title
jfs: Fix uninit-value access of new_ea in ea_buffer
Summary
In the Linux kernel, the following vulnerability has been resolved:
jfs: Fix uninit-value access of new_ea in ea_buffer
syzbot reports that lzo1x_1_do_compress is using uninit-value:
=====================================================
BUG: KMSAN: uninit-value in lzo1x_1_do_compress+0x19f9/0x2510 lib/lzo/lzo1x_compress.c:178
...
Uninit was stored to memory at:
ea_put fs/jfs/xattr.c:639 [inline]
...
Local variable ea_buf created at:
__jfs_setxattr+0x5d/0x1ae0 fs/jfs/xattr.c:662
__jfs_xattr_set+0xe6/0x1f0 fs/jfs/xattr.c:934
=====================================================
The reason is ea_buf->new_ea is not initialized properly.
Fix this by using memset to empty its content at the beginning
in ea_get().
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7b24d41d47a6805c45378debf8bd115675d41da8
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < dac398ed272a378d2f42ac68ae408333a51baf52 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8b1dcf25c26d42e4a68c4725ce52a0543c7878cc (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d7444f91a9f93eaa48827087ed0f3381c194181d (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6041536d18c5f51a84bc37cd568cbab61870031e (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c076b3746224982eebdba5c9e4b1467e146c0d64 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7c244d5b48284a770d96ff703df2dfeadf804a73 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8ad8b531de79c348bcb8133e7f5e827b884226af (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2b59ffad47db1c46af25ccad157bb3b25147c35c (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:43:02.007949Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:47.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:02.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7b24d41d47a6805c45378debf8bd115675d41da8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dac398ed272a378d2f42ac68ae408333a51baf52",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8b1dcf25c26d42e4a68c4725ce52a0543c7878cc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d7444f91a9f93eaa48827087ed0f3381c194181d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6041536d18c5f51a84bc37cd568cbab61870031e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c076b3746224982eebdba5c9e4b1467e146c0d64",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7c244d5b48284a770d96ff703df2dfeadf804a73",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8ad8b531de79c348bcb8133e7f5e827b884226af",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2b59ffad47db1c46af25ccad157bb3b25147c35c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix uninit-value access of new_ea in ea_buffer\n\nsyzbot reports that lzo1x_1_do_compress is using uninit-value:\n\n=====================================================\nBUG: KMSAN: uninit-value in lzo1x_1_do_compress+0x19f9/0x2510 lib/lzo/lzo1x_compress.c:178\n\n...\n\nUninit was stored to memory at:\n ea_put fs/jfs/xattr.c:639 [inline]\n\n...\n\nLocal variable ea_buf created at:\n __jfs_setxattr+0x5d/0x1ae0 fs/jfs/xattr.c:662\n __jfs_xattr_set+0xe6/0x1f0 fs/jfs/xattr.c:934\n\n=====================================================\n\nThe reason is ea_buf-\u003enew_ea is not initialized properly.\n\nFix this by using memset to empty its content at the beginning\nin ea_get()."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:54:16.785Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7b24d41d47a6805c45378debf8bd115675d41da8"
},
{
"url": "https://git.kernel.org/stable/c/dac398ed272a378d2f42ac68ae408333a51baf52"
},
{
"url": "https://git.kernel.org/stable/c/8b1dcf25c26d42e4a68c4725ce52a0543c7878cc"
},
{
"url": "https://git.kernel.org/stable/c/d7444f91a9f93eaa48827087ed0f3381c194181d"
},
{
"url": "https://git.kernel.org/stable/c/6041536d18c5f51a84bc37cd568cbab61870031e"
},
{
"url": "https://git.kernel.org/stable/c/c076b3746224982eebdba5c9e4b1467e146c0d64"
},
{
"url": "https://git.kernel.org/stable/c/7c244d5b48284a770d96ff703df2dfeadf804a73"
},
{
"url": "https://git.kernel.org/stable/c/8ad8b531de79c348bcb8133e7f5e827b884226af"
},
{
"url": "https://git.kernel.org/stable/c/2b59ffad47db1c46af25ccad157bb3b25147c35c"
}
],
"title": "jfs: Fix uninit-value access of new_ea in ea_buffer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49900",
"datePublished": "2024-10-21T18:01:32.607Z",
"dateReserved": "2024-10-21T12:17:06.026Z",
"dateUpdated": "2026-01-05T10:54:16.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46815 (GCVE-0-2024-46815)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-11-03 22:18
VLAI?
EPSS
Title
drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]
[WHY & HOW]
num_valid_sets needs to be checked to avoid a negative index when
accessing reader_wm_sets[num_valid_sets - 1].
This fixes an OVERRUN issue reported by Coverity.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < a72d4996409569027b4609414a14a87679b12267
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 7c47dd2e92341f2989ab73dbed07f8894593ad7b (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < c4a7f7c0062fe2c73f70bb7e335199e25bd71492 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < b36e9b3104c4ba0f2f5dd083dcf6159cb316c996 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < b38a4815f79b87efb196cd5121579fc51e29a7fb (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:18:10.423569Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:18:21.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:18:59.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a72d4996409569027b4609414a14a87679b12267",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "7c47dd2e92341f2989ab73dbed07f8894593ad7b",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "c4a7f7c0062fe2c73f70bb7e335199e25bd71492",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "b36e9b3104c4ba0f2f5dd083dcf6159cb316c996",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "b38a4815f79b87efb196cd5121579fc51e29a7fb",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.50",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.109",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.50",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY \u0026 HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:20:39.741Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a72d4996409569027b4609414a14a87679b12267"
},
{
"url": "https://git.kernel.org/stable/c/7c47dd2e92341f2989ab73dbed07f8894593ad7b"
},
{
"url": "https://git.kernel.org/stable/c/c4a7f7c0062fe2c73f70bb7e335199e25bd71492"
},
{
"url": "https://git.kernel.org/stable/c/b36e9b3104c4ba0f2f5dd083dcf6159cb316c996"
},
{
"url": "https://git.kernel.org/stable/c/21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf"
},
{
"url": "https://git.kernel.org/stable/c/6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0"
},
{
"url": "https://git.kernel.org/stable/c/b38a4815f79b87efb196cd5121579fc51e29a7fb"
}
],
"title": "drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46815",
"datePublished": "2024-09-27T12:35:57.062Z",
"dateReserved": "2024-09-11T15:12:18.283Z",
"dateUpdated": "2025-11-03T22:18:59.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47687 (GCVE-0-2024-47687)
Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-05-04 09:37
VLAI?
EPSS
Title
vdpa/mlx5: Fix invalid mr resource destroy
Summary
In the Linux kernel, the following vulnerability has been resolved:
vdpa/mlx5: Fix invalid mr resource destroy
Certain error paths from mlx5_vdpa_dev_add() can end up releasing mr
resources which never got initialized in the first place.
This patch adds the missing check in mlx5_vdpa_destroy_mr_resources()
to block releasing non-initialized mr resources.
Reference trace:
mlx5_core 0000:08:00.2: mlx5_vdpa_dev_add:3274:(pid 2700) warning: No mac address provisioned?
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 140216067 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 8 PID: 2700 Comm: vdpa Kdump: loaded Not tainted 5.14.0-496.el9.x86_64 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
RIP: 0010:vhost_iotlb_del_range+0xf/0xe0 [vhost_iotlb]
Code: [...]
RSP: 0018:ff1c823ac23077f0 EFLAGS: 00010246
RAX: ffffffffc1a21a60 RBX: ffffffff899567a0 RCX: 0000000000000000
RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000000000000
RBP: ff1bda1f7c21e800 R08: 0000000000000000 R09: ff1c823ac2307670
R10: ff1c823ac2307668 R11: ffffffff8a9e7b68 R12: 0000000000000000
R13: 0000000000000000 R14: ff1bda1f43e341a0 R15: 00000000ffffffea
FS: 00007f56eba7c740(0000) GS:ff1bda269f800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000104d90001 CR4: 0000000000771ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
? show_trace_log_lvl+0x1c4/0x2df
? show_trace_log_lvl+0x1c4/0x2df
? mlx5_vdpa_free+0x3d/0x150 [mlx5_vdpa]
? __die_body.cold+0x8/0xd
? page_fault_oops+0x134/0x170
? __irq_work_queue_local+0x2b/0xc0
? irq_work_queue+0x2c/0x50
? exc_page_fault+0x62/0x150
? asm_exc_page_fault+0x22/0x30
? __pfx_mlx5_vdpa_free+0x10/0x10 [mlx5_vdpa]
? vhost_iotlb_del_range+0xf/0xe0 [vhost_iotlb]
mlx5_vdpa_free+0x3d/0x150 [mlx5_vdpa]
vdpa_release_dev+0x1e/0x50 [vdpa]
device_release+0x31/0x90
kobject_cleanup+0x37/0x130
mlx5_vdpa_dev_add+0x2d2/0x7a0 [mlx5_vdpa]
vdpa_nl_cmd_dev_add_set_doit+0x277/0x4c0 [vdpa]
genl_family_rcv_msg_doit+0xd9/0x130
genl_family_rcv_msg+0x14d/0x220
? __pfx_vdpa_nl_cmd_dev_add_set_doit+0x10/0x10 [vdpa]
? _copy_to_user+0x1a/0x30
? move_addr_to_user+0x4b/0xe0
genl_rcv_msg+0x47/0xa0
? __import_iovec+0x46/0x150
? __pfx_genl_rcv_msg+0x10/0x10
netlink_rcv_skb+0x54/0x100
genl_rcv+0x24/0x40
netlink_unicast+0x245/0x370
netlink_sendmsg+0x206/0x440
__sys_sendto+0x1dc/0x1f0
? do_read_fault+0x10c/0x1d0
? do_pte_missing+0x10d/0x190
__x64_sys_sendto+0x20/0x30
do_syscall_64+0x5c/0xf0
? __count_memcg_events+0x4f/0xb0
? mm_account_fault+0x6c/0x100
? handle_mm_fault+0x116/0x270
? do_user_addr_fault+0x1d6/0x6a0
? do_syscall_64+0x6b/0xf0
? clear_bhb_loop+0x25/0x80
? clear_bhb_loop+0x25/0x80
? clear_bhb_loop+0x25/0x80
? clear_bhb_loop+0x25/0x80
? clear_bhb_loop+0x25/0x80
entry_SYSCALL_64_after_hwframe+0x78/0x80
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
512c0cdd80c19ec11f6dbe769d5899dcfefcd5c9 , < b6fbb1c7801f46a0e5461c02904eab0d7535c790
(git)
Affected: 512c0cdd80c19ec11f6dbe769d5899dcfefcd5c9 , < 5fe351def237df1ad29aa8af574350bc5340b4cf (git) Affected: 512c0cdd80c19ec11f6dbe769d5899dcfefcd5c9 , < dc12502905b7a3de9097ea6b98870470c2921e09 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47687",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:06:29.452318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:14:15.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/vdpa/mlx5/core/mr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b6fbb1c7801f46a0e5461c02904eab0d7535c790",
"status": "affected",
"version": "512c0cdd80c19ec11f6dbe769d5899dcfefcd5c9",
"versionType": "git"
},
{
"lessThan": "5fe351def237df1ad29aa8af574350bc5340b4cf",
"status": "affected",
"version": "512c0cdd80c19ec11f6dbe769d5899dcfefcd5c9",
"versionType": "git"
},
{
"lessThan": "dc12502905b7a3de9097ea6b98870470c2921e09",
"status": "affected",
"version": "512c0cdd80c19ec11f6dbe769d5899dcfefcd5c9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/vdpa/mlx5/core/mr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa/mlx5: Fix invalid mr resource destroy\n\nCertain error paths from mlx5_vdpa_dev_add() can end up releasing mr\nresources which never got initialized in the first place.\n\nThis patch adds the missing check in mlx5_vdpa_destroy_mr_resources()\nto block releasing non-initialized mr resources.\n\nReference trace:\n\n mlx5_core 0000:08:00.2: mlx5_vdpa_dev_add:3274:(pid 2700) warning: No mac address provisioned?\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 140216067 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 8 PID: 2700 Comm: vdpa Kdump: loaded Not tainted 5.14.0-496.el9.x86_64 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:vhost_iotlb_del_range+0xf/0xe0 [vhost_iotlb]\n Code: [...]\n RSP: 0018:ff1c823ac23077f0 EFLAGS: 00010246\n RAX: ffffffffc1a21a60 RBX: ffffffff899567a0 RCX: 0000000000000000\n RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ff1bda1f7c21e800 R08: 0000000000000000 R09: ff1c823ac2307670\n R10: ff1c823ac2307668 R11: ffffffff8a9e7b68 R12: 0000000000000000\n R13: 0000000000000000 R14: ff1bda1f43e341a0 R15: 00000000ffffffea\n FS: 00007f56eba7c740(0000) GS:ff1bda269f800000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000000104d90001 CR4: 0000000000771ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? mlx5_vdpa_free+0x3d/0x150 [mlx5_vdpa]\n ? __die_body.cold+0x8/0xd\n ? page_fault_oops+0x134/0x170\n ? __irq_work_queue_local+0x2b/0xc0\n ? irq_work_queue+0x2c/0x50\n ? exc_page_fault+0x62/0x150\n ? asm_exc_page_fault+0x22/0x30\n ? __pfx_mlx5_vdpa_free+0x10/0x10 [mlx5_vdpa]\n ? vhost_iotlb_del_range+0xf/0xe0 [vhost_iotlb]\n mlx5_vdpa_free+0x3d/0x150 [mlx5_vdpa]\n vdpa_release_dev+0x1e/0x50 [vdpa]\n device_release+0x31/0x90\n kobject_cleanup+0x37/0x130\n mlx5_vdpa_dev_add+0x2d2/0x7a0 [mlx5_vdpa]\n vdpa_nl_cmd_dev_add_set_doit+0x277/0x4c0 [vdpa]\n genl_family_rcv_msg_doit+0xd9/0x130\n genl_family_rcv_msg+0x14d/0x220\n ? __pfx_vdpa_nl_cmd_dev_add_set_doit+0x10/0x10 [vdpa]\n ? _copy_to_user+0x1a/0x30\n ? move_addr_to_user+0x4b/0xe0\n genl_rcv_msg+0x47/0xa0\n ? __import_iovec+0x46/0x150\n ? __pfx_genl_rcv_msg+0x10/0x10\n netlink_rcv_skb+0x54/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x245/0x370\n netlink_sendmsg+0x206/0x440\n __sys_sendto+0x1dc/0x1f0\n ? do_read_fault+0x10c/0x1d0\n ? do_pte_missing+0x10d/0x190\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x5c/0xf0\n ? __count_memcg_events+0x4f/0xb0\n ? mm_account_fault+0x6c/0x100\n ? handle_mm_fault+0x116/0x270\n ? do_user_addr_fault+0x1d6/0x6a0\n ? do_syscall_64+0x6b/0xf0\n ? clear_bhb_loop+0x25/0x80\n ? clear_bhb_loop+0x25/0x80\n ? clear_bhb_loop+0x25/0x80\n ? clear_bhb_loop+0x25/0x80\n ? clear_bhb_loop+0x25/0x80\n entry_SYSCALL_64_after_hwframe+0x78/0x80"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:37:22.176Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b6fbb1c7801f46a0e5461c02904eab0d7535c790"
},
{
"url": "https://git.kernel.org/stable/c/5fe351def237df1ad29aa8af574350bc5340b4cf"
},
{
"url": "https://git.kernel.org/stable/c/dc12502905b7a3de9097ea6b98870470c2921e09"
}
],
"title": "vdpa/mlx5: Fix invalid mr resource destroy",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47687",
"datePublished": "2024-10-21T11:53:27.834Z",
"dateReserved": "2024-09-30T16:00:12.941Z",
"dateUpdated": "2025-05-04T09:37:22.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48958 (GCVE-0-2022-48958)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:26
VLAI?
EPSS
Title
ethernet: aeroflex: fix potential skb leak in greth_init_rings()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ethernet: aeroflex: fix potential skb leak in greth_init_rings()
The greth_init_rings() function won't free the newly allocated skb when
dma_mapping_error() returns error, so add dev_kfree_skb() to fix it.
Compile tested only.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
d4c41139df6e74c6fff0cbac43e51cab782133be , < 223654e2e2c8d05347cd8e300f8d1ec6023103dd
(git)
Affected: d4c41139df6e74c6fff0cbac43e51cab782133be , < cb1e293f858e5e1152b8791047ed4bdaaf392189 (git) Affected: d4c41139df6e74c6fff0cbac43e51cab782133be , < bfaa8f6c5b84b295dd73b0138b57c5555ca12b1c (git) Affected: d4c41139df6e74c6fff0cbac43e51cab782133be , < 99669d94ce145389f1d6f197e6e18ed50d43fb76 (git) Affected: d4c41139df6e74c6fff0cbac43e51cab782133be , < 87277bdf2c370ab2d07cfe77dfa9b37f82bbe1e5 (git) Affected: d4c41139df6e74c6fff0cbac43e51cab782133be , < c7adcbd0fd3fde1b19150c3e955fb4a30c5bd9b7 (git) Affected: d4c41139df6e74c6fff0cbac43e51cab782133be , < dd62867a6383f78f75f07039394aac25924a3307 (git) Affected: d4c41139df6e74c6fff0cbac43e51cab782133be , < 063a932b64db3317ec020c94466fe52923a15f60 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48958",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:20:45.568548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:39.583Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/aeroflex/greth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "223654e2e2c8d05347cd8e300f8d1ec6023103dd",
"status": "affected",
"version": "d4c41139df6e74c6fff0cbac43e51cab782133be",
"versionType": "git"
},
{
"lessThan": "cb1e293f858e5e1152b8791047ed4bdaaf392189",
"status": "affected",
"version": "d4c41139df6e74c6fff0cbac43e51cab782133be",
"versionType": "git"
},
{
"lessThan": "bfaa8f6c5b84b295dd73b0138b57c5555ca12b1c",
"status": "affected",
"version": "d4c41139df6e74c6fff0cbac43e51cab782133be",
"versionType": "git"
},
{
"lessThan": "99669d94ce145389f1d6f197e6e18ed50d43fb76",
"status": "affected",
"version": "d4c41139df6e74c6fff0cbac43e51cab782133be",
"versionType": "git"
},
{
"lessThan": "87277bdf2c370ab2d07cfe77dfa9b37f82bbe1e5",
"status": "affected",
"version": "d4c41139df6e74c6fff0cbac43e51cab782133be",
"versionType": "git"
},
{
"lessThan": "c7adcbd0fd3fde1b19150c3e955fb4a30c5bd9b7",
"status": "affected",
"version": "d4c41139df6e74c6fff0cbac43e51cab782133be",
"versionType": "git"
},
{
"lessThan": "dd62867a6383f78f75f07039394aac25924a3307",
"status": "affected",
"version": "d4c41139df6e74c6fff0cbac43e51cab782133be",
"versionType": "git"
},
{
"lessThan": "063a932b64db3317ec020c94466fe52923a15f60",
"status": "affected",
"version": "d4c41139df6e74c6fff0cbac43e51cab782133be",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/aeroflex/greth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.34"
},
{
"lessThan": "2.6.34",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.336",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.336",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.302",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.269",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "2.6.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nethernet: aeroflex: fix potential skb leak in greth_init_rings()\n\nThe greth_init_rings() function won\u0027t free the newly allocated skb when\ndma_mapping_error() returns error, so add dev_kfree_skb() to fix it.\n\nCompile tested only."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:56.189Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/223654e2e2c8d05347cd8e300f8d1ec6023103dd"
},
{
"url": "https://git.kernel.org/stable/c/cb1e293f858e5e1152b8791047ed4bdaaf392189"
},
{
"url": "https://git.kernel.org/stable/c/bfaa8f6c5b84b295dd73b0138b57c5555ca12b1c"
},
{
"url": "https://git.kernel.org/stable/c/99669d94ce145389f1d6f197e6e18ed50d43fb76"
},
{
"url": "https://git.kernel.org/stable/c/87277bdf2c370ab2d07cfe77dfa9b37f82bbe1e5"
},
{
"url": "https://git.kernel.org/stable/c/c7adcbd0fd3fde1b19150c3e955fb4a30c5bd9b7"
},
{
"url": "https://git.kernel.org/stable/c/dd62867a6383f78f75f07039394aac25924a3307"
},
{
"url": "https://git.kernel.org/stable/c/063a932b64db3317ec020c94466fe52923a15f60"
}
],
"title": "ethernet: aeroflex: fix potential skb leak in greth_init_rings()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48958",
"datePublished": "2024-10-21T20:05:43.778Z",
"dateReserved": "2024-08-22T01:27:53.627Z",
"dateUpdated": "2025-05-04T08:26:56.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49966 (GCVE-0-2024-49966)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
ocfs2: cancel dqi_sync_work before freeing oinfo
Summary
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: cancel dqi_sync_work before freeing oinfo
ocfs2_global_read_info() will initialize and schedule dqi_sync_work at the
end, if error occurs after successfully reading global quota, it will
trigger the following warning with CONFIG_DEBUG_OBJECTS_* enabled:
ODEBUG: free active (active state 0) object: 00000000d8b0ce28 object type: timer_list hint: qsync_work_fn+0x0/0x16c
This reports that there is an active delayed work when freeing oinfo in
error handling, so cancel dqi_sync_work first. BTW, return status instead
of -1 when .read_file_info fails.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < fc5cc716dfbdc5fd5f373ff3b51358174cf88bfc
(git)
Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < 89043e7ed63c7fc141e68ea5a79758ed24b6c699 (git) Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < 14114d8148db07e7946fb06b56a50cfa425e26c7 (git) Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < 4173d1277c00baeedaaca76783e98b8fd0e3c08d (git) Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < bbf41277df8b33fbedf4750a9300c147e8f104eb (git) Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < ef768020366f47d23f39c4f57bcb03af6d1e24b3 (git) Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < a4346c04d055bf7e184c18a73dbd23b6a9811118 (git) Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < 0d707a33c84b371cb66120e198eed3374726ddd8 (git) Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < 35fccce29feb3706f649726d410122dd81b92c18 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:34:26.104655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:46.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:48.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/quota_local.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fc5cc716dfbdc5fd5f373ff3b51358174cf88bfc",
"status": "affected",
"version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
"versionType": "git"
},
{
"lessThan": "89043e7ed63c7fc141e68ea5a79758ed24b6c699",
"status": "affected",
"version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
"versionType": "git"
},
{
"lessThan": "14114d8148db07e7946fb06b56a50cfa425e26c7",
"status": "affected",
"version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
"versionType": "git"
},
{
"lessThan": "4173d1277c00baeedaaca76783e98b8fd0e3c08d",
"status": "affected",
"version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
"versionType": "git"
},
{
"lessThan": "bbf41277df8b33fbedf4750a9300c147e8f104eb",
"status": "affected",
"version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
"versionType": "git"
},
{
"lessThan": "ef768020366f47d23f39c4f57bcb03af6d1e24b3",
"status": "affected",
"version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
"versionType": "git"
},
{
"lessThan": "a4346c04d055bf7e184c18a73dbd23b6a9811118",
"status": "affected",
"version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
"versionType": "git"
},
{
"lessThan": "0d707a33c84b371cb66120e198eed3374726ddd8",
"status": "affected",
"version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
"versionType": "git"
},
{
"lessThan": "35fccce29feb3706f649726d410122dd81b92c18",
"status": "affected",
"version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/quota_local.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.29"
},
{
"lessThan": "2.6.29",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: cancel dqi_sync_work before freeing oinfo\n\nocfs2_global_read_info() will initialize and schedule dqi_sync_work at the\nend, if error occurs after successfully reading global quota, it will\ntrigger the following warning with CONFIG_DEBUG_OBJECTS_* enabled:\n\nODEBUG: free active (active state 0) object: 00000000d8b0ce28 object type: timer_list hint: qsync_work_fn+0x0/0x16c\n\nThis reports that there is an active delayed work when freeing oinfo in\nerror handling, so cancel dqi_sync_work first. BTW, return status instead\nof -1 when .read_file_info fails."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:42:34.255Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fc5cc716dfbdc5fd5f373ff3b51358174cf88bfc"
},
{
"url": "https://git.kernel.org/stable/c/89043e7ed63c7fc141e68ea5a79758ed24b6c699"
},
{
"url": "https://git.kernel.org/stable/c/14114d8148db07e7946fb06b56a50cfa425e26c7"
},
{
"url": "https://git.kernel.org/stable/c/4173d1277c00baeedaaca76783e98b8fd0e3c08d"
},
{
"url": "https://git.kernel.org/stable/c/bbf41277df8b33fbedf4750a9300c147e8f104eb"
},
{
"url": "https://git.kernel.org/stable/c/ef768020366f47d23f39c4f57bcb03af6d1e24b3"
},
{
"url": "https://git.kernel.org/stable/c/a4346c04d055bf7e184c18a73dbd23b6a9811118"
},
{
"url": "https://git.kernel.org/stable/c/0d707a33c84b371cb66120e198eed3374726ddd8"
},
{
"url": "https://git.kernel.org/stable/c/35fccce29feb3706f649726d410122dd81b92c18"
}
],
"title": "ocfs2: cancel dqi_sync_work before freeing oinfo",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49966",
"datePublished": "2024-10-21T18:02:17.076Z",
"dateReserved": "2024-10-21T12:17:06.050Z",
"dateUpdated": "2025-11-03T22:23:48.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46830 (GCVE-0-2024-46830)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:39 – Updated: 2026-01-19 12:17
VLAI?
EPSS
Title
KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
Grab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly
leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX
reads guest memory.
Note, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN
via sync_regs(), which already holds SRCU. I.e. trying to precisely use
kvm_vcpu_srcu_read_lock() around the problematic SMM code would cause
problems. Acquiring SRCU isn't all that expensive, so for simplicity,
grab it unconditionally for KVM_SET_VCPU_EVENTS.
=============================
WARNING: suspicious RCU usage
6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted
-----------------------------
include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
1 lock held by repro/1071:
#0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm]
stack backtrace:
CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
Call Trace:
<TASK>
dump_stack_lvl+0x7f/0x90
lockdep_rcu_suspicious+0x13f/0x1a0
kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm]
kvm_vcpu_read_guest+0x3e/0x90 [kvm]
nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel]
load_vmcs12_host_state+0x432/0xb40 [kvm_intel]
vmx_leave_nested+0x30/0x40 [kvm_intel]
kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm]
kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm]
? mark_held_locks+0x49/0x70
? kvm_vcpu_ioctl+0x7d/0x970 [kvm]
? kvm_vcpu_ioctl+0x497/0x970 [kvm]
kvm_vcpu_ioctl+0x497/0x970 [kvm]
? lock_acquire+0xba/0x2d0
? find_held_lock+0x2b/0x80
? do_user_addr_fault+0x40c/0x6f0
? lock_release+0xb7/0x270
__x64_sys_ioctl+0x82/0xb0
do_syscall_64+0x6c/0x170
entry_SYSCALL_64_after_hwframe+0x4b/0x53
RIP: 0033:0x7ff11eb1b539
</TASK>
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
e302786233e6bc512986d007c96458ccf5ca21c7 , < 5f35099fa3d59caf10bda88b033538e90086684e
(git)
Affected: f7e570780efc5cec9b2ed1e0472a7da14e864fdb , < fa297c33faefe51e10244e8a378837fca4963228 (git) Affected: f7e570780efc5cec9b2ed1e0472a7da14e864fdb , < 939375737b5a0b1bf9b1e75129054e11bc9ca65e (git) Affected: f7e570780efc5cec9b2ed1e0472a7da14e864fdb , < ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9 (git) Affected: f7e570780efc5cec9b2ed1e0472a7da14e864fdb , < 4bcdd831d9d01e0fb64faea50732b59b2ee88da1 (git) Affected: 080dbe7e9b86a0392d8dffc00d9971792afc121f (git) Affected: b4c0d89c92e957ecccce12e66b63875d0cc7af7e (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46830",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:12:09.375859Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:12:18.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:19:21.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/x86.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5f35099fa3d59caf10bda88b033538e90086684e",
"status": "affected",
"version": "e302786233e6bc512986d007c96458ccf5ca21c7",
"versionType": "git"
},
{
"lessThan": "fa297c33faefe51e10244e8a378837fca4963228",
"status": "affected",
"version": "f7e570780efc5cec9b2ed1e0472a7da14e864fdb",
"versionType": "git"
},
{
"lessThan": "939375737b5a0b1bf9b1e75129054e11bc9ca65e",
"status": "affected",
"version": "f7e570780efc5cec9b2ed1e0472a7da14e864fdb",
"versionType": "git"
},
{
"lessThan": "ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9",
"status": "affected",
"version": "f7e570780efc5cec9b2ed1e0472a7da14e864fdb",
"versionType": "git"
},
{
"lessThan": "4bcdd831d9d01e0fb64faea50732b59b2ee88da1",
"status": "affected",
"version": "f7e570780efc5cec9b2ed1e0472a7da14e864fdb",
"versionType": "git"
},
{
"status": "affected",
"version": "080dbe7e9b86a0392d8dffc00d9971792afc121f",
"versionType": "git"
},
{
"status": "affected",
"version": "b4c0d89c92e957ecccce12e66b63875d0cc7af7e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/x86.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.198",
"versionStartIncluding": "5.15.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.110",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire kvm-\u003esrcu when handling KVM_SET_VCPU_EVENTS\n\nGrab kvm-\u003esrcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly\nleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX\nreads guest memory.\n\nNote, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN\nvia sync_regs(), which already holds SRCU. I.e. trying to precisely use\nkvm_vcpu_srcu_read_lock() around the problematic SMM code would cause\nproblems. Acquiring SRCU isn\u0027t all that expensive, so for simplicity,\ngrab it unconditionally for KVM_SET_VCPU_EVENTS.\n\n =============================\n WARNING: suspicious RCU usage\n 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by repro/1071:\n #0: ffff88811e424430 (\u0026vcpu-\u003emutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n\n stack backtrace:\n CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x7f/0x90\n lockdep_rcu_suspicious+0x13f/0x1a0\n kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm]\n kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel]\n load_vmcs12_host_state+0x432/0xb40 [kvm_intel]\n vmx_leave_nested+0x30/0x40 [kvm_intel]\n kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm]\n kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm]\n ? mark_held_locks+0x49/0x70\n ? kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n ? kvm_vcpu_ioctl+0x497/0x970 [kvm]\n kvm_vcpu_ioctl+0x497/0x970 [kvm]\n ? lock_acquire+0xba/0x2d0\n ? find_held_lock+0x2b/0x80\n ? do_user_addr_fault+0x40c/0x6f0\n ? lock_release+0xb7/0x270\n __x64_sys_ioctl+0x82/0xb0\n do_syscall_64+0x6c/0x170\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7ff11eb1b539\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2026-01-19T12:17:50.664Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5f35099fa3d59caf10bda88b033538e90086684e"
},
{
"url": "https://git.kernel.org/stable/c/fa297c33faefe51e10244e8a378837fca4963228"
},
{
"url": "https://git.kernel.org/stable/c/939375737b5a0b1bf9b1e75129054e11bc9ca65e"
},
{
"url": "https://git.kernel.org/stable/c/ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9"
},
{
"url": "https://git.kernel.org/stable/c/4bcdd831d9d01e0fb64faea50732b59b2ee88da1"
}
],
"title": "KVM: x86: Acquire kvm-\u003esrcu when handling KVM_SET_VCPU_EVENTS",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46830",
"datePublished": "2024-09-27T12:39:28.396Z",
"dateReserved": "2024-09-11T15:12:18.286Z",
"dateUpdated": "2026-01-19T12:17:50.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49991 (GCVE-0-2024-49991)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:24
VLAI?
EPSS
Title
drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
Pass pointer reference to amdgpu_bo_unref to clear the correct pointer,
otherwise amdgpu_bo_unref clear the local variable, the original pointer
not set to NULL, this could cause use-after-free bug.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
130e0371b7d454bb4a861253c822b9f911ad5d19 , < e7831613cbbcd9058d3658fbcdc5d5884ceb2e0c
(git)
Affected: 130e0371b7d454bb4a861253c822b9f911ad5d19 , < 30ceb873cc2e97348d9da2265b2d1ddf07f682e1 (git) Affected: 130e0371b7d454bb4a861253c822b9f911ad5d19 , < 71f3240f82987f0f070ea5bed559033de7d4c0e1 (git) Affected: 130e0371b7d454bb4a861253c822b9f911ad5d19 , < 6c9289806591807e4e3be9a23df8ee2069180055 (git) Affected: 130e0371b7d454bb4a861253c822b9f911ad5d19 , < c86ad39140bbcb9dc75a10046c2221f657e8083b (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49991",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:31:14.431279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:42.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:24:09.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c",
"drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h",
"drivers/gpu/drm/amd/amdkfd/kfd_chardev.c",
"drivers/gpu/drm/amd/amdkfd/kfd_device.c",
"drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c",
"drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c",
"drivers/gpu/drm/amd/amdkfd/kfd_process.c",
"drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e7831613cbbcd9058d3658fbcdc5d5884ceb2e0c",
"status": "affected",
"version": "130e0371b7d454bb4a861253c822b9f911ad5d19",
"versionType": "git"
},
{
"lessThan": "30ceb873cc2e97348d9da2265b2d1ddf07f682e1",
"status": "affected",
"version": "130e0371b7d454bb4a861253c822b9f911ad5d19",
"versionType": "git"
},
{
"lessThan": "71f3240f82987f0f070ea5bed559033de7d4c0e1",
"status": "affected",
"version": "130e0371b7d454bb4a861253c822b9f911ad5d19",
"versionType": "git"
},
{
"lessThan": "6c9289806591807e4e3be9a23df8ee2069180055",
"status": "affected",
"version": "130e0371b7d454bb4a861253c822b9f911ad5d19",
"versionType": "git"
},
{
"lessThan": "c86ad39140bbcb9dc75a10046c2221f657e8083b",
"status": "affected",
"version": "130e0371b7d454bb4a861253c822b9f911ad5d19",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c",
"drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h",
"drivers/gpu/drm/amd/amdkfd/kfd_chardev.c",
"drivers/gpu/drm/amd/amdkfd/kfd_device.c",
"drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c",
"drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c",
"drivers/gpu/drm/amd/amdkfd/kfd_process.c",
"drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.118",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.118",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer\n\nPass pointer reference to amdgpu_bo_unref to clear the correct pointer,\notherwise amdgpu_bo_unref clear the local variable, the original pointer\nnot set to NULL, this could cause use-after-free bug."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:36.356Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e7831613cbbcd9058d3658fbcdc5d5884ceb2e0c"
},
{
"url": "https://git.kernel.org/stable/c/30ceb873cc2e97348d9da2265b2d1ddf07f682e1"
},
{
"url": "https://git.kernel.org/stable/c/71f3240f82987f0f070ea5bed559033de7d4c0e1"
},
{
"url": "https://git.kernel.org/stable/c/6c9289806591807e4e3be9a23df8ee2069180055"
},
{
"url": "https://git.kernel.org/stable/c/c86ad39140bbcb9dc75a10046c2221f657e8083b"
}
],
"title": "drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49991",
"datePublished": "2024-10-21T18:02:33.805Z",
"dateReserved": "2024-10-21T12:17:06.054Z",
"dateUpdated": "2025-11-03T22:24:09.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50069 (GCVE-0-2024-50069)
Vulnerability from cvelistv5 – Published: 2024-10-29 00:50 – Updated: 2025-11-03 22:25
VLAI?
EPSS
Title
pinctrl: apple: check devm_kasprintf() returned value
Summary
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: apple: check devm_kasprintf() returned value
devm_kasprintf() can return a NULL pointer on failure but this returned
value is not checked. Fix this lack and check the returned value.
Found by code review.
Severity ?
5.5 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
a0f160ffcb83de6a04fa75f9e7bdfe969f2863f7 , < 0a4d4dbef622ac8796a6665e0080da2685f9220a
(git)
Affected: a0f160ffcb83de6a04fa75f9e7bdfe969f2863f7 , < fad940e2dd789155f99ecafa71a7baf6f96530bc (git) Affected: a0f160ffcb83de6a04fa75f9e7bdfe969f2863f7 , < 4d2296fb7c80fdc9925d29a8e85d617cad08731a (git) Affected: a0f160ffcb83de6a04fa75f9e7bdfe969f2863f7 , < 665a58fe663ac7a9ea618dc0b29881649324b116 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:23:38.610946Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:27:21.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:25:05.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/pinctrl-apple-gpio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0a4d4dbef622ac8796a6665e0080da2685f9220a",
"status": "affected",
"version": "a0f160ffcb83de6a04fa75f9e7bdfe969f2863f7",
"versionType": "git"
},
{
"lessThan": "fad940e2dd789155f99ecafa71a7baf6f96530bc",
"status": "affected",
"version": "a0f160ffcb83de6a04fa75f9e7bdfe969f2863f7",
"versionType": "git"
},
{
"lessThan": "4d2296fb7c80fdc9925d29a8e85d617cad08731a",
"status": "affected",
"version": "a0f160ffcb83de6a04fa75f9e7bdfe969f2863f7",
"versionType": "git"
},
{
"lessThan": "665a58fe663ac7a9ea618dc0b29881649324b116",
"status": "affected",
"version": "a0f160ffcb83de6a04fa75f9e7bdfe969f2863f7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/pinctrl-apple-gpio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.114",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.114",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.58",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.5",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: apple: check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked. Fix this lack and check the returned value.\n\nFound by code review."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:45:12.334Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0a4d4dbef622ac8796a6665e0080da2685f9220a"
},
{
"url": "https://git.kernel.org/stable/c/fad940e2dd789155f99ecafa71a7baf6f96530bc"
},
{
"url": "https://git.kernel.org/stable/c/4d2296fb7c80fdc9925d29a8e85d617cad08731a"
},
{
"url": "https://git.kernel.org/stable/c/665a58fe663ac7a9ea618dc0b29881649324b116"
}
],
"title": "pinctrl: apple: check devm_kasprintf() returned value",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50069",
"datePublished": "2024-10-29T00:50:10.018Z",
"dateReserved": "2024-10-21T19:36:19.940Z",
"dateUpdated": "2025-11-03T22:25:05.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46818 (GCVE-0-2024-46818)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-11-03 22:19
VLAI?
EPSS
Title
drm/amd/display: Check gpio_id before used as array index
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check gpio_id before used as array index
[WHY & HOW]
GPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore
should be checked in advance.
This fixes 5 OVERRUN issues reported by Coverity.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 8520fdc8ecc38f240a8e9e7af89cca6739c3e790
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 40c2e8bc117cab8bca8814735f28a8b121654a84 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 0184cca30cad74d88f5c875d4e26999e26325700 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 276e3fd93e3beb5894eb1cc8480f9f417d51524d (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 08e7755f754e3d2cef7d3a7da538d33526bd6f7c (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 3d4198ab612ad48f73383ad3bb5663e6f0cdf406 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 2a5626eeb3b5eec7a36886f9556113dd93ec8ed6 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46818",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:15:06.184629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:15:15.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:19:05.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8520fdc8ecc38f240a8e9e7af89cca6739c3e790",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "40c2e8bc117cab8bca8814735f28a8b121654a84",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "0184cca30cad74d88f5c875d4e26999e26325700",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "276e3fd93e3beb5894eb1cc8480f9f417d51524d",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "08e7755f754e3d2cef7d3a7da538d33526bd6f7c",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "3d4198ab612ad48f73383ad3bb5663e6f0cdf406",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "2a5626eeb3b5eec7a36886f9556113dd93ec8ed6",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.50",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.109",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.50",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:20:43.164Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8520fdc8ecc38f240a8e9e7af89cca6739c3e790"
},
{
"url": "https://git.kernel.org/stable/c/40c2e8bc117cab8bca8814735f28a8b121654a84"
},
{
"url": "https://git.kernel.org/stable/c/0184cca30cad74d88f5c875d4e26999e26325700"
},
{
"url": "https://git.kernel.org/stable/c/276e3fd93e3beb5894eb1cc8480f9f417d51524d"
},
{
"url": "https://git.kernel.org/stable/c/08e7755f754e3d2cef7d3a7da538d33526bd6f7c"
},
{
"url": "https://git.kernel.org/stable/c/3d4198ab612ad48f73383ad3bb5663e6f0cdf406"
},
{
"url": "https://git.kernel.org/stable/c/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6"
}
],
"title": "drm/amd/display: Check gpio_id before used as array index",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46818",
"datePublished": "2024-09-27T12:35:59.187Z",
"dateReserved": "2024-09-11T15:12:18.284Z",
"dateUpdated": "2025-11-03T22:19:05.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47665 (GCVE-0-2024-47665)
Vulnerability from cvelistv5 – Published: 2024-10-09 14:13 – Updated: 2025-11-03 22:20
VLAI?
EPSS
Title
i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup
Summary
In the Linux kernel, the following vulnerability has been resolved:
i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup
Definitely condition dma_get_cache_alignment * defined value > 256
during driver initialization is not reason to BUG_ON(). Turn that to
graceful error out with -EINVAL.
Severity ?
5.5 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < cacb76df247a7cd842ff29755a523b1cba6c0508
(git)
Affected: 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < 2666085335bdfedf90d91f4071490ad3980be785 (git) Affected: 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < 5a022269abb22809f2a174b90f200fc4b9526058 (git) Affected: 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < e2d14bfda9eb5393f8a17008afe2aa7fe0a29815 (git) Affected: 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < 8a2be2f1db268ec735419e53ef04ca039fc027dc (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T13:21:57.821150Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T14:49:17.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:20:30.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i3c/master/mipi-i3c-hci/dma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cacb76df247a7cd842ff29755a523b1cba6c0508",
"status": "affected",
"version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
"versionType": "git"
},
{
"lessThan": "2666085335bdfedf90d91f4071490ad3980be785",
"status": "affected",
"version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
"versionType": "git"
},
{
"lessThan": "5a022269abb22809f2a174b90f200fc4b9526058",
"status": "affected",
"version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
"versionType": "git"
},
{
"lessThan": "e2d14bfda9eb5393f8a17008afe2aa7fe0a29815",
"status": "affected",
"version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
"versionType": "git"
},
{
"lessThan": "8a2be2f1db268ec735419e53ef04ca039fc027dc",
"status": "affected",
"version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i3c/master/mipi-i3c-hci/dma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.110",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup\n\nDefinitely condition dma_get_cache_alignment * defined value \u003e 256\nduring driver initialization is not reason to BUG_ON(). Turn that to\ngraceful error out with -EINVAL."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:36:44.549Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cacb76df247a7cd842ff29755a523b1cba6c0508"
},
{
"url": "https://git.kernel.org/stable/c/2666085335bdfedf90d91f4071490ad3980be785"
},
{
"url": "https://git.kernel.org/stable/c/5a022269abb22809f2a174b90f200fc4b9526058"
},
{
"url": "https://git.kernel.org/stable/c/e2d14bfda9eb5393f8a17008afe2aa7fe0a29815"
},
{
"url": "https://git.kernel.org/stable/c/8a2be2f1db268ec735419e53ef04ca039fc027dc"
}
],
"title": "i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47665",
"datePublished": "2024-10-09T14:13:58.061Z",
"dateReserved": "2024-09-30T16:00:12.936Z",
"dateUpdated": "2025-11-03T22:20:30.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47668 (GCVE-0-2024-47668)
Vulnerability from cvelistv5 – Published: 2024-10-09 14:14 – Updated: 2026-01-05 10:53
VLAI?
EPSS
Title
lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
Summary
In the Linux kernel, the following vulnerability has been resolved:
lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
If we need to increase the tree depth, allocate a new node, and then
race with another thread that increased the tree depth before us, we'll
still have a preallocated node that might be used later.
If we then use that node for a new non-root node, it'll still have a
pointer to the old root instead of being zeroed - fix this by zeroing it
in the cmpxchg failure path.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
ba20ba2e3743bac786dff777954c11930256075e , < 0f27f4f445390cb7f73d4209cb2bf32834dc53da
(git)
Affected: ba20ba2e3743bac786dff777954c11930256075e , < 99418ec776a39609f50934720419e0b464ca2283 (git) Affected: ba20ba2e3743bac786dff777954c11930256075e , < ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169 (git) Affected: ba20ba2e3743bac786dff777954c11930256075e , < ebeff038744c498a036e7a92eb8e433ae0a386d7 (git) Affected: ba20ba2e3743bac786dff777954c11930256075e , < d942e855324a60107025c116245095632476613e (git) Affected: ba20ba2e3743bac786dff777954c11930256075e , < 0f078f8ca93b28a34e20bd050f12cd4efeee7c0f (git) Affected: ba20ba2e3743bac786dff777954c11930256075e , < b2f11c6f3e1fc60742673b8675c95b78447f3dae (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47668",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T13:21:11.227741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T13:21:24.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:20:33.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"lib/generic-radix-tree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0f27f4f445390cb7f73d4209cb2bf32834dc53da",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
},
{
"lessThan": "99418ec776a39609f50934720419e0b464ca2283",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
},
{
"lessThan": "ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
},
{
"lessThan": "ebeff038744c498a036e7a92eb8e433ae0a386d7",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
},
{
"lessThan": "d942e855324a60107025c116245095632476613e",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
},
{
"lessThan": "0f078f8ca93b28a34e20bd050f12cd4efeee7c0f",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
},
{
"lessThan": "b2f11c6f3e1fc60742673b8675c95b78447f3dae",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"lib/generic-radix-tree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.110",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we\u0027ll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it\u0027ll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:53:56.917Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da"
},
{
"url": "https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283"
},
{
"url": "https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169"
},
{
"url": "https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7"
},
{
"url": "https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e"
},
{
"url": "https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f"
},
{
"url": "https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae"
}
],
"title": "lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47668",
"datePublished": "2024-10-09T14:14:00.189Z",
"dateReserved": "2024-09-30T16:00:12.936Z",
"dateUpdated": "2026-01-05T10:53:56.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50025 (GCVE-0-2024-50025)
Vulnerability from cvelistv5 – Published: 2024-10-21 19:39 – Updated: 2025-05-04 09:44
VLAI?
EPSS
Title
scsi: fnic: Move flush_work initialization out of if block
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: fnic: Move flush_work initialization out of if block
After commit 379a58caa199 ("scsi: fnic: Move fnic_fnic_flush_tx() to a
work queue"), it can happen that a work item is sent to an uninitialized
work queue. This may has the effect that the item being queued is never
actually queued, and any further actions depending on it will not
proceed.
The following warning is observed while the fnic driver is loaded:
kernel: WARNING: CPU: 11 PID: 0 at ../kernel/workqueue.c:1524 __queue_work+0x373/0x410
kernel: <IRQ>
kernel: queue_work_on+0x3a/0x50
kernel: fnic_wq_copy_cmpl_handler+0x54a/0x730 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24]
kernel: fnic_isr_msix_wq_copy+0x2d/0x60 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24]
kernel: __handle_irq_event_percpu+0x36/0x1a0
kernel: handle_irq_event_percpu+0x30/0x70
kernel: handle_irq_event+0x34/0x60
kernel: handle_edge_irq+0x7e/0x1a0
kernel: __common_interrupt+0x3b/0xb0
kernel: common_interrupt+0x58/0xa0
kernel: </IRQ>
It has been observed that this may break the rediscovery of Fibre
Channel devices after a temporary fabric failure.
This patch fixes it by moving the work queue initialization out of
an if block in fnic_probe().
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:26:53.078526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:46.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/fnic/fnic_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6b7836b80061bf1accc5d78b12bc086aed252388",
"status": "affected",
"version": "379a58caa19930e010b7efa1c1f3b9411d3d2ca3",
"versionType": "git"
},
{
"lessThan": "f30e5f77d2f205ac14d09dec40fd4bb76712f13d",
"status": "affected",
"version": "379a58caa19930e010b7efa1c1f3b9411d3d2ca3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/fnic/fnic_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.4",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: fnic: Move flush_work initialization out of if block\n\nAfter commit 379a58caa199 (\"scsi: fnic: Move fnic_fnic_flush_tx() to a\nwork queue\"), it can happen that a work item is sent to an uninitialized\nwork queue. This may has the effect that the item being queued is never\nactually queued, and any further actions depending on it will not\nproceed.\n\nThe following warning is observed while the fnic driver is loaded:\n\nkernel: WARNING: CPU: 11 PID: 0 at ../kernel/workqueue.c:1524 __queue_work+0x373/0x410\nkernel: \u003cIRQ\u003e\nkernel: queue_work_on+0x3a/0x50\nkernel: fnic_wq_copy_cmpl_handler+0x54a/0x730 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24]\nkernel: fnic_isr_msix_wq_copy+0x2d/0x60 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24]\nkernel: __handle_irq_event_percpu+0x36/0x1a0\nkernel: handle_irq_event_percpu+0x30/0x70\nkernel: handle_irq_event+0x34/0x60\nkernel: handle_edge_irq+0x7e/0x1a0\nkernel: __common_interrupt+0x3b/0xb0\nkernel: common_interrupt+0x58/0xa0\nkernel: \u003c/IRQ\u003e\n\nIt has been observed that this may break the rediscovery of Fibre\nChannel devices after a temporary fabric failure.\n\nThis patch fixes it by moving the work queue initialization out of\nan if block in fnic_probe()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:44:05.315Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6b7836b80061bf1accc5d78b12bc086aed252388"
},
{
"url": "https://git.kernel.org/stable/c/f30e5f77d2f205ac14d09dec40fd4bb76712f13d"
}
],
"title": "scsi: fnic: Move flush_work initialization out of if block",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50025",
"datePublished": "2024-10-21T19:39:29.845Z",
"dateReserved": "2024-10-21T12:17:06.065Z",
"dateUpdated": "2025-05-04T09:44:05.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49958 (GCVE-0-2024-49958)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
ocfs2: reserve space for inline xattr before attaching reflink tree
Summary
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: reserve space for inline xattr before attaching reflink tree
One of our customers reported a crash and a corrupted ocfs2 filesystem.
The crash was due to the detection of corruption. Upon troubleshooting,
the fsck -fn output showed the below corruption
[EXTENT_LIST_FREE] Extent list in owner 33080590 claims 230 as the next free chain record,
but fsck believes the largest valid value is 227. Clamp the next record value? n
The stat output from the debugfs.ocfs2 showed the following corruption
where the "Next Free Rec:" had overshot the "Count:" in the root metadata
block.
Inode: 33080590 Mode: 0640 Generation: 2619713622 (0x9c25a856)
FS Generation: 904309833 (0x35e6ac49)
CRC32: 00000000 ECC: 0000
Type: Regular Attr: 0x0 Flags: Valid
Dynamic Features: (0x16) HasXattr InlineXattr Refcounted
Extended Attributes Block: 0 Extended Attributes Inline Size: 256
User: 0 (root) Group: 0 (root) Size: 281320357888
Links: 1 Clusters: 141738
ctime: 0x66911b56 0x316edcb8 -- Fri Jul 12 06:02:30.829349048 2024
atime: 0x66911d6b 0x7f7a28d -- Fri Jul 12 06:11:23.133669517 2024
mtime: 0x66911b56 0x12ed75d7 -- Fri Jul 12 06:02:30.317552087 2024
dtime: 0x0 -- Wed Dec 31 17:00:00 1969
Refcount Block: 2777346
Last Extblk: 2886943 Orphan Slot: 0
Sub Alloc Slot: 0 Sub Alloc Bit: 14
Tree Depth: 1 Count: 227 Next Free Rec: 230
## Offset Clusters Block#
0 0 2310 2776351
1 2310 2139 2777375
2 4449 1221 2778399
3 5670 731 2779423
4 6401 566 2780447
....... .... .......
....... .... .......
The issue was in the reflink workfow while reserving space for inline
xattr. The problematic function is ocfs2_reflink_xattr_inline(). By the
time this function is called the reflink tree is already recreated at the
destination inode from the source inode. At this point, this function
reserves space for inline xattrs at the destination inode without even
checking if there is space at the root metadata block. It simply reduces
the l_count from 243 to 227 thereby making space of 256 bytes for inline
xattr whereas the inode already has extents beyond this index (in this
case up to 230), thereby causing corruption.
The fix for this is to reserve space for inline metadata at the destination
inode before the reflink tree gets recreated. The customer has verified the
fix.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
ef962df057aaafd714f5c22ba3de1be459571fdf , < 5c9807c523b4fca81d3e8e864dabc8c806402121
(git)
Affected: ef962df057aaafd714f5c22ba3de1be459571fdf , < 74364cb578dcc0b6c9109519d19cbe5a56afac9a (git) Affected: ef962df057aaafd714f5c22ba3de1be459571fdf , < aac31d654a0a31cb0d2fa36ae694f4e164a52707 (git) Affected: ef962df057aaafd714f5c22ba3de1be459571fdf , < 020f5c53c17f66c0a8f2d37dad27ace301b8d8a1 (git) Affected: ef962df057aaafd714f5c22ba3de1be459571fdf , < 5c2072f02c0d75802ec28ec703b7d43a0dd008b5 (git) Affected: ef962df057aaafd714f5c22ba3de1be459571fdf , < 637c00e06564a945e9d0edb3d78d362d64935f9f (git) Affected: ef962df057aaafd714f5c22ba3de1be459571fdf , < 9f9a8f3ac65b4147f1a7b6c05fad5192c0e3c3d9 (git) Affected: ef962df057aaafd714f5c22ba3de1be459571fdf , < 96ce4c3537114d1698be635f5e36c62dc49df7a4 (git) Affected: ef962df057aaafd714f5c22ba3de1be459571fdf , < 5ca60b86f57a4d9648f68418a725b3a7de2816b0 (git) Affected: 3a32958d2ac96070c53d04bd8e013c97b260b5e6 (git) Affected: 93f26306db89c9dc37885b76a1082e6d54d23b16 (git) Affected: 26a849f49fb3347d126a0ed6611173f903374ef4 (git) Affected: 1e7e4c9ae2a78a6791a2ca91a6a400f94855f01e (git) Affected: 1926bf8ae44d80c9f50103f11fc4f17e2e2bf684 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49958",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:35:29.206736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:48.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:38.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/refcounttree.c",
"fs/ocfs2/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5c9807c523b4fca81d3e8e864dabc8c806402121",
"status": "affected",
"version": "ef962df057aaafd714f5c22ba3de1be459571fdf",
"versionType": "git"
},
{
"lessThan": "74364cb578dcc0b6c9109519d19cbe5a56afac9a",
"status": "affected",
"version": "ef962df057aaafd714f5c22ba3de1be459571fdf",
"versionType": "git"
},
{
"lessThan": "aac31d654a0a31cb0d2fa36ae694f4e164a52707",
"status": "affected",
"version": "ef962df057aaafd714f5c22ba3de1be459571fdf",
"versionType": "git"
},
{
"lessThan": "020f5c53c17f66c0a8f2d37dad27ace301b8d8a1",
"status": "affected",
"version": "ef962df057aaafd714f5c22ba3de1be459571fdf",
"versionType": "git"
},
{
"lessThan": "5c2072f02c0d75802ec28ec703b7d43a0dd008b5",
"status": "affected",
"version": "ef962df057aaafd714f5c22ba3de1be459571fdf",
"versionType": "git"
},
{
"lessThan": "637c00e06564a945e9d0edb3d78d362d64935f9f",
"status": "affected",
"version": "ef962df057aaafd714f5c22ba3de1be459571fdf",
"versionType": "git"
},
{
"lessThan": "9f9a8f3ac65b4147f1a7b6c05fad5192c0e3c3d9",
"status": "affected",
"version": "ef962df057aaafd714f5c22ba3de1be459571fdf",
"versionType": "git"
},
{
"lessThan": "96ce4c3537114d1698be635f5e36c62dc49df7a4",
"status": "affected",
"version": "ef962df057aaafd714f5c22ba3de1be459571fdf",
"versionType": "git"
},
{
"lessThan": "5ca60b86f57a4d9648f68418a725b3a7de2816b0",
"status": "affected",
"version": "ef962df057aaafd714f5c22ba3de1be459571fdf",
"versionType": "git"
},
{
"status": "affected",
"version": "3a32958d2ac96070c53d04bd8e013c97b260b5e6",
"versionType": "git"
},
{
"status": "affected",
"version": "93f26306db89c9dc37885b76a1082e6d54d23b16",
"versionType": "git"
},
{
"status": "affected",
"version": "26a849f49fb3347d126a0ed6611173f903374ef4",
"versionType": "git"
},
{
"status": "affected",
"version": "1e7e4c9ae2a78a6791a2ca91a6a400f94855f01e",
"versionType": "git"
},
{
"status": "affected",
"version": "1926bf8ae44d80c9f50103f11fc4f17e2e2bf684",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/refcounttree.c",
"fs/ocfs2/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.11"
},
{
"lessThan": "3.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.4.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.9.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: reserve space for inline xattr before attaching reflink tree\n\nOne of our customers reported a crash and a corrupted ocfs2 filesystem. \nThe crash was due to the detection of corruption. Upon troubleshooting,\nthe fsck -fn output showed the below corruption\n\n[EXTENT_LIST_FREE] Extent list in owner 33080590 claims 230 as the next free chain record,\nbut fsck believes the largest valid value is 227. Clamp the next record value? n\n\nThe stat output from the debugfs.ocfs2 showed the following corruption\nwhere the \"Next Free Rec:\" had overshot the \"Count:\" in the root metadata\nblock.\n\n Inode: 33080590 Mode: 0640 Generation: 2619713622 (0x9c25a856)\n FS Generation: 904309833 (0x35e6ac49)\n CRC32: 00000000 ECC: 0000\n Type: Regular Attr: 0x0 Flags: Valid\n Dynamic Features: (0x16) HasXattr InlineXattr Refcounted\n Extended Attributes Block: 0 Extended Attributes Inline Size: 256\n User: 0 (root) Group: 0 (root) Size: 281320357888\n Links: 1 Clusters: 141738\n ctime: 0x66911b56 0x316edcb8 -- Fri Jul 12 06:02:30.829349048 2024\n atime: 0x66911d6b 0x7f7a28d -- Fri Jul 12 06:11:23.133669517 2024\n mtime: 0x66911b56 0x12ed75d7 -- Fri Jul 12 06:02:30.317552087 2024\n dtime: 0x0 -- Wed Dec 31 17:00:00 1969\n Refcount Block: 2777346\n Last Extblk: 2886943 Orphan Slot: 0\n Sub Alloc Slot: 0 Sub Alloc Bit: 14\n Tree Depth: 1 Count: 227 Next Free Rec: 230\n ## Offset Clusters Block#\n 0 0 2310 2776351\n 1 2310 2139 2777375\n 2 4449 1221 2778399\n 3 5670 731 2779423\n 4 6401 566 2780447\n ....... .... .......\n ....... .... .......\n\nThe issue was in the reflink workfow while reserving space for inline\nxattr. The problematic function is ocfs2_reflink_xattr_inline(). By the\ntime this function is called the reflink tree is already recreated at the\ndestination inode from the source inode. At this point, this function\nreserves space for inline xattrs at the destination inode without even\nchecking if there is space at the root metadata block. It simply reduces\nthe l_count from 243 to 227 thereby making space of 256 bytes for inline\nxattr whereas the inode already has extents beyond this index (in this\ncase up to 230), thereby causing corruption.\n\nThe fix for this is to reserve space for inline metadata at the destination\ninode before the reflink tree gets recreated. The customer has verified the\nfix."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:59:13.995Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5c9807c523b4fca81d3e8e864dabc8c806402121"
},
{
"url": "https://git.kernel.org/stable/c/74364cb578dcc0b6c9109519d19cbe5a56afac9a"
},
{
"url": "https://git.kernel.org/stable/c/aac31d654a0a31cb0d2fa36ae694f4e164a52707"
},
{
"url": "https://git.kernel.org/stable/c/020f5c53c17f66c0a8f2d37dad27ace301b8d8a1"
},
{
"url": "https://git.kernel.org/stable/c/5c2072f02c0d75802ec28ec703b7d43a0dd008b5"
},
{
"url": "https://git.kernel.org/stable/c/637c00e06564a945e9d0edb3d78d362d64935f9f"
},
{
"url": "https://git.kernel.org/stable/c/9f9a8f3ac65b4147f1a7b6c05fad5192c0e3c3d9"
},
{
"url": "https://git.kernel.org/stable/c/96ce4c3537114d1698be635f5e36c62dc49df7a4"
},
{
"url": "https://git.kernel.org/stable/c/5ca60b86f57a4d9648f68418a725b3a7de2816b0"
}
],
"title": "ocfs2: reserve space for inline xattr before attaching reflink tree",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49958",
"datePublished": "2024-10-21T18:02:11.702Z",
"dateReserved": "2024-10-21T12:17:06.048Z",
"dateUpdated": "2025-11-03T22:23:38.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52919 (GCVE-0-2023-52919)
Vulnerability from cvelistv5 – Published: 2024-10-22 07:37 – Updated: 2025-05-04 07:45
VLAI?
EPSS
Title
nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
Handle memory allocation failure from nci_skb_alloc() (calling
alloc_skb()) to avoid possible NULL pointer dereference.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
391d8a2da787257aeaf952c974405b53926e3fb3 , < 2b2edf089df3a69f0072c6e71563394c5a94e62e
(git)
Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < 5622592f8f74ae3e594379af02e64ea84772d0dd (git) Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < 76050b0cc5a72e0c7493287b7e18e1cb9e3c4612 (git) Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < c95fa5b20fe03609e0894656fa43c18045b5097e (git) Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < ffdc881f68073ff86bf21afb9bb954812e8278be (git) Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < d7dbdbe3800a908eecd4975c31be47dd45e2104a (git) Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < bb6cacc439ddd2cd51227ab193f4f91cfc7f014f (git) Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < 7937609cd387246aed994e81aa4fa951358fba41 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:10:43.843732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:35.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/spi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2b2edf089df3a69f0072c6e71563394c5a94e62e",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "5622592f8f74ae3e594379af02e64ea84772d0dd",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "76050b0cc5a72e0c7493287b7e18e1cb9e3c4612",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "c95fa5b20fe03609e0894656fa43c18045b5097e",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "ffdc881f68073ff86bf21afb9bb954812e8278be",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "d7dbdbe3800a908eecd4975c31be47dd45e2104a",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "bb6cacc439ddd2cd51227ab193f4f91cfc7f014f",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "7937609cd387246aed994e81aa4fa951358fba41",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/spi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.11"
},
{
"lessThan": "3.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.328",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.297",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.259",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.137",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.328",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.297",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.259",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.199",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.137",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.60",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.9",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "3.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: fix possible NULL pointer dereference in send_acknowledge()\n\nHandle memory allocation failure from nci_skb_alloc() (calling\nalloc_skb()) to avoid possible NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:59.898Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2b2edf089df3a69f0072c6e71563394c5a94e62e"
},
{
"url": "https://git.kernel.org/stable/c/5622592f8f74ae3e594379af02e64ea84772d0dd"
},
{
"url": "https://git.kernel.org/stable/c/76050b0cc5a72e0c7493287b7e18e1cb9e3c4612"
},
{
"url": "https://git.kernel.org/stable/c/c95fa5b20fe03609e0894656fa43c18045b5097e"
},
{
"url": "https://git.kernel.org/stable/c/ffdc881f68073ff86bf21afb9bb954812e8278be"
},
{
"url": "https://git.kernel.org/stable/c/d7dbdbe3800a908eecd4975c31be47dd45e2104a"
},
{
"url": "https://git.kernel.org/stable/c/bb6cacc439ddd2cd51227ab193f4f91cfc7f014f"
},
{
"url": "https://git.kernel.org/stable/c/7937609cd387246aed994e81aa4fa951358fba41"
}
],
"title": "nfc: nci: fix possible NULL pointer dereference in send_acknowledge()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52919",
"datePublished": "2024-10-22T07:37:28.091Z",
"dateReserved": "2024-08-21T06:07:11.017Z",
"dateUpdated": "2025-05-04T07:45:59.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46678 (GCVE-0-2024-46678)
Vulnerability from cvelistv5 – Published: 2024-09-13 05:29 – Updated: 2025-05-04 12:58
VLAI?
EPSS
Title
bonding: change ipsec_lock from spin lock to mutex
Summary
In the Linux kernel, the following vulnerability has been resolved:
bonding: change ipsec_lock from spin lock to mutex
In the cited commit, bond->ipsec_lock is added to protect ipsec_list,
hence xdo_dev_state_add and xdo_dev_state_delete are called inside
this lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep,
"scheduling while atomic" will be triggered when changing bond's
active slave.
[ 101.055189] BUG: scheduling while atomic: bash/902/0x00000200
[ 101.055726] Modules linked in:
[ 101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1
[ 101.058760] Hardware name:
[ 101.059434] Call Trace:
[ 101.059436] <TASK>
[ 101.060873] dump_stack_lvl+0x51/0x60
[ 101.061275] __schedule_bug+0x4e/0x60
[ 101.061682] __schedule+0x612/0x7c0
[ 101.062078] ? __mod_timer+0x25c/0x370
[ 101.062486] schedule+0x25/0xd0
[ 101.062845] schedule_timeout+0x77/0xf0
[ 101.063265] ? asm_common_interrupt+0x22/0x40
[ 101.063724] ? __bpf_trace_itimer_state+0x10/0x10
[ 101.064215] __wait_for_common+0x87/0x190
[ 101.064648] ? usleep_range_state+0x90/0x90
[ 101.065091] cmd_exec+0x437/0xb20 [mlx5_core]
[ 101.065569] mlx5_cmd_do+0x1e/0x40 [mlx5_core]
[ 101.066051] mlx5_cmd_exec+0x18/0x30 [mlx5_core]
[ 101.066552] mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core]
[ 101.067163] ? bonding_sysfs_store_option+0x4d/0x80 [bonding]
[ 101.067738] ? kmalloc_trace+0x4d/0x350
[ 101.068156] mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core]
[ 101.068747] mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core]
[ 101.069312] bond_change_active_slave+0x392/0x900 [bonding]
[ 101.069868] bond_option_active_slave_set+0x1c2/0x240 [bonding]
[ 101.070454] __bond_opt_set+0xa6/0x430 [bonding]
[ 101.070935] __bond_opt_set_notify+0x2f/0x90 [bonding]
[ 101.071453] bond_opt_tryset_rtnl+0x72/0xb0 [bonding]
[ 101.071965] bonding_sysfs_store_option+0x4d/0x80 [bonding]
[ 101.072567] kernfs_fop_write_iter+0x10c/0x1a0
[ 101.073033] vfs_write+0x2d8/0x400
[ 101.073416] ? alloc_fd+0x48/0x180
[ 101.073798] ksys_write+0x5f/0xe0
[ 101.074175] do_syscall_64+0x52/0x110
[ 101.074576] entry_SYSCALL_64_after_hwframe+0x4b/0x53
As bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called
from bond_change_active_slave, which requires holding the RTNL lock.
And bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state
xdo_dev_state_add and xdo_dev_state_delete APIs, which are in user
context. So ipsec_lock doesn't have to be spin lock, change it to
mutex, and thus the above issue can be resolved.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
9a5605505d9c7dbfdb89cc29a8f5fc5cf9fd2334 , < 6b598069164ac1bb60996d6ff94e7f9169dbd2d3
(git)
Affected: 9a5605505d9c7dbfdb89cc29a8f5fc5cf9fd2334 , < 56354b0a2c24a7828eeed7de4b4dc9652d9affa3 (git) Affected: 9a5605505d9c7dbfdb89cc29a8f5fc5cf9fd2334 , < 2aeeef906d5a526dc60cf4af92eda69836c39b1f (git) Affected: 56ccdf868ab6010739a24a3d72c3e53fd0e1ace2 (git) Affected: 42ec69b9cd7d1f9a8b7420807f3a5d899ca99d28 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46678",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:12:41.184590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:12:56.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/bonding/bond_main.c",
"include/net/bonding.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6b598069164ac1bb60996d6ff94e7f9169dbd2d3",
"status": "affected",
"version": "9a5605505d9c7dbfdb89cc29a8f5fc5cf9fd2334",
"versionType": "git"
},
{
"lessThan": "56354b0a2c24a7828eeed7de4b4dc9652d9affa3",
"status": "affected",
"version": "9a5605505d9c7dbfdb89cc29a8f5fc5cf9fd2334",
"versionType": "git"
},
{
"lessThan": "2aeeef906d5a526dc60cf4af92eda69836c39b1f",
"status": "affected",
"version": "9a5605505d9c7dbfdb89cc29a8f5fc5cf9fd2334",
"versionType": "git"
},
{
"status": "affected",
"version": "56ccdf868ab6010739a24a3d72c3e53fd0e1ace2",
"versionType": "git"
},
{
"status": "affected",
"version": "42ec69b9cd7d1f9a8b7420807f3a5d899ca99d28",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/bonding/bond_main.c",
"include/net/bonding.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.49",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.8",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: change ipsec_lock from spin lock to mutex\n\nIn the cited commit, bond-\u003eipsec_lock is added to protect ipsec_list,\nhence xdo_dev_state_add and xdo_dev_state_delete are called inside\nthis lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep,\n\"scheduling while atomic\" will be triggered when changing bond\u0027s\nactive slave.\n\n[ 101.055189] BUG: scheduling while atomic: bash/902/0x00000200\n[ 101.055726] Modules linked in:\n[ 101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1\n[ 101.058760] Hardware name:\n[ 101.059434] Call Trace:\n[ 101.059436] \u003cTASK\u003e\n[ 101.060873] dump_stack_lvl+0x51/0x60\n[ 101.061275] __schedule_bug+0x4e/0x60\n[ 101.061682] __schedule+0x612/0x7c0\n[ 101.062078] ? __mod_timer+0x25c/0x370\n[ 101.062486] schedule+0x25/0xd0\n[ 101.062845] schedule_timeout+0x77/0xf0\n[ 101.063265] ? asm_common_interrupt+0x22/0x40\n[ 101.063724] ? __bpf_trace_itimer_state+0x10/0x10\n[ 101.064215] __wait_for_common+0x87/0x190\n[ 101.064648] ? usleep_range_state+0x90/0x90\n[ 101.065091] cmd_exec+0x437/0xb20 [mlx5_core]\n[ 101.065569] mlx5_cmd_do+0x1e/0x40 [mlx5_core]\n[ 101.066051] mlx5_cmd_exec+0x18/0x30 [mlx5_core]\n[ 101.066552] mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core]\n[ 101.067163] ? bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[ 101.067738] ? kmalloc_trace+0x4d/0x350\n[ 101.068156] mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core]\n[ 101.068747] mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core]\n[ 101.069312] bond_change_active_slave+0x392/0x900 [bonding]\n[ 101.069868] bond_option_active_slave_set+0x1c2/0x240 [bonding]\n[ 101.070454] __bond_opt_set+0xa6/0x430 [bonding]\n[ 101.070935] __bond_opt_set_notify+0x2f/0x90 [bonding]\n[ 101.071453] bond_opt_tryset_rtnl+0x72/0xb0 [bonding]\n[ 101.071965] bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[ 101.072567] kernfs_fop_write_iter+0x10c/0x1a0\n[ 101.073033] vfs_write+0x2d8/0x400\n[ 101.073416] ? alloc_fd+0x48/0x180\n[ 101.073798] ksys_write+0x5f/0xe0\n[ 101.074175] do_syscall_64+0x52/0x110\n[ 101.074576] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nAs bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called\nfrom bond_change_active_slave, which requires holding the RTNL lock.\nAnd bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state\nxdo_dev_state_add and xdo_dev_state_delete APIs, which are in user\ncontext. So ipsec_lock doesn\u0027t have to be spin lock, change it to\nmutex, and thus the above issue can be resolved."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:58:34.440Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6b598069164ac1bb60996d6ff94e7f9169dbd2d3"
},
{
"url": "https://git.kernel.org/stable/c/56354b0a2c24a7828eeed7de4b4dc9652d9affa3"
},
{
"url": "https://git.kernel.org/stable/c/2aeeef906d5a526dc60cf4af92eda69836c39b1f"
}
],
"title": "bonding: change ipsec_lock from spin lock to mutex",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46678",
"datePublished": "2024-09-13T05:29:12.835Z",
"dateReserved": "2024-09-11T15:12:18.248Z",
"dateUpdated": "2025-05-04T12:58:34.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49895 (GCVE-0-2024-49895)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 22:22
VLAI?
EPSS
Title
drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation
This commit addresses a potential index out of bounds issue in the
`cm3_helper_translate_curve_to_degamma_hw_format` function in the DCN30
color management module. The issue could occur when the index 'i'
exceeds the number of transfer function points (TRANSFER_FUNC_POINTS).
The fix adds a check to ensure 'i' is within bounds before accessing the
transfer function points. If 'i' is out of bounds, the function returns
false to indicate an error.
Reported by smatch:
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:338 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:339 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:340 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < ad89f83343a501890cf082c8a584e96b59fe4015
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < de6ee4f9e6b1c36b4fdc7c345c1a6de9e246093e (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < f3ccd855b4395ce65f10dd37847167f52e122b70 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 0d38a0751143afc03faef02d55d31f70374ff843 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < f5c3d306de91a4b69cfe3eedb72b42d452593e42 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < c4fdc2d6fea129684b82bab90bb52fbace494a58 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < bc50b614d59990747dd5aeced9ec22f9258991ff (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:43:41.739795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:48.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:59.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ad89f83343a501890cf082c8a584e96b59fe4015",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "de6ee4f9e6b1c36b4fdc7c345c1a6de9e246093e",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "f3ccd855b4395ce65f10dd37847167f52e122b70",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "0d38a0751143afc03faef02d55d31f70374ff843",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "f5c3d306de91a4b69cfe3eedb72b42d452593e42",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "c4fdc2d6fea129684b82bab90bb52fbace494a58",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "bc50b614d59990747dd5aeced9ec22f9258991ff",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation\n\nThis commit addresses a potential index out of bounds issue in the\n`cm3_helper_translate_curve_to_degamma_hw_format` function in the DCN30\ncolor management module. The issue could occur when the index \u0027i\u0027\nexceeds the number of transfer function points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\ntransfer function points. If \u0027i\u0027 is out of bounds, the function returns\nfalse to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:338 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:339 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:340 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max"
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:20:56.790Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ad89f83343a501890cf082c8a584e96b59fe4015"
},
{
"url": "https://git.kernel.org/stable/c/de6ee4f9e6b1c36b4fdc7c345c1a6de9e246093e"
},
{
"url": "https://git.kernel.org/stable/c/f3ccd855b4395ce65f10dd37847167f52e122b70"
},
{
"url": "https://git.kernel.org/stable/c/0d38a0751143afc03faef02d55d31f70374ff843"
},
{
"url": "https://git.kernel.org/stable/c/f5c3d306de91a4b69cfe3eedb72b42d452593e42"
},
{
"url": "https://git.kernel.org/stable/c/c4fdc2d6fea129684b82bab90bb52fbace494a58"
},
{
"url": "https://git.kernel.org/stable/c/bc50b614d59990747dd5aeced9ec22f9258991ff"
}
],
"title": "drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49895",
"datePublished": "2024-10-21T18:01:29.028Z",
"dateReserved": "2024-10-21T12:17:06.026Z",
"dateUpdated": "2025-11-03T22:22:59.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49963 (GCVE-0-2024-49963)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
mailbox: bcm2835: Fix timeout during suspend mode
Summary
In the Linux kernel, the following vulnerability has been resolved:
mailbox: bcm2835: Fix timeout during suspend mode
During noirq suspend phase the Raspberry Pi power driver suffer of
firmware property timeouts. The reason is that the IRQ of the underlying
BCM2835 mailbox is disabled and rpi_firmware_property_list() will always
run into a timeout [1].
Since the VideoCore side isn't consider as a wakeup source, set the
IRQF_NO_SUSPEND flag for the mailbox IRQ in order to keep it enabled
during suspend-resume cycle.
[1]
PM: late suspend of devices complete after 1.754 msecs
WARNING: CPU: 0 PID: 438 at drivers/firmware/raspberrypi.c:128
rpi_firmware_property_list+0x204/0x22c
Firmware transaction 0x00028001 timeout
Modules linked in:
CPU: 0 PID: 438 Comm: bash Tainted: G C 6.9.3-dirty #17
Hardware name: BCM2835
Call trace:
unwind_backtrace from show_stack+0x18/0x1c
show_stack from dump_stack_lvl+0x34/0x44
dump_stack_lvl from __warn+0x88/0xec
__warn from warn_slowpath_fmt+0x7c/0xb0
warn_slowpath_fmt from rpi_firmware_property_list+0x204/0x22c
rpi_firmware_property_list from rpi_firmware_property+0x68/0x8c
rpi_firmware_property from rpi_firmware_set_power+0x54/0xc0
rpi_firmware_set_power from _genpd_power_off+0xe4/0x148
_genpd_power_off from genpd_sync_power_off+0x7c/0x11c
genpd_sync_power_off from genpd_finish_suspend+0xcc/0xe0
genpd_finish_suspend from dpm_run_callback+0x78/0xd0
dpm_run_callback from device_suspend_noirq+0xc0/0x238
device_suspend_noirq from dpm_suspend_noirq+0xb0/0x168
dpm_suspend_noirq from suspend_devices_and_enter+0x1b8/0x5ac
suspend_devices_and_enter from pm_suspend+0x254/0x2e4
pm_suspend from state_store+0xa8/0xd4
state_store from kernfs_fop_write_iter+0x154/0x1a0
kernfs_fop_write_iter from vfs_write+0x12c/0x184
vfs_write from ksys_write+0x78/0xc0
ksys_write from ret_fast_syscall+0x0/0x54
Exception stack(0xcc93dfa8 to 0xcc93dff0)
[...]
PM: noirq suspend of devices complete after 3095.584 msecs
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
0bae6af6d704f026d4938739786e0a69d50177ca , < 4e1e03760ee7cc4779b6306867fe0fc02921b963
(git)
Affected: 0bae6af6d704f026d4938739786e0a69d50177ca , < b0de20de29b13950493a36bd4cf531200eb0e807 (git) Affected: 0bae6af6d704f026d4938739786e0a69d50177ca , < 32ee78823dea2d54adaf6e05f86622eba359e091 (git) Affected: 0bae6af6d704f026d4938739786e0a69d50177ca , < df293ea78740a41384d648041f38f645700288e1 (git) Affected: 0bae6af6d704f026d4938739786e0a69d50177ca , < 90320cfc07b7d6e7a58fd8168f6380ec52ff0251 (git) Affected: 0bae6af6d704f026d4938739786e0a69d50177ca , < 10a58555e0bb5cc4673c8bb73b8afc5fa651f0ac (git) Affected: 0bae6af6d704f026d4938739786e0a69d50177ca , < e65a9af05a0b59ebeba28e5e82265a233db7bc27 (git) Affected: 0bae6af6d704f026d4938739786e0a69d50177ca , < dfeb67b2194ecc55ef8065468c5adda3cdf59114 (git) Affected: 0bae6af6d704f026d4938739786e0a69d50177ca , < dc09f007caed3b2f6a3b6bd7e13777557ae22bfd (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:34:51.005901Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:47.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:45.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mailbox/bcm2835-mailbox.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4e1e03760ee7cc4779b6306867fe0fc02921b963",
"status": "affected",
"version": "0bae6af6d704f026d4938739786e0a69d50177ca",
"versionType": "git"
},
{
"lessThan": "b0de20de29b13950493a36bd4cf531200eb0e807",
"status": "affected",
"version": "0bae6af6d704f026d4938739786e0a69d50177ca",
"versionType": "git"
},
{
"lessThan": "32ee78823dea2d54adaf6e05f86622eba359e091",
"status": "affected",
"version": "0bae6af6d704f026d4938739786e0a69d50177ca",
"versionType": "git"
},
{
"lessThan": "df293ea78740a41384d648041f38f645700288e1",
"status": "affected",
"version": "0bae6af6d704f026d4938739786e0a69d50177ca",
"versionType": "git"
},
{
"lessThan": "90320cfc07b7d6e7a58fd8168f6380ec52ff0251",
"status": "affected",
"version": "0bae6af6d704f026d4938739786e0a69d50177ca",
"versionType": "git"
},
{
"lessThan": "10a58555e0bb5cc4673c8bb73b8afc5fa651f0ac",
"status": "affected",
"version": "0bae6af6d704f026d4938739786e0a69d50177ca",
"versionType": "git"
},
{
"lessThan": "e65a9af05a0b59ebeba28e5e82265a233db7bc27",
"status": "affected",
"version": "0bae6af6d704f026d4938739786e0a69d50177ca",
"versionType": "git"
},
{
"lessThan": "dfeb67b2194ecc55ef8065468c5adda3cdf59114",
"status": "affected",
"version": "0bae6af6d704f026d4938739786e0a69d50177ca",
"versionType": "git"
},
{
"lessThan": "dc09f007caed3b2f6a3b6bd7e13777557ae22bfd",
"status": "affected",
"version": "0bae6af6d704f026d4938739786e0a69d50177ca",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mailbox/bcm2835-mailbox.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: bcm2835: Fix timeout during suspend mode\n\nDuring noirq suspend phase the Raspberry Pi power driver suffer of\nfirmware property timeouts. The reason is that the IRQ of the underlying\nBCM2835 mailbox is disabled and rpi_firmware_property_list() will always\nrun into a timeout [1].\n\nSince the VideoCore side isn\u0027t consider as a wakeup source, set the\nIRQF_NO_SUSPEND flag for the mailbox IRQ in order to keep it enabled\nduring suspend-resume cycle.\n\n[1]\nPM: late suspend of devices complete after 1.754 msecs\nWARNING: CPU: 0 PID: 438 at drivers/firmware/raspberrypi.c:128\n rpi_firmware_property_list+0x204/0x22c\nFirmware transaction 0x00028001 timeout\nModules linked in:\nCPU: 0 PID: 438 Comm: bash Tainted: G C 6.9.3-dirty #17\nHardware name: BCM2835\nCall trace:\nunwind_backtrace from show_stack+0x18/0x1c\nshow_stack from dump_stack_lvl+0x34/0x44\ndump_stack_lvl from __warn+0x88/0xec\n__warn from warn_slowpath_fmt+0x7c/0xb0\nwarn_slowpath_fmt from rpi_firmware_property_list+0x204/0x22c\nrpi_firmware_property_list from rpi_firmware_property+0x68/0x8c\nrpi_firmware_property from rpi_firmware_set_power+0x54/0xc0\nrpi_firmware_set_power from _genpd_power_off+0xe4/0x148\n_genpd_power_off from genpd_sync_power_off+0x7c/0x11c\ngenpd_sync_power_off from genpd_finish_suspend+0xcc/0xe0\ngenpd_finish_suspend from dpm_run_callback+0x78/0xd0\ndpm_run_callback from device_suspend_noirq+0xc0/0x238\ndevice_suspend_noirq from dpm_suspend_noirq+0xb0/0x168\ndpm_suspend_noirq from suspend_devices_and_enter+0x1b8/0x5ac\nsuspend_devices_and_enter from pm_suspend+0x254/0x2e4\npm_suspend from state_store+0xa8/0xd4\nstate_store from kernfs_fop_write_iter+0x154/0x1a0\nkernfs_fop_write_iter from vfs_write+0x12c/0x184\nvfs_write from ksys_write+0x78/0xc0\nksys_write from ret_fast_syscall+0x0/0x54\nException stack(0xcc93dfa8 to 0xcc93dff0)\n[...]\nPM: noirq suspend of devices complete after 3095.584 msecs"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:42:29.091Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4e1e03760ee7cc4779b6306867fe0fc02921b963"
},
{
"url": "https://git.kernel.org/stable/c/b0de20de29b13950493a36bd4cf531200eb0e807"
},
{
"url": "https://git.kernel.org/stable/c/32ee78823dea2d54adaf6e05f86622eba359e091"
},
{
"url": "https://git.kernel.org/stable/c/df293ea78740a41384d648041f38f645700288e1"
},
{
"url": "https://git.kernel.org/stable/c/90320cfc07b7d6e7a58fd8168f6380ec52ff0251"
},
{
"url": "https://git.kernel.org/stable/c/10a58555e0bb5cc4673c8bb73b8afc5fa651f0ac"
},
{
"url": "https://git.kernel.org/stable/c/e65a9af05a0b59ebeba28e5e82265a233db7bc27"
},
{
"url": "https://git.kernel.org/stable/c/dfeb67b2194ecc55ef8065468c5adda3cdf59114"
},
{
"url": "https://git.kernel.org/stable/c/dc09f007caed3b2f6a3b6bd7e13777557ae22bfd"
}
],
"title": "mailbox: bcm2835: Fix timeout during suspend mode",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49963",
"datePublished": "2024-10-21T18:02:15.091Z",
"dateReserved": "2024-10-21T12:17:06.049Z",
"dateUpdated": "2025-11-03T22:23:45.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50002 (GCVE-0-2024-50002)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:24
VLAI?
EPSS
Title
static_call: Handle module init failure correctly in static_call_del_module()
Summary
In the Linux kernel, the following vulnerability has been resolved:
static_call: Handle module init failure correctly in static_call_del_module()
Module insertion invokes static_call_add_module() to initialize the static
calls in a module. static_call_add_module() invokes __static_call_init(),
which allocates a struct static_call_mod to either encapsulate the built-in
static call sites of the associated key into it so further modules can be
added or to append the module to the module chain.
If that allocation fails the function returns with an error code and the
module core invokes static_call_del_module() to clean up eventually added
static_call_mod entries.
This works correctly, when all keys used by the module were converted over
to a module chain before the failure. If not then static_call_del_module()
causes a #GP as it blindly assumes that key::mods points to a valid struct
static_call_mod.
The problem is that key::mods is not a individual struct member of struct
static_call_key, it's part of a union to save space:
union {
/* bit 0: 0 = mods, 1 = sites */
unsigned long type;
struct static_call_mod *mods;
struct static_call_site *sites;
};
key::sites is a pointer to the list of built-in usage sites of the static
call. The type of the pointer is differentiated by bit 0. A mods pointer
has the bit clear, the sites pointer has the bit set.
As static_call_del_module() blidly assumes that the pointer is a valid
static_call_mod type, it fails to check for this failure case and
dereferences the pointer to the list of built-in call sites, which is
obviously bogus.
Cure it by checking whether the key has a sites or a mods pointer.
If it's a sites pointer then the key is not to be touched. As the sites are
walked in the same order as in __static_call_init() the site walk can be
terminated because all subsequent sites have not been touched by the init
code due to the error exit.
If it was converted before the allocation fail, then the inner loop which
searches for a module match will find nothing.
A fail in the second allocation in __static_call_init() is harmless and
does not require special treatment. The first allocation succeeded and
converted the key to a module chain. That first entry has mod::mod == NULL
and mod::next == NULL, so the inner loop of static_call_del_module() will
neither find a module match nor a module chain. The next site in the walk
was either already converted, but can't match the module, or it will exit
the outer loop because it has a static_call_site pointer and not a
static_call_mod pointer.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
9183c3f9ed710a8edf1a61e8a96d497258d26e08 , < ed4c8ce0f307f2ab8778aeb40a8866d171e8f128
(git)
Affected: 9183c3f9ed710a8edf1a61e8a96d497258d26e08 , < b566c7d8a2de403ccc9d8a06195e19bbb386d0e4 (git) Affected: 9183c3f9ed710a8edf1a61e8a96d497258d26e08 , < c0abbbe8c98c077292221ec7e2baa667c9f0974c (git) Affected: 9183c3f9ed710a8edf1a61e8a96d497258d26e08 , < 2b494471797bff3d257e99dc0a7abb0c5ff3b4cd (git) Affected: 9183c3f9ed710a8edf1a61e8a96d497258d26e08 , < 9c48c2b53191bf991361998f5bb97b8f2fc5a89c (git) Affected: 9183c3f9ed710a8edf1a61e8a96d497258d26e08 , < 4b30051c4864234ec57290c3d142db7c88f10d8a (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:29:50.299737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:40.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:24:18.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/static_call_inline.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ed4c8ce0f307f2ab8778aeb40a8866d171e8f128",
"status": "affected",
"version": "9183c3f9ed710a8edf1a61e8a96d497258d26e08",
"versionType": "git"
},
{
"lessThan": "b566c7d8a2de403ccc9d8a06195e19bbb386d0e4",
"status": "affected",
"version": "9183c3f9ed710a8edf1a61e8a96d497258d26e08",
"versionType": "git"
},
{
"lessThan": "c0abbbe8c98c077292221ec7e2baa667c9f0974c",
"status": "affected",
"version": "9183c3f9ed710a8edf1a61e8a96d497258d26e08",
"versionType": "git"
},
{
"lessThan": "2b494471797bff3d257e99dc0a7abb0c5ff3b4cd",
"status": "affected",
"version": "9183c3f9ed710a8edf1a61e8a96d497258d26e08",
"versionType": "git"
},
{
"lessThan": "9c48c2b53191bf991361998f5bb97b8f2fc5a89c",
"status": "affected",
"version": "9183c3f9ed710a8edf1a61e8a96d497258d26e08",
"versionType": "git"
},
{
"lessThan": "4b30051c4864234ec57290c3d142db7c88f10d8a",
"status": "affected",
"version": "9183c3f9ed710a8edf1a61e8a96d497258d26e08",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/static_call_inline.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstatic_call: Handle module init failure correctly in static_call_del_module()\n\nModule insertion invokes static_call_add_module() to initialize the static\ncalls in a module. static_call_add_module() invokes __static_call_init(),\nwhich allocates a struct static_call_mod to either encapsulate the built-in\nstatic call sites of the associated key into it so further modules can be\nadded or to append the module to the module chain.\n\nIf that allocation fails the function returns with an error code and the\nmodule core invokes static_call_del_module() to clean up eventually added\nstatic_call_mod entries.\n\nThis works correctly, when all keys used by the module were converted over\nto a module chain before the failure. If not then static_call_del_module()\ncauses a #GP as it blindly assumes that key::mods points to a valid struct\nstatic_call_mod.\n\nThe problem is that key::mods is not a individual struct member of struct\nstatic_call_key, it\u0027s part of a union to save space:\n\n union {\n /* bit 0: 0 = mods, 1 = sites */\n unsigned long type;\n struct static_call_mod *mods;\n struct static_call_site *sites;\n\t};\n\nkey::sites is a pointer to the list of built-in usage sites of the static\ncall. The type of the pointer is differentiated by bit 0. A mods pointer\nhas the bit clear, the sites pointer has the bit set.\n\nAs static_call_del_module() blidly assumes that the pointer is a valid\nstatic_call_mod type, it fails to check for this failure case and\ndereferences the pointer to the list of built-in call sites, which is\nobviously bogus.\n\nCure it by checking whether the key has a sites or a mods pointer.\n\nIf it\u0027s a sites pointer then the key is not to be touched. As the sites are\nwalked in the same order as in __static_call_init() the site walk can be\nterminated because all subsequent sites have not been touched by the init\ncode due to the error exit.\n\nIf it was converted before the allocation fail, then the inner loop which\nsearches for a module match will find nothing.\n\nA fail in the second allocation in __static_call_init() is harmless and\ndoes not require special treatment. The first allocation succeeded and\nconverted the key to a module chain. That first entry has mod::mod == NULL\nand mod::next == NULL, so the inner loop of static_call_del_module() will\nneither find a module match nor a module chain. The next site in the walk\nwas either already converted, but can\u0027t match the module, or it will exit\nthe outer loop because it has a static_call_site pointer and not a\nstatic_call_mod pointer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:43:31.294Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ed4c8ce0f307f2ab8778aeb40a8866d171e8f128"
},
{
"url": "https://git.kernel.org/stable/c/b566c7d8a2de403ccc9d8a06195e19bbb386d0e4"
},
{
"url": "https://git.kernel.org/stable/c/c0abbbe8c98c077292221ec7e2baa667c9f0974c"
},
{
"url": "https://git.kernel.org/stable/c/2b494471797bff3d257e99dc0a7abb0c5ff3b4cd"
},
{
"url": "https://git.kernel.org/stable/c/9c48c2b53191bf991361998f5bb97b8f2fc5a89c"
},
{
"url": "https://git.kernel.org/stable/c/4b30051c4864234ec57290c3d142db7c88f10d8a"
}
],
"title": "static_call: Handle module init failure correctly in static_call_del_module()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50002",
"datePublished": "2024-10-21T18:02:40.908Z",
"dateReserved": "2024-10-21T12:17:06.059Z",
"dateUpdated": "2025-11-03T22:24:18.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48999 (GCVE-0-2022-48999)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference
Gwangun Jung reported a slab-out-of-bounds access in fib_nh_match:
fib_nh_match+0xf98/0x1130 linux-6.0-rc7/net/ipv4/fib_semantics.c:961
fib_table_delete+0x5f3/0xa40 linux-6.0-rc7/net/ipv4/fib_trie.c:1753
inet_rtm_delroute+0x2b3/0x380 linux-6.0-rc7/net/ipv4/fib_frontend.c:874
Separate nexthop objects are mutually exclusive with the legacy
multipath spec. Fix fib_nh_match to return if the config for the
to be deleted route contains a multipath spec while the fib_info
is using a nexthop object.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
493ced1ac47c48bb86d9d4e8e87df8592be85a0e , < cc3cd130ecfb8b0ae52e235e487bae3f16a24a32
(git)
Affected: 493ced1ac47c48bb86d9d4e8e87df8592be85a0e , < 0b5394229ebae09afc07aabccb5ffd705ffd250e (git) Affected: 493ced1ac47c48bb86d9d4e8e87df8592be85a0e , < 25174d91e4a32a24204060d283bd5fa6d0ddf133 (git) Affected: 493ced1ac47c48bb86d9d4e8e87df8592be85a0e , < bb20a2ae241be846bc3c11ea4b3a3c69e41d51f2 (git) Affected: 493ced1ac47c48bb86d9d4e8e87df8592be85a0e , < 61b91eb33a69c3be11b259c5ea484505cd79f883 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48999",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:15:25.948167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:40.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/fib_semantics.c",
"tools/testing/selftests/net/fib_nexthops.sh"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cc3cd130ecfb8b0ae52e235e487bae3f16a24a32",
"status": "affected",
"version": "493ced1ac47c48bb86d9d4e8e87df8592be85a0e",
"versionType": "git"
},
{
"lessThan": "0b5394229ebae09afc07aabccb5ffd705ffd250e",
"status": "affected",
"version": "493ced1ac47c48bb86d9d4e8e87df8592be85a0e",
"versionType": "git"
},
{
"lessThan": "25174d91e4a32a24204060d283bd5fa6d0ddf133",
"status": "affected",
"version": "493ced1ac47c48bb86d9d4e8e87df8592be85a0e",
"versionType": "git"
},
{
"lessThan": "bb20a2ae241be846bc3c11ea4b3a3c69e41d51f2",
"status": "affected",
"version": "493ced1ac47c48bb86d9d4e8e87df8592be85a0e",
"versionType": "git"
},
{
"lessThan": "61b91eb33a69c3be11b259c5ea484505cd79f883",
"status": "affected",
"version": "493ced1ac47c48bb86d9d4e8e87df8592be85a0e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/fib_semantics.c",
"tools/testing/selftests/net/fib_nexthops.sh"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: Handle attempt to delete multipath route when fib_info contains an nh reference\n\nGwangun Jung reported a slab-out-of-bounds access in fib_nh_match:\n fib_nh_match+0xf98/0x1130 linux-6.0-rc7/net/ipv4/fib_semantics.c:961\n fib_table_delete+0x5f3/0xa40 linux-6.0-rc7/net/ipv4/fib_trie.c:1753\n inet_rtm_delroute+0x2b3/0x380 linux-6.0-rc7/net/ipv4/fib_frontend.c:874\n\nSeparate nexthop objects are mutually exclusive with the legacy\nmultipath spec. Fix fib_nh_match to return if the config for the\nto be deleted route contains a multipath spec while the fib_info\nis using a nexthop object."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:46.832Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cc3cd130ecfb8b0ae52e235e487bae3f16a24a32"
},
{
"url": "https://git.kernel.org/stable/c/0b5394229ebae09afc07aabccb5ffd705ffd250e"
},
{
"url": "https://git.kernel.org/stable/c/25174d91e4a32a24204060d283bd5fa6d0ddf133"
},
{
"url": "https://git.kernel.org/stable/c/bb20a2ae241be846bc3c11ea4b3a3c69e41d51f2"
},
{
"url": "https://git.kernel.org/stable/c/61b91eb33a69c3be11b259c5ea484505cd79f883"
}
],
"title": "ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48999",
"datePublished": "2024-10-21T20:06:14.118Z",
"dateReserved": "2024-08-22T01:27:53.642Z",
"dateUpdated": "2025-05-04T08:27:46.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47662 (GCVE-0-2024-47662)
Vulnerability from cvelistv5 – Published: 2024-10-09 14:05 – Updated: 2025-07-28 11:16
VLAI?
EPSS
Title
drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection
[Why]
These registers should not be read from driver and triggering the
security violation when DMCUB work times out and diagnostics are
collected blocks Z8 entry.
[How]
Remove the register read from DCN35.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47662",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T13:22:43.417299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T13:22:57.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "eba4b2a38ccdf074a053834509545703d6df1d57",
"status": "affected",
"version": "7c008829cdc13012ce705ebd46c81a7ca5aeff8b",
"versionType": "git"
},
{
"lessThan": "466423c6dd8af23ebb3a69d43434d01aed0db356",
"status": "affected",
"version": "7c008829cdc13012ce705ebd46c81a7ca5aeff8b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Remove register from DCN35 DMCUB diagnostic collection\n\n[Why]\nThese registers should not be read from driver and triggering the\nsecurity violation when DMCUB work times out and diagnostics are\ncollected blocks Z8 entry.\n\n[How]\nRemove the register read from DCN35."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T11:16:39.724Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/eba4b2a38ccdf074a053834509545703d6df1d57"
},
{
"url": "https://git.kernel.org/stable/c/466423c6dd8af23ebb3a69d43434d01aed0db356"
}
],
"title": "drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47662",
"datePublished": "2024-10-09T14:05:26.334Z",
"dateReserved": "2024-09-30T16:00:12.935Z",
"dateUpdated": "2025-07-28T11:16:39.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48970 (GCVE-0-2022-48970)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
af_unix: Get user_ns from in_skb in unix_diag_get_exact().
Summary
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Get user_ns from in_skb in unix_diag_get_exact().
Wei Chen reported a NULL deref in sk_user_ns() [0][1], and Paolo diagnosed
the root cause: in unix_diag_get_exact(), the newly allocated skb does not
have sk. [2]
We must get the user_ns from the NETLINK_CB(in_skb).sk and pass it to
sk_diag_fill().
[0]:
BUG: kernel NULL pointer dereference, address: 0000000000000270
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 12bbce067 P4D 12bbce067 PUD 12bc40067 PMD 0
Oops: 0000 [#1] PREEMPT SMP
CPU: 0 PID: 27942 Comm: syz-executor.0 Not tainted 6.1.0-rc5-next-20221118 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 04/01/2014
RIP: 0010:sk_user_ns include/net/sock.h:920 [inline]
RIP: 0010:sk_diag_dump_uid net/unix/diag.c:119 [inline]
RIP: 0010:sk_diag_fill+0x77d/0x890 net/unix/diag.c:170
Code: 89 ef e8 66 d4 2d fd c7 44 24 40 00 00 00 00 49 8d 7c 24 18 e8
54 d7 2d fd 49 8b 5c 24 18 48 8d bb 70 02 00 00 e8 43 d7 2d fd <48> 8b
9b 70 02 00 00 48 8d 7b 10 e8 33 d7 2d fd 48 8b 5b 10 48 8d
RSP: 0018:ffffc90000d67968 EFLAGS: 00010246
RAX: ffff88812badaa48 RBX: 0000000000000000 RCX: ffffffff840d481d
RDX: 0000000000000465 RSI: 0000000000000000 RDI: 0000000000000270
RBP: ffffc90000d679a8 R08: 0000000000000277 R09: 0000000000000000
R10: 0001ffffffffffff R11: 0001c90000d679a8 R12: ffff88812ac03800
R13: ffff88812c87c400 R14: ffff88812ae42210 R15: ffff888103026940
FS: 00007f08b4e6f700(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000270 CR3: 000000012c58b000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
unix_diag_get_exact net/unix/diag.c:285 [inline]
unix_diag_handler_dump+0x3f9/0x500 net/unix/diag.c:317
__sock_diag_cmd net/core/sock_diag.c:235 [inline]
sock_diag_rcv_msg+0x237/0x250 net/core/sock_diag.c:266
netlink_rcv_skb+0x13e/0x250 net/netlink/af_netlink.c:2564
sock_diag_rcv+0x24/0x40 net/core/sock_diag.c:277
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x5e9/0x6b0 net/netlink/af_netlink.c:1356
netlink_sendmsg+0x739/0x860 net/netlink/af_netlink.c:1932
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
____sys_sendmsg+0x38f/0x500 net/socket.c:2476
___sys_sendmsg net/socket.c:2530 [inline]
__sys_sendmsg+0x197/0x230 net/socket.c:2559
__do_sys_sendmsg net/socket.c:2568 [inline]
__se_sys_sendmsg net/socket.c:2566 [inline]
__x64_sys_sendmsg+0x42/0x50 net/socket.c:2566
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x4697f9
Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48
89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d
01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f08b4e6ec48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000077bf80 RCX: 00000000004697f9
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
RBP: 00000000004d29e9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000077bf80
R13: 0000000000000000 R14: 000000000077bf80 R15: 00007ffdb36bc6c0
</TASK>
Modules linked in:
CR2: 0000000000000270
[1]: https://lore.kernel.org/netdev/CAO4mrfdvyjFpokhNsiwZiP-wpdSD0AStcJwfKcKQdAALQ9_2Qw@mail.gmail.com/
[2]: https://lore.kernel.org/netdev/e04315e7c90d9a75613f3993c2baf2d344eef7eb.camel@redhat.com/
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
cae9910e73446cac68a54e3a7b02aaa12b689026 , < c66d78aee55dab72c92020ebfbebc464d4f5dd2a
(git)
Affected: cae9910e73446cac68a54e3a7b02aaa12b689026 , < 575a6266f63dbb3b8eb1da03671451f0d81b8034 (git) Affected: cae9910e73446cac68a54e3a7b02aaa12b689026 , < 5c014eb0ed6c8c57f483e94cc6e90f34ce426d91 (git) Affected: cae9910e73446cac68a54e3a7b02aaa12b689026 , < 9c1d6f79a2c7b8221dcec27defc6dc461052ead4 (git) Affected: cae9910e73446cac68a54e3a7b02aaa12b689026 , < b3abe42e94900bdd045c472f9c9be620ba5ce553 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:19:15.629837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:37.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/unix/diag.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c66d78aee55dab72c92020ebfbebc464d4f5dd2a",
"status": "affected",
"version": "cae9910e73446cac68a54e3a7b02aaa12b689026",
"versionType": "git"
},
{
"lessThan": "575a6266f63dbb3b8eb1da03671451f0d81b8034",
"status": "affected",
"version": "cae9910e73446cac68a54e3a7b02aaa12b689026",
"versionType": "git"
},
{
"lessThan": "5c014eb0ed6c8c57f483e94cc6e90f34ce426d91",
"status": "affected",
"version": "cae9910e73446cac68a54e3a7b02aaa12b689026",
"versionType": "git"
},
{
"lessThan": "9c1d6f79a2c7b8221dcec27defc6dc461052ead4",
"status": "affected",
"version": "cae9910e73446cac68a54e3a7b02aaa12b689026",
"versionType": "git"
},
{
"lessThan": "b3abe42e94900bdd045c472f9c9be620ba5ce553",
"status": "affected",
"version": "cae9910e73446cac68a54e3a7b02aaa12b689026",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/unix/diag.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Get user_ns from in_skb in unix_diag_get_exact().\n\nWei Chen reported a NULL deref in sk_user_ns() [0][1], and Paolo diagnosed\nthe root cause: in unix_diag_get_exact(), the newly allocated skb does not\nhave sk. [2]\n\nWe must get the user_ns from the NETLINK_CB(in_skb).sk and pass it to\nsk_diag_fill().\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000270\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 12bbce067 P4D 12bbce067 PUD 12bc40067 PMD 0\nOops: 0000 [#1] PREEMPT SMP\nCPU: 0 PID: 27942 Comm: syz-executor.0 Not tainted 6.1.0-rc5-next-20221118 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 04/01/2014\nRIP: 0010:sk_user_ns include/net/sock.h:920 [inline]\nRIP: 0010:sk_diag_dump_uid net/unix/diag.c:119 [inline]\nRIP: 0010:sk_diag_fill+0x77d/0x890 net/unix/diag.c:170\nCode: 89 ef e8 66 d4 2d fd c7 44 24 40 00 00 00 00 49 8d 7c 24 18 e8\n54 d7 2d fd 49 8b 5c 24 18 48 8d bb 70 02 00 00 e8 43 d7 2d fd \u003c48\u003e 8b\n9b 70 02 00 00 48 8d 7b 10 e8 33 d7 2d fd 48 8b 5b 10 48 8d\nRSP: 0018:ffffc90000d67968 EFLAGS: 00010246\nRAX: ffff88812badaa48 RBX: 0000000000000000 RCX: ffffffff840d481d\nRDX: 0000000000000465 RSI: 0000000000000000 RDI: 0000000000000270\nRBP: ffffc90000d679a8 R08: 0000000000000277 R09: 0000000000000000\nR10: 0001ffffffffffff R11: 0001c90000d679a8 R12: ffff88812ac03800\nR13: ffff88812c87c400 R14: ffff88812ae42210 R15: ffff888103026940\nFS: 00007f08b4e6f700(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000270 CR3: 000000012c58b000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n unix_diag_get_exact net/unix/diag.c:285 [inline]\n unix_diag_handler_dump+0x3f9/0x500 net/unix/diag.c:317\n __sock_diag_cmd net/core/sock_diag.c:235 [inline]\n sock_diag_rcv_msg+0x237/0x250 net/core/sock_diag.c:266\n netlink_rcv_skb+0x13e/0x250 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x24/0x40 net/core/sock_diag.c:277\n netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]\n netlink_unicast+0x5e9/0x6b0 net/netlink/af_netlink.c:1356\n netlink_sendmsg+0x739/0x860 net/netlink/af_netlink.c:1932\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg net/socket.c:734 [inline]\n ____sys_sendmsg+0x38f/0x500 net/socket.c:2476\n ___sys_sendmsg net/socket.c:2530 [inline]\n __sys_sendmsg+0x197/0x230 net/socket.c:2559\n __do_sys_sendmsg net/socket.c:2568 [inline]\n __se_sys_sendmsg net/socket.c:2566 [inline]\n __x64_sys_sendmsg+0x42/0x50 net/socket.c:2566\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x4697f9\nCode: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f08b4e6ec48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 000000000077bf80 RCX: 00000000004697f9\nRDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003\nRBP: 00000000004d29e9 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000077bf80\nR13: 0000000000000000 R14: 000000000077bf80 R15: 00007ffdb36bc6c0\n \u003c/TASK\u003e\nModules linked in:\nCR2: 0000000000000270\n\n[1]: https://lore.kernel.org/netdev/CAO4mrfdvyjFpokhNsiwZiP-wpdSD0AStcJwfKcKQdAALQ9_2Qw@mail.gmail.com/\n[2]: https://lore.kernel.org/netdev/e04315e7c90d9a75613f3993c2baf2d344eef7eb.camel@redhat.com/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:09.345Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c66d78aee55dab72c92020ebfbebc464d4f5dd2a"
},
{
"url": "https://git.kernel.org/stable/c/575a6266f63dbb3b8eb1da03671451f0d81b8034"
},
{
"url": "https://git.kernel.org/stable/c/5c014eb0ed6c8c57f483e94cc6e90f34ce426d91"
},
{
"url": "https://git.kernel.org/stable/c/9c1d6f79a2c7b8221dcec27defc6dc461052ead4"
},
{
"url": "https://git.kernel.org/stable/c/b3abe42e94900bdd045c472f9c9be620ba5ce553"
}
],
"title": "af_unix: Get user_ns from in_skb in unix_diag_get_exact().",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48970",
"datePublished": "2024-10-21T20:05:51.703Z",
"dateReserved": "2024-08-22T01:27:53.629Z",
"dateUpdated": "2025-05-04T08:27:09.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48955 (GCVE-0-2022-48955)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:26
VLAI?
EPSS
Title
net: thunderbolt: fix memory leak in tbnet_open()
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: thunderbolt: fix memory leak in tbnet_open()
When tb_ring_alloc_rx() failed in tbnet_open(), ida that allocated in
tb_xdomain_alloc_out_hopid() is not released. Add
tb_xdomain_release_out_hopid() to the error path to release ida.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
180b0689425c6fb2b35e69a3316ee38371a782df , < b9274dbe399952a8175db2e1ee148b7c9ba2b538
(git)
Affected: 180b0689425c6fb2b35e69a3316ee38371a782df , < ed6e955f3b7e0e622c080f4bcb5427a5e1af4c2a (git) Affected: 180b0689425c6fb2b35e69a3316ee38371a782df , < ed14e5903638f6eb868e3e2b4e610985e6a6c876 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:21:07.811793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:39.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/thunderbolt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b9274dbe399952a8175db2e1ee148b7c9ba2b538",
"status": "affected",
"version": "180b0689425c6fb2b35e69a3316ee38371a782df",
"versionType": "git"
},
{
"lessThan": "ed6e955f3b7e0e622c080f4bcb5427a5e1af4c2a",
"status": "affected",
"version": "180b0689425c6fb2b35e69a3316ee38371a782df",
"versionType": "git"
},
{
"lessThan": "ed14e5903638f6eb868e3e2b4e610985e6a6c876",
"status": "affected",
"version": "180b0689425c6fb2b35e69a3316ee38371a782df",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/thunderbolt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: thunderbolt: fix memory leak in tbnet_open()\n\nWhen tb_ring_alloc_rx() failed in tbnet_open(), ida that allocated in\ntb_xdomain_alloc_out_hopid() is not released. Add\ntb_xdomain_release_out_hopid() to the error path to release ida."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:52.772Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b9274dbe399952a8175db2e1ee148b7c9ba2b538"
},
{
"url": "https://git.kernel.org/stable/c/ed6e955f3b7e0e622c080f4bcb5427a5e1af4c2a"
},
{
"url": "https://git.kernel.org/stable/c/ed14e5903638f6eb868e3e2b4e610985e6a6c876"
}
],
"title": "net: thunderbolt: fix memory leak in tbnet_open()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48955",
"datePublished": "2024-10-21T20:05:41.715Z",
"dateReserved": "2024-08-22T01:27:53.627Z",
"dateUpdated": "2025-05-04T08:26:52.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48972 (GCVE-0-2022-48972)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
Summary
In the Linux kernel, the following vulnerability has been resolved:
mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
Kernel fault injection test reports null-ptr-deref as follows:
BUG: kernel NULL pointer dereference, address: 0000000000000008
RIP: 0010:cfg802154_netdev_notifier_call+0x120/0x310 include/linux/list.h:114
Call Trace:
<TASK>
raw_notifier_call_chain+0x6d/0xa0 kernel/notifier.c:87
call_netdevice_notifiers_info+0x6e/0xc0 net/core/dev.c:1944
unregister_netdevice_many_notify+0x60d/0xcb0 net/core/dev.c:1982
unregister_netdevice_queue+0x154/0x1a0 net/core/dev.c:10879
register_netdevice+0x9a8/0xb90 net/core/dev.c:10083
ieee802154_if_add+0x6ed/0x7e0 net/mac802154/iface.c:659
ieee802154_register_hw+0x29c/0x330 net/mac802154/main.c:229
mcr20a_probe+0xaaa/0xcb1 drivers/net/ieee802154/mcr20a.c:1316
ieee802154_if_add() allocates wpan_dev as netdev's private data, but not
init the list in struct wpan_dev. cfg802154_netdev_notifier_call() manage
the list when device register/unregister, and may lead to null-ptr-deref.
Use INIT_LIST_HEAD() on it to initialize it correctly.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
fcf39e6e88e9492f6688ec8ba4e1be622b904232 , < 7410f4d1221bb182510b7778ab6eefa8b9b7102d
(git)
Affected: fcf39e6e88e9492f6688ec8ba4e1be622b904232 , < 9980a3ea20de40c83817877106c909cb032692d2 (git) Affected: fcf39e6e88e9492f6688ec8ba4e1be622b904232 , < f00c84fb1635c27ba24ec5df65d5bd7d7dc00008 (git) Affected: fcf39e6e88e9492f6688ec8ba4e1be622b904232 , < 1831d4540406708e48239cf38fd9c3b7ea98e08f (git) Affected: fcf39e6e88e9492f6688ec8ba4e1be622b904232 , < 42c319635c0cf7eb36eccac6cda76532f47b61a3 (git) Affected: fcf39e6e88e9492f6688ec8ba4e1be622b904232 , < a110287ef4a423980309490df632e1c1e73b3dc9 (git) Affected: fcf39e6e88e9492f6688ec8ba4e1be622b904232 , < 623918f40fa68e3bb21312a3fafb90f491bf5358 (git) Affected: fcf39e6e88e9492f6688ec8ba4e1be622b904232 , < b3d72d3135d2ef68296c1ee174436efd65386f04 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:19:01.056200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:37.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mac802154/iface.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7410f4d1221bb182510b7778ab6eefa8b9b7102d",
"status": "affected",
"version": "fcf39e6e88e9492f6688ec8ba4e1be622b904232",
"versionType": "git"
},
{
"lessThan": "9980a3ea20de40c83817877106c909cb032692d2",
"status": "affected",
"version": "fcf39e6e88e9492f6688ec8ba4e1be622b904232",
"versionType": "git"
},
{
"lessThan": "f00c84fb1635c27ba24ec5df65d5bd7d7dc00008",
"status": "affected",
"version": "fcf39e6e88e9492f6688ec8ba4e1be622b904232",
"versionType": "git"
},
{
"lessThan": "1831d4540406708e48239cf38fd9c3b7ea98e08f",
"status": "affected",
"version": "fcf39e6e88e9492f6688ec8ba4e1be622b904232",
"versionType": "git"
},
{
"lessThan": "42c319635c0cf7eb36eccac6cda76532f47b61a3",
"status": "affected",
"version": "fcf39e6e88e9492f6688ec8ba4e1be622b904232",
"versionType": "git"
},
{
"lessThan": "a110287ef4a423980309490df632e1c1e73b3dc9",
"status": "affected",
"version": "fcf39e6e88e9492f6688ec8ba4e1be622b904232",
"versionType": "git"
},
{
"lessThan": "623918f40fa68e3bb21312a3fafb90f491bf5358",
"status": "affected",
"version": "fcf39e6e88e9492f6688ec8ba4e1be622b904232",
"versionType": "git"
},
{
"lessThan": "b3d72d3135d2ef68296c1ee174436efd65386f04",
"status": "affected",
"version": "fcf39e6e88e9492f6688ec8ba4e1be622b904232",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mac802154/iface.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.336",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.336",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.302",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.269",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()\n\nKernel fault injection test reports null-ptr-deref as follows:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nRIP: 0010:cfg802154_netdev_notifier_call+0x120/0x310 include/linux/list.h:114\nCall Trace:\n \u003cTASK\u003e\n raw_notifier_call_chain+0x6d/0xa0 kernel/notifier.c:87\n call_netdevice_notifiers_info+0x6e/0xc0 net/core/dev.c:1944\n unregister_netdevice_many_notify+0x60d/0xcb0 net/core/dev.c:1982\n unregister_netdevice_queue+0x154/0x1a0 net/core/dev.c:10879\n register_netdevice+0x9a8/0xb90 net/core/dev.c:10083\n ieee802154_if_add+0x6ed/0x7e0 net/mac802154/iface.c:659\n ieee802154_register_hw+0x29c/0x330 net/mac802154/main.c:229\n mcr20a_probe+0xaaa/0xcb1 drivers/net/ieee802154/mcr20a.c:1316\n\nieee802154_if_add() allocates wpan_dev as netdev\u0027s private data, but not\ninit the list in struct wpan_dev. cfg802154_netdev_notifier_call() manage\nthe list when device register/unregister, and may lead to null-ptr-deref.\n\nUse INIT_LIST_HEAD() on it to initialize it correctly."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:11.564Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7410f4d1221bb182510b7778ab6eefa8b9b7102d"
},
{
"url": "https://git.kernel.org/stable/c/9980a3ea20de40c83817877106c909cb032692d2"
},
{
"url": "https://git.kernel.org/stable/c/f00c84fb1635c27ba24ec5df65d5bd7d7dc00008"
},
{
"url": "https://git.kernel.org/stable/c/1831d4540406708e48239cf38fd9c3b7ea98e08f"
},
{
"url": "https://git.kernel.org/stable/c/42c319635c0cf7eb36eccac6cda76532f47b61a3"
},
{
"url": "https://git.kernel.org/stable/c/a110287ef4a423980309490df632e1c1e73b3dc9"
},
{
"url": "https://git.kernel.org/stable/c/623918f40fa68e3bb21312a3fafb90f491bf5358"
},
{
"url": "https://git.kernel.org/stable/c/b3d72d3135d2ef68296c1ee174436efd65386f04"
}
],
"title": "mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48972",
"datePublished": "2024-10-21T20:05:53.061Z",
"dateReserved": "2024-08-22T01:27:53.629Z",
"dateUpdated": "2025-05-04T08:27:11.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49969 (GCVE-0-2024-49969)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
drm/amd/display: Fix index out of bounds in DCN30 color transformation
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix index out of bounds in DCN30 color transformation
This commit addresses a potential index out of bounds issue in the
`cm3_helper_translate_curve_to_hw_format` function in the DCN30 color
management module. The issue could occur when the index 'i' exceeds the
number of transfer function points (TRANSFER_FUNC_POINTS).
The fix adds a check to ensure 'i' is within bounds before accessing the
transfer function points. If 'i' is out of bounds, the function returns
false to indicate an error.
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:180 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:181 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:182 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < 7ab69af56a23859b647dee69fa1052c689343621
(git)
Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < c13f9c62015c56a938304cef6d507227ea3e0039 (git) Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < 0f1e222a4b41d77c442901d166fbdca967af0d86 (git) Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < 929506d5671419cffd8d01e9a7f5eae53682a838 (git) Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < 578422ddae3d13362b64e77ef9bab98780641631 (git) Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < b9d8b94ec7e67f0cae228c054f77b73967c389a3 (git) Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < d81873f9e715b72d4f8d391c8eb243946f784dfc (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:34:03.408240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:46.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:51.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7ab69af56a23859b647dee69fa1052c689343621",
"status": "affected",
"version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
"versionType": "git"
},
{
"lessThan": "c13f9c62015c56a938304cef6d507227ea3e0039",
"status": "affected",
"version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
"versionType": "git"
},
{
"lessThan": "0f1e222a4b41d77c442901d166fbdca967af0d86",
"status": "affected",
"version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
"versionType": "git"
},
{
"lessThan": "929506d5671419cffd8d01e9a7f5eae53682a838",
"status": "affected",
"version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
"versionType": "git"
},
{
"lessThan": "578422ddae3d13362b64e77ef9bab98780641631",
"status": "affected",
"version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
"versionType": "git"
},
{
"lessThan": "b9d8b94ec7e67f0cae228c054f77b73967c389a3",
"status": "affected",
"version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
"versionType": "git"
},
{
"lessThan": "d81873f9e715b72d4f8d391c8eb243946f784dfc",
"status": "affected",
"version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in DCN30 color transformation\n\nThis commit addresses a potential index out of bounds issue in the\n`cm3_helper_translate_curve_to_hw_format` function in the DCN30 color\nmanagement module. The issue could occur when the index \u0027i\u0027 exceeds the\nnumber of transfer function points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\ntransfer function points. If \u0027i\u0027 is out of bounds, the function returns\nfalse to indicate an error.\n\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:180 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:181 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:182 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:32.855Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7ab69af56a23859b647dee69fa1052c689343621"
},
{
"url": "https://git.kernel.org/stable/c/c13f9c62015c56a938304cef6d507227ea3e0039"
},
{
"url": "https://git.kernel.org/stable/c/0f1e222a4b41d77c442901d166fbdca967af0d86"
},
{
"url": "https://git.kernel.org/stable/c/929506d5671419cffd8d01e9a7f5eae53682a838"
},
{
"url": "https://git.kernel.org/stable/c/578422ddae3d13362b64e77ef9bab98780641631"
},
{
"url": "https://git.kernel.org/stable/c/b9d8b94ec7e67f0cae228c054f77b73967c389a3"
},
{
"url": "https://git.kernel.org/stable/c/d81873f9e715b72d4f8d391c8eb243946f784dfc"
}
],
"title": "drm/amd/display: Fix index out of bounds in DCN30 color transformation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49969",
"datePublished": "2024-10-21T18:02:19.044Z",
"dateReserved": "2024-10-21T12:17:06.051Z",
"dateUpdated": "2025-11-03T22:23:51.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48961 (GCVE-0-2022-48961)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:26
VLAI?
EPSS
Title
net: mdio: fix unbalanced fwnode reference count in mdio_device_release()
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: mdio: fix unbalanced fwnode reference count in mdio_device_release()
There is warning report about of_node refcount leak
while probing mdio device:
OF: ERROR: memory leak, expected refcount 1 instead of 2,
of_node_get()/of_node_put() unbalanced - destroy cset entry:
attach overlay node /spi/soc@0/mdio@710700c0/ethernet@4
In of_mdiobus_register_device(), we increase fwnode refcount
by fwnode_handle_get() before associating the of_node with
mdio device, but it has never been decreased in normal path.
Since that, in mdio_device_release(), it needs to call
fwnode_handle_put() in addition instead of calling kfree()
directly.
After above, just calling mdio_device_free() in the error handle
path of of_mdiobus_register_device() is enough to keep the
refcount balanced.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
a9049e0c513c4521dbfaa302af8ed08b3366b41f , < 16854177745a5648f8ec322353b432e18460f43a
(git)
Affected: a9049e0c513c4521dbfaa302af8ed08b3366b41f , < a5c6de1a6656b8cc6bce7cb3d9874dd7df4968c3 (git) Affected: a9049e0c513c4521dbfaa302af8ed08b3366b41f , < cb37617687f2bfa5b675df7779f869147c9002bd (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:20:22.871299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:39.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/mdio/of_mdio.c",
"drivers/net/phy/mdio_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "16854177745a5648f8ec322353b432e18460f43a",
"status": "affected",
"version": "a9049e0c513c4521dbfaa302af8ed08b3366b41f",
"versionType": "git"
},
{
"lessThan": "a5c6de1a6656b8cc6bce7cb3d9874dd7df4968c3",
"status": "affected",
"version": "a9049e0c513c4521dbfaa302af8ed08b3366b41f",
"versionType": "git"
},
{
"lessThan": "cb37617687f2bfa5b675df7779f869147c9002bd",
"status": "affected",
"version": "a9049e0c513c4521dbfaa302af8ed08b3366b41f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/mdio/of_mdio.c",
"drivers/net/phy/mdio_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.5"
},
{
"lessThan": "4.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mdio: fix unbalanced fwnode reference count in mdio_device_release()\n\nThere is warning report about of_node refcount leak\nwhile probing mdio device:\n\nOF: ERROR: memory leak, expected refcount 1 instead of 2,\nof_node_get()/of_node_put() unbalanced - destroy cset entry:\nattach overlay node /spi/soc@0/mdio@710700c0/ethernet@4\n\nIn of_mdiobus_register_device(), we increase fwnode refcount\nby fwnode_handle_get() before associating the of_node with\nmdio device, but it has never been decreased in normal path.\nSince that, in mdio_device_release(), it needs to call\nfwnode_handle_put() in addition instead of calling kfree()\ndirectly.\n\nAfter above, just calling mdio_device_free() in the error handle\npath of of_mdiobus_register_device() is enough to keep the\nrefcount balanced."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:59.413Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/16854177745a5648f8ec322353b432e18460f43a"
},
{
"url": "https://git.kernel.org/stable/c/a5c6de1a6656b8cc6bce7cb3d9874dd7df4968c3"
},
{
"url": "https://git.kernel.org/stable/c/cb37617687f2bfa5b675df7779f869147c9002bd"
}
],
"title": "net: mdio: fix unbalanced fwnode reference count in mdio_device_release()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48961",
"datePublished": "2024-10-21T20:05:45.849Z",
"dateReserved": "2024-08-22T01:27:53.628Z",
"dateUpdated": "2025-05-04T08:26:59.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46843 (GCVE-0-2024-46843)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:39 – Updated: 2025-05-21 09:13
VLAI?
EPSS
Title
scsi: ufs: core: Remove SCSI host only if added
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Remove SCSI host only if added
If host tries to remove ufshcd driver from a UFS device it would cause a
kernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before
adding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host
has been defered after MCQ configuration introduced by commit 0cab4023ec7b
("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported").
To guarantee that SCSI host is removed only if it has been added, set the
scsi_host_added flag to true after adding a SCSI host and check whether it
is set or not before removing it.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
0cab4023ec7b49b18145f74ab8389678d6d58878 , < 2f49e05d6b58d660f035a75ff96b77071b4bd5ed
(git)
Affected: 0cab4023ec7b49b18145f74ab8389678d6d58878 , < 3844586e9bd9845140e1078f1e61896b576ac536 (git) Affected: 0cab4023ec7b49b18145f74ab8389678d6d58878 , < 7cbff570dbe8907e23bba06f6414899a0fbb2fcc (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46843",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T13:59:19.591103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T13:59:23.407Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/ufs/core/ufshcd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2f49e05d6b58d660f035a75ff96b77071b4bd5ed",
"status": "affected",
"version": "0cab4023ec7b49b18145f74ab8389678d6d58878",
"versionType": "git"
},
{
"lessThan": "3844586e9bd9845140e1078f1e61896b576ac536",
"status": "affected",
"version": "0cab4023ec7b49b18145f74ab8389678d6d58878",
"versionType": "git"
},
{
"lessThan": "7cbff570dbe8907e23bba06f6414899a0fbb2fcc",
"status": "affected",
"version": "0cab4023ec7b49b18145f74ab8389678d6d58878",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/ufs/core/ufshcd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Remove SCSI host only if added\n\nIf host tries to remove ufshcd driver from a UFS device it would cause a\nkernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before\nadding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host\nhas been defered after MCQ configuration introduced by commit 0cab4023ec7b\n(\"scsi: ufs: core: Defer adding host to SCSI if MCQ is supported\").\n\nTo guarantee that SCSI host is removed only if it has been added, set the\nscsi_host_added flag to true after adding a SCSI host and check whether it\nis set or not before removing it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:17.306Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2f49e05d6b58d660f035a75ff96b77071b4bd5ed"
},
{
"url": "https://git.kernel.org/stable/c/3844586e9bd9845140e1078f1e61896b576ac536"
},
{
"url": "https://git.kernel.org/stable/c/7cbff570dbe8907e23bba06f6414899a0fbb2fcc"
}
],
"title": "scsi: ufs: core: Remove SCSI host only if added",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46843",
"datePublished": "2024-09-27T12:39:37.025Z",
"dateReserved": "2024-09-11T15:12:18.289Z",
"dateUpdated": "2025-05-21T09:13:17.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49858 (GCVE-0-2024-49858)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:27 – Updated: 2026-01-05 10:54
VLAI?
EPSS
Title
efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption
Summary
In the Linux kernel, the following vulnerability has been resolved:
efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption
The TPM event log table is a Linux specific construct, where the data
produced by the GetEventLog() boot service is cached in memory, and
passed on to the OS using an EFI configuration table.
The use of EFI_LOADER_DATA here results in the region being left
unreserved in the E820 memory map constructed by the EFI stub, and this
is the memory description that is passed on to the incoming kernel by
kexec, which is therefore unaware that the region should be reserved.
Even though the utility of the TPM2 event log after a kexec is
questionable, any corruption might send the parsing code off into the
weeds and crash the kernel. So let's use EFI_ACPI_RECLAIM_MEMORY
instead, which is always treated as reserved by the E820 conversion
logic.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
33b6d03469b2206fb51ecc37f40411a857ad8fff , < f76b69ab9cf04358266e3cea5748c0c2791fbb08
(git)
Affected: 33b6d03469b2206fb51ecc37f40411a857ad8fff , < 11690d7e76842f29b60fbb5b35bc97d206ea0e83 (git) Affected: 33b6d03469b2206fb51ecc37f40411a857ad8fff , < 5b22c038fb2757c652642933de5664da471f8cb7 (git) Affected: 33b6d03469b2206fb51ecc37f40411a857ad8fff , < 19fd2f2c5fb36b61506d3208474bfd8fdf1cada3 (git) Affected: 33b6d03469b2206fb51ecc37f40411a857ad8fff , < 38d9b07d99b789efb6d8dda21f1aaad636c38993 (git) Affected: 33b6d03469b2206fb51ecc37f40411a857ad8fff , < 2e6871a632a99d9b9e2ce3a7847acabe99e5a26e (git) Affected: 33b6d03469b2206fb51ecc37f40411a857ad8fff , < 77d48d39e99170b528e4f2e9fc5d1d64cdedd386 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:56:02.250795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:10.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:27.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/efi/libstub/tpm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f76b69ab9cf04358266e3cea5748c0c2791fbb08",
"status": "affected",
"version": "33b6d03469b2206fb51ecc37f40411a857ad8fff",
"versionType": "git"
},
{
"lessThan": "11690d7e76842f29b60fbb5b35bc97d206ea0e83",
"status": "affected",
"version": "33b6d03469b2206fb51ecc37f40411a857ad8fff",
"versionType": "git"
},
{
"lessThan": "5b22c038fb2757c652642933de5664da471f8cb7",
"status": "affected",
"version": "33b6d03469b2206fb51ecc37f40411a857ad8fff",
"versionType": "git"
},
{
"lessThan": "19fd2f2c5fb36b61506d3208474bfd8fdf1cada3",
"status": "affected",
"version": "33b6d03469b2206fb51ecc37f40411a857ad8fff",
"versionType": "git"
},
{
"lessThan": "38d9b07d99b789efb6d8dda21f1aaad636c38993",
"status": "affected",
"version": "33b6d03469b2206fb51ecc37f40411a857ad8fff",
"versionType": "git"
},
{
"lessThan": "2e6871a632a99d9b9e2ce3a7847acabe99e5a26e",
"status": "affected",
"version": "33b6d03469b2206fb51ecc37f40411a857ad8fff",
"versionType": "git"
},
{
"lessThan": "77d48d39e99170b528e4f2e9fc5d1d64cdedd386",
"status": "affected",
"version": "33b6d03469b2206fb51ecc37f40411a857ad8fff",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/efi/libstub/tpm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefistub/tpm: Use ACPI reclaim memory for event log to avoid corruption\n\nThe TPM event log table is a Linux specific construct, where the data\nproduced by the GetEventLog() boot service is cached in memory, and\npassed on to the OS using an EFI configuration table.\n\nThe use of EFI_LOADER_DATA here results in the region being left\nunreserved in the E820 memory map constructed by the EFI stub, and this\nis the memory description that is passed on to the incoming kernel by\nkexec, which is therefore unaware that the region should be reserved.\n\nEven though the utility of the TPM2 event log after a kexec is\nquestionable, any corruption might send the parsing code off into the\nweeds and crash the kernel. So let\u0027s use EFI_ACPI_RECLAIM_MEMORY\ninstead, which is always treated as reserved by the E820 conversion\nlogic."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:54:07.683Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f76b69ab9cf04358266e3cea5748c0c2791fbb08"
},
{
"url": "https://git.kernel.org/stable/c/11690d7e76842f29b60fbb5b35bc97d206ea0e83"
},
{
"url": "https://git.kernel.org/stable/c/5b22c038fb2757c652642933de5664da471f8cb7"
},
{
"url": "https://git.kernel.org/stable/c/19fd2f2c5fb36b61506d3208474bfd8fdf1cada3"
},
{
"url": "https://git.kernel.org/stable/c/38d9b07d99b789efb6d8dda21f1aaad636c38993"
},
{
"url": "https://git.kernel.org/stable/c/2e6871a632a99d9b9e2ce3a7847acabe99e5a26e"
},
{
"url": "https://git.kernel.org/stable/c/77d48d39e99170b528e4f2e9fc5d1d64cdedd386"
}
],
"title": "efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49858",
"datePublished": "2024-10-21T12:27:17.308Z",
"dateReserved": "2024-10-21T12:17:06.016Z",
"dateUpdated": "2026-01-05T10:54:07.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50060 (GCVE-0-2024-50060)
Vulnerability from cvelistv5 – Published: 2024-10-21 19:39 – Updated: 2025-11-03 22:25
VLAI?
EPSS
Title
io_uring: check if we need to reschedule during overflow flush
Summary
In the Linux kernel, the following vulnerability has been resolved:
io_uring: check if we need to reschedule during overflow flush
In terms of normal application usage, this list will always be empty.
And if an application does overflow a bit, it'll have a few entries.
However, nothing obviously prevents syzbot from running a test case
that generates a ton of overflow entries, and then flushing them can
take quite a while.
Check for needing to reschedule while flushing, and drop our locks and
do so if necessary. There's no state to maintain here as overflows
always prune from head-of-list, hence it's fine to drop and reacquire
the locks at the end of the loop.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
2b188cc1bb857a9d4701ae59aa7768b5124e262e , < a2493904e95ce94bbec819d8f7f03b99976eb25c
(git)
Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < f4ce3b5d26ce149e77e6b8e8f2058aa80e5b034e (git) Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < c2eadeafce2d385b3f6d26a7f31fee5aba2bbbb0 (git) Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < eac2ca2d682f94f46b1973bdf5e77d85d77b8e53 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:22:59.693890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:42.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:25:00.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"io_uring/io_uring.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a2493904e95ce94bbec819d8f7f03b99976eb25c",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
},
{
"lessThan": "f4ce3b5d26ce149e77e6b8e8f2058aa80e5b034e",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
},
{
"lessThan": "c2eadeafce2d385b3f6d26a7f31fee5aba2bbbb0",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
},
{
"lessThan": "eac2ca2d682f94f46b1973bdf5e77d85d77b8e53",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"io_uring/io_uring.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.57",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.57",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.4",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check if we need to reschedule during overflow flush\n\nIn terms of normal application usage, this list will always be empty.\nAnd if an application does overflow a bit, it\u0027ll have a few entries.\nHowever, nothing obviously prevents syzbot from running a test case\nthat generates a ton of overflow entries, and then flushing them can\ntake quite a while.\n\nCheck for needing to reschedule while flushing, and drop our locks and\ndo so if necessary. There\u0027s no state to maintain here as overflows\nalways prune from head-of-list, hence it\u0027s fine to drop and reacquire\nthe locks at the end of the loop."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:44:58.659Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a2493904e95ce94bbec819d8f7f03b99976eb25c"
},
{
"url": "https://git.kernel.org/stable/c/f4ce3b5d26ce149e77e6b8e8f2058aa80e5b034e"
},
{
"url": "https://git.kernel.org/stable/c/c2eadeafce2d385b3f6d26a7f31fee5aba2bbbb0"
},
{
"url": "https://git.kernel.org/stable/c/eac2ca2d682f94f46b1973bdf5e77d85d77b8e53"
}
],
"title": "io_uring: check if we need to reschedule during overflow flush",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50060",
"datePublished": "2024-10-21T19:39:49.737Z",
"dateReserved": "2024-10-21T19:36:19.939Z",
"dateUpdated": "2025-11-03T22:25:00.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47675 (GCVE-0-2024-47675)
Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-05-04 09:36
VLAI?
EPSS
Title
bpf: Fix use-after-free in bpf_uprobe_multi_link_attach()
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix use-after-free in bpf_uprobe_multi_link_attach()
If bpf_link_prime() fails, bpf_uprobe_multi_link_attach() goes to the
error_free label and frees the array of bpf_uprobe's without calling
bpf_uprobe_unregister().
This leaks bpf_uprobe->uprobe and worse, this frees bpf_uprobe->consumer
without removing it from the uprobe->consumers list.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
89ae89f53d201143560f1e9ed4bfa62eee34f88e , < 790c630ab0e7d7aba6d186581d4627c09fce60f3
(git)
Affected: 89ae89f53d201143560f1e9ed4bfa62eee34f88e , < 7c1d782e5afbf7c50ba74ecc4ddc18a05d63e5ee (git) Affected: 89ae89f53d201143560f1e9ed4bfa62eee34f88e , < cdf27834c3dd5d9abf7eb8e4ee87ee9e307eb25c (git) Affected: 89ae89f53d201143560f1e9ed4bfa62eee34f88e , < 5fe6e308abaea082c20fbf2aa5df8e14495622cf (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:08:07.484678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:14:17.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/bpf_trace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "790c630ab0e7d7aba6d186581d4627c09fce60f3",
"status": "affected",
"version": "89ae89f53d201143560f1e9ed4bfa62eee34f88e",
"versionType": "git"
},
{
"lessThan": "7c1d782e5afbf7c50ba74ecc4ddc18a05d63e5ee",
"status": "affected",
"version": "89ae89f53d201143560f1e9ed4bfa62eee34f88e",
"versionType": "git"
},
{
"lessThan": "cdf27834c3dd5d9abf7eb8e4ee87ee9e307eb25c",
"status": "affected",
"version": "89ae89f53d201143560f1e9ed4bfa62eee34f88e",
"versionType": "git"
},
{
"lessThan": "5fe6e308abaea082c20fbf2aa5df8e14495622cf",
"status": "affected",
"version": "89ae89f53d201143560f1e9ed4bfa62eee34f88e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/bpf_trace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix use-after-free in bpf_uprobe_multi_link_attach()\n\nIf bpf_link_prime() fails, bpf_uprobe_multi_link_attach() goes to the\nerror_free label and frees the array of bpf_uprobe\u0027s without calling\nbpf_uprobe_unregister().\n\nThis leaks bpf_uprobe-\u003euprobe and worse, this frees bpf_uprobe-\u003econsumer\nwithout removing it from the uprobe-\u003econsumers list."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:36:59.205Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/790c630ab0e7d7aba6d186581d4627c09fce60f3"
},
{
"url": "https://git.kernel.org/stable/c/7c1d782e5afbf7c50ba74ecc4ddc18a05d63e5ee"
},
{
"url": "https://git.kernel.org/stable/c/cdf27834c3dd5d9abf7eb8e4ee87ee9e307eb25c"
},
{
"url": "https://git.kernel.org/stable/c/5fe6e308abaea082c20fbf2aa5df8e14495622cf"
}
],
"title": "bpf: Fix use-after-free in bpf_uprobe_multi_link_attach()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47675",
"datePublished": "2024-10-21T11:53:19.762Z",
"dateReserved": "2024-09-30T16:00:12.937Z",
"dateUpdated": "2025-05-04T09:36:59.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46827 (GCVE-0-2024-46827)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:39 – Updated: 2025-05-04 09:35
VLAI?
EPSS
Title
wifi: ath12k: fix firmware crash due to invalid peer nss
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix firmware crash due to invalid peer nss
Currently, if the access point receives an association
request containing an Extended HE Capabilities Information
Element with an invalid MCS-NSS, it triggers a firmware
crash.
This issue arises when EHT-PHY capabilities shows support
for a bandwidth and MCS-NSS set for that particular
bandwidth is filled by zeros and due to this, driver obtains
peer_nss as 0 and sending this value to firmware causes
crash.
Address this issue by implementing a validation step for
the peer_nss value before passing it to the firmware. If
the value is greater than zero, proceed with forwarding
it to the firmware. However, if the value is invalid,
reject the association request to prevent potential
firmware crashes.
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
d889913205cf7ebda905b1e62c5867ed4e39f6c2 , < 838c2cfdb6be7d7d8c06c711edf893eb34ca2e7c
(git)
Affected: d889913205cf7ebda905b1e62c5867ed4e39f6c2 , < 25a15f80253a7c8776e4e4880d797d20ec864154 (git) Affected: d889913205cf7ebda905b1e62c5867ed4e39f6c2 , < db163a463bb93cd3e37e1e7b10b9726fb6f95857 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46827",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:12:42.626537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:12:52.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath12k/mac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "838c2cfdb6be7d7d8c06c711edf893eb34ca2e7c",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
},
{
"lessThan": "25a15f80253a7c8776e4e4880d797d20ec864154",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
},
{
"lessThan": "db163a463bb93cd3e37e1e7b10b9726fb6f95857",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath12k/mac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix firmware crash due to invalid peer nss\n\nCurrently, if the access point receives an association\nrequest containing an Extended HE Capabilities Information\nElement with an invalid MCS-NSS, it triggers a firmware\ncrash.\n\nThis issue arises when EHT-PHY capabilities shows support\nfor a bandwidth and MCS-NSS set for that particular\nbandwidth is filled by zeros and due to this, driver obtains\npeer_nss as 0 and sending this value to firmware causes\ncrash.\n\nAddress this issue by implementing a validation step for\nthe peer_nss value before passing it to the firmware. If\nthe value is greater than zero, proceed with forwarding\nit to the firmware. However, if the value is invalid,\nreject the association request to prevent potential\nfirmware crashes.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:35:22.652Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/838c2cfdb6be7d7d8c06c711edf893eb34ca2e7c"
},
{
"url": "https://git.kernel.org/stable/c/25a15f80253a7c8776e4e4880d797d20ec864154"
},
{
"url": "https://git.kernel.org/stable/c/db163a463bb93cd3e37e1e7b10b9726fb6f95857"
}
],
"title": "wifi: ath12k: fix firmware crash due to invalid peer nss",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46827",
"datePublished": "2024-09-27T12:39:26.478Z",
"dateReserved": "2024-09-11T15:12:18.285Z",
"dateUpdated": "2025-05-04T09:35:22.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47672 (GCVE-0-2024-47672)
Vulnerability from cvelistv5 – Published: 2024-10-09 14:49 – Updated: 2026-01-05 11:10
VLAI?
EPSS
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2026-01-05T11:10:22.327Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47672",
"datePublished": "2024-10-09T14:49:13.646Z",
"dateRejected": "2026-01-05T11:10:22.327Z",
"dateReserved": "2024-09-30T16:00:12.936Z",
"dateUpdated": "2026-01-05T11:10:22.327Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26758 (GCVE-0-2024-26758)
Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2025-05-04 08:55
VLAI?
EPSS
Title
md: Don't ignore suspended array in md_check_recovery()
Summary
In the Linux kernel, the following vulnerability has been resolved:
md: Don't ignore suspended array in md_check_recovery()
mddev_suspend() never stop sync_thread, hence it doesn't make sense to
ignore suspended array in md_check_recovery(), which might cause
sync_thread can't be unregistered.
After commit f52f5c71f3d4 ("md: fix stopping sync thread"), following
hang can be triggered by test shell/integrity-caching.sh:
1) suspend the array:
raid_postsuspend
mddev_suspend
2) stop the array:
raid_dtr
md_stop
__md_stop_writes
stop_sync_thread
set_bit(MD_RECOVERY_INTR, &mddev->recovery);
md_wakeup_thread_directly(mddev->sync_thread);
wait_event(..., !test_bit(MD_RECOVERY_RUNNING, &mddev->recovery))
3) sync thread done:
md_do_sync
set_bit(MD_RECOVERY_DONE, &mddev->recovery);
md_wakeup_thread(mddev->thread);
4) daemon thread can't unregister sync thread:
md_check_recovery
if (mddev->suspended)
return; -> return directly
md_read_sync_thread
clear_bit(MD_RECOVERY_RUNNING, &mddev->recovery);
-> MD_RECOVERY_RUNNING can't be cleared, hence step 2 hang;
This problem is not just related to dm-raid, fix it by ignoring
suspended array in md_check_recovery(). And follow up patches will
improve dm-raid better to frozen sync thread during suspend.
Severity ?
5.5 (Medium)
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T15:44:46.004126Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T17:38:20.783Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a55f0d6179a19c6b982e2dc344d58c98647a3be0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1baae052cccd08daf9a9d64c3f959d8cdb689757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/md.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a55f0d6179a19c6b982e2dc344d58c98647a3be0",
"status": "affected",
"version": "68866e425be2ef2664aa5c691bb3ab789736acf5",
"versionType": "git"
},
{
"lessThan": "1baae052cccd08daf9a9d64c3f959d8cdb689757",
"status": "affected",
"version": "68866e425be2ef2664aa5c691bb3ab789736acf5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/md.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"lessThan": "3.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don\u0027t ignore suspended array in md_check_recovery()\n\nmddev_suspend() never stop sync_thread, hence it doesn\u0027t make sense to\nignore suspended array in md_check_recovery(), which might cause\nsync_thread can\u0027t be unregistered.\n\nAfter commit f52f5c71f3d4 (\"md: fix stopping sync thread\"), following\nhang can be triggered by test shell/integrity-caching.sh:\n\n1) suspend the array:\nraid_postsuspend\n mddev_suspend\n\n2) stop the array:\nraid_dtr\n md_stop\n __md_stop_writes\n stop_sync_thread\n set_bit(MD_RECOVERY_INTR, \u0026mddev-\u003erecovery);\n md_wakeup_thread_directly(mddev-\u003esync_thread);\n wait_event(..., !test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery))\n\n3) sync thread done:\nmd_do_sync\n set_bit(MD_RECOVERY_DONE, \u0026mddev-\u003erecovery);\n md_wakeup_thread(mddev-\u003ethread);\n\n4) daemon thread can\u0027t unregister sync thread:\nmd_check_recovery\n if (mddev-\u003esuspended)\n return; -\u003e return directly\n md_read_sync_thread\n clear_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery);\n -\u003e MD_RECOVERY_RUNNING can\u0027t be cleared, hence step 2 hang;\n\nThis problem is not just related to dm-raid, fix it by ignoring\nsuspended array in md_check_recovery(). And follow up patches will\nimprove dm-raid better to frozen sync thread during suspend."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:50.864Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a55f0d6179a19c6b982e2dc344d58c98647a3be0"
},
{
"url": "https://git.kernel.org/stable/c/1baae052cccd08daf9a9d64c3f959d8cdb689757"
}
],
"title": "md: Don\u0027t ignore suspended array in md_check_recovery()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26758",
"datePublished": "2024-04-03T17:00:42.448Z",
"dateReserved": "2024-02-19T14:20:24.170Z",
"dateUpdated": "2025-05-04T08:55:50.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49017 (GCVE-0-2022-49017)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
tipc: re-fetch skb cb after tipc_msg_validate
Summary
In the Linux kernel, the following vulnerability has been resolved:
tipc: re-fetch skb cb after tipc_msg_validate
As the call trace shows, the original skb was freed in tipc_msg_validate(),
and dereferencing the old skb cb would cause an use-after-free crash.
BUG: KASAN: use-after-free in tipc_crypto_rcv_complete+0x1835/0x2240 [tipc]
Call Trace:
<IRQ>
tipc_crypto_rcv_complete+0x1835/0x2240 [tipc]
tipc_crypto_rcv+0xd32/0x1ec0 [tipc]
tipc_rcv+0x744/0x1150 [tipc]
...
Allocated by task 47078:
kmem_cache_alloc_node+0x158/0x4d0
__alloc_skb+0x1c1/0x270
tipc_buf_acquire+0x1e/0xe0 [tipc]
tipc_msg_create+0x33/0x1c0 [tipc]
tipc_link_build_proto_msg+0x38a/0x2100 [tipc]
tipc_link_timeout+0x8b8/0xef0 [tipc]
tipc_node_timeout+0x2a1/0x960 [tipc]
call_timer_fn+0x2d/0x1c0
...
Freed by task 47078:
tipc_msg_validate+0x7b/0x440 [tipc]
tipc_crypto_rcv_complete+0x4b5/0x2240 [tipc]
tipc_crypto_rcv+0xd32/0x1ec0 [tipc]
tipc_rcv+0x744/0x1150 [tipc]
This patch fixes it by re-fetching the skb cb from the new allocated skb
after calling tipc_msg_validate().
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
fc1b6d6de2208774efd2a20bf0daddb02d18b1e0 , < a1ba595e35aa3afbe417ff0af353afb9f65559c0
(git)
Affected: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0 , < 1daec0815655e110c6f206c5e777a4af8168ff58 (git) Affected: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0 , < e128190adb2edfd5042105b5d1ed4553f295f5ef (git) Affected: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0 , < 3067bc61fcfe3081bf4807ce65560f499e895e77 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:13:05.882492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:37.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tipc/crypto.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a1ba595e35aa3afbe417ff0af353afb9f65559c0",
"status": "affected",
"version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
"versionType": "git"
},
{
"lessThan": "1daec0815655e110c6f206c5e777a4af8168ff58",
"status": "affected",
"version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
"versionType": "git"
},
{
"lessThan": "e128190adb2edfd5042105b5d1ed4553f295f5ef",
"status": "affected",
"version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
"versionType": "git"
},
{
"lessThan": "3067bc61fcfe3081bf4807ce65560f499e895e77",
"status": "affected",
"version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tipc/crypto.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: re-fetch skb cb after tipc_msg_validate\n\nAs the call trace shows, the original skb was freed in tipc_msg_validate(),\nand dereferencing the old skb cb would cause an use-after-free crash.\n\n BUG: KASAN: use-after-free in tipc_crypto_rcv_complete+0x1835/0x2240 [tipc]\n Call Trace:\n \u003cIRQ\u003e\n tipc_crypto_rcv_complete+0x1835/0x2240 [tipc]\n tipc_crypto_rcv+0xd32/0x1ec0 [tipc]\n tipc_rcv+0x744/0x1150 [tipc]\n ...\n Allocated by task 47078:\n kmem_cache_alloc_node+0x158/0x4d0\n __alloc_skb+0x1c1/0x270\n tipc_buf_acquire+0x1e/0xe0 [tipc]\n tipc_msg_create+0x33/0x1c0 [tipc]\n tipc_link_build_proto_msg+0x38a/0x2100 [tipc]\n tipc_link_timeout+0x8b8/0xef0 [tipc]\n tipc_node_timeout+0x2a1/0x960 [tipc]\n call_timer_fn+0x2d/0x1c0\n ...\n Freed by task 47078:\n tipc_msg_validate+0x7b/0x440 [tipc]\n tipc_crypto_rcv_complete+0x4b5/0x2240 [tipc]\n tipc_crypto_rcv+0xd32/0x1ec0 [tipc]\n tipc_rcv+0x744/0x1150 [tipc]\n\nThis patch fixes it by re-fetching the skb cb from the new allocated skb\nafter calling tipc_msg_validate()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:09.328Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a1ba595e35aa3afbe417ff0af353afb9f65559c0"
},
{
"url": "https://git.kernel.org/stable/c/1daec0815655e110c6f206c5e777a4af8168ff58"
},
{
"url": "https://git.kernel.org/stable/c/e128190adb2edfd5042105b5d1ed4553f295f5ef"
},
{
"url": "https://git.kernel.org/stable/c/3067bc61fcfe3081bf4807ce65560f499e895e77"
}
],
"title": "tipc: re-fetch skb cb after tipc_msg_validate",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49017",
"datePublished": "2024-10-21T20:06:25.971Z",
"dateReserved": "2024-08-22T01:27:53.646Z",
"dateUpdated": "2025-05-04T08:28:09.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47661 (GCVE-0-2024-47661)
Vulnerability from cvelistv5 – Published: 2024-10-09 14:05 – Updated: 2025-07-11 17:20
VLAI?
EPSS
Title
drm/amd/display: Avoid overflow from uint32_t to uint8_t
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Avoid overflow from uint32_t to uint8_t
[WHAT & HOW]
dmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned
0xFFFF. Fix it by changing it to uint8_t with value of 0xFF.
This fixes 2 INTEGER_OVERFLOW issues reported by Coverity.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T13:22:58.614441Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T13:23:13.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dce/dmub_abm_lcd.c",
"drivers/gpu/drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "30d1b783b6eeaf49d311a072c70d618d993d01ec",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "d6b54900c564e35989cf6813e4071504fa0a90e0",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dce/dmub_abm_lcd.c",
"drivers/gpu/drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid overflow from uint32_t to uint8_t\n\n[WHAT \u0026 HOW]\ndmub_rb_cmd\u0027s ramping_boundary has size of uint8_t and it is assigned\n0xFFFF. Fix it by changing it to uint8_t with value of 0xFF.\n\nThis fixes 2 INTEGER_OVERFLOW issues reported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:20:47.365Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/30d1b783b6eeaf49d311a072c70d618d993d01ec"
},
{
"url": "https://git.kernel.org/stable/c/d6b54900c564e35989cf6813e4071504fa0a90e0"
}
],
"title": "drm/amd/display: Avoid overflow from uint32_t to uint8_t",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47661",
"datePublished": "2024-10-09T14:05:25.571Z",
"dateReserved": "2024-09-30T16:00:12.935Z",
"dateUpdated": "2025-07-11T17:20:47.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47534 (GCVE-0-2021-47534)
Vulnerability from cvelistv5 – Published: 2024-05-24 15:09 – Updated: 2025-05-04 07:13
VLAI?
EPSS
Title
drm/vc4: kms: Add missing drm_crtc_commit_put
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/vc4: kms: Add missing drm_crtc_commit_put
Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before a
commit") introduced a global state for the HVS, with each FIFO storing
the current CRTC commit so that we can properly synchronize commits.
However, the refcounting was off and we thus ended up leaking the
drm_crtc_commit structure every commit. Add a drm_crtc_commit_put to
prevent the leakage.
Severity ?
4.1 (Medium)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T16:50:30.871991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T16:13:57.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:39:59.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/53f9601e908d42481addd67cdb01a9288c611124"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/049cfff8d53a30cae3349ff71a4c01b7d9981bc2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/vc4/vc4_kms.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "53f9601e908d42481addd67cdb01a9288c611124",
"status": "affected",
"version": "9ec03d7f1ed394897891319a4dda75f52c5d292d",
"versionType": "git"
},
{
"lessThan": "049cfff8d53a30cae3349ff71a4c01b7d9981bc2",
"status": "affected",
"version": "9ec03d7f1ed394897891319a4dda75f52c5d292d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/vc4/vc4_kms.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.7",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: kms: Add missing drm_crtc_commit_put\n\nCommit 9ec03d7f1ed3 (\"drm/vc4: kms: Wait on previous FIFO users before a\ncommit\") introduced a global state for the HVS, with each FIFO storing\nthe current CRTC commit so that we can properly synchronize commits.\n\nHowever, the refcounting was off and we thus ended up leaking the\ndrm_crtc_commit structure every commit. Add a drm_crtc_commit_put to\nprevent the leakage."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:13:01.395Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/53f9601e908d42481addd67cdb01a9288c611124"
},
{
"url": "https://git.kernel.org/stable/c/049cfff8d53a30cae3349ff71a4c01b7d9981bc2"
}
],
"title": "drm/vc4: kms: Add missing drm_crtc_commit_put",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47534",
"datePublished": "2024-05-24T15:09:43.344Z",
"dateReserved": "2024-05-24T15:02:54.826Z",
"dateUpdated": "2025-05-04T07:13:01.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49891 (GCVE-0-2024-49891)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2026-01-05 10:54
VLAI?
EPSS
Title
scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths
When the HBA is undergoing a reset or is handling an errata event, NULL ptr
dereference crashes may occur in routines such as
lpfc_sli_flush_io_rings(), lpfc_dev_loss_tmo_callbk(), or
lpfc_abort_handler().
Add NULL ptr checks before dereferencing hdwq pointers that may have been
freed due to operations colliding with a reset or errata event handler.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
895427bd012ce5814fc9888c7c0ee9de44761833 , < 5873aa7f814754085d418848b2089ef406a02dd0
(git)
Affected: 895427bd012ce5814fc9888c7c0ee9de44761833 , < 232a138bd843d48cb2368f604646d990db7640f3 (git) Affected: 895427bd012ce5814fc9888c7c0ee9de44761833 , < 99a801e2fca39a6f31e543fc3383058a8955896f (git) Affected: 895427bd012ce5814fc9888c7c0ee9de44761833 , < fd665c8dbdb19548965b0ae80c490de00e906366 (git) Affected: 895427bd012ce5814fc9888c7c0ee9de44761833 , < 2be1d4f11944cd6283cb97268b3e17c4424945ca (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49891",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:44:17.771940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:49.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:41:36.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_hbadisc.c",
"drivers/scsi/lpfc/lpfc_scsi.c",
"drivers/scsi/lpfc/lpfc_sli.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5873aa7f814754085d418848b2089ef406a02dd0",
"status": "affected",
"version": "895427bd012ce5814fc9888c7c0ee9de44761833",
"versionType": "git"
},
{
"lessThan": "232a138bd843d48cb2368f604646d990db7640f3",
"status": "affected",
"version": "895427bd012ce5814fc9888c7c0ee9de44761833",
"versionType": "git"
},
{
"lessThan": "99a801e2fca39a6f31e543fc3383058a8955896f",
"status": "affected",
"version": "895427bd012ce5814fc9888c7c0ee9de44761833",
"versionType": "git"
},
{
"lessThan": "fd665c8dbdb19548965b0ae80c490de00e906366",
"status": "affected",
"version": "895427bd012ce5814fc9888c7c0ee9de44761833",
"versionType": "git"
},
{
"lessThan": "2be1d4f11944cd6283cb97268b3e17c4424945ca",
"status": "affected",
"version": "895427bd012ce5814fc9888c7c0ee9de44761833",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_hbadisc.c",
"drivers/scsi/lpfc/lpfc_scsi.c",
"drivers/scsi/lpfc/lpfc_sli.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths\n\nWhen the HBA is undergoing a reset or is handling an errata event, NULL ptr\ndereference crashes may occur in routines such as\nlpfc_sli_flush_io_rings(), lpfc_dev_loss_tmo_callbk(), or\nlpfc_abort_handler().\n\nAdd NULL ptr checks before dereferencing hdwq pointers that may have been\nfreed due to operations colliding with a reset or errata event handler."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:54:15.472Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5873aa7f814754085d418848b2089ef406a02dd0"
},
{
"url": "https://git.kernel.org/stable/c/232a138bd843d48cb2368f604646d990db7640f3"
},
{
"url": "https://git.kernel.org/stable/c/99a801e2fca39a6f31e543fc3383058a8955896f"
},
{
"url": "https://git.kernel.org/stable/c/fd665c8dbdb19548965b0ae80c490de00e906366"
},
{
"url": "https://git.kernel.org/stable/c/2be1d4f11944cd6283cb97268b3e17c4424945ca"
}
],
"title": "scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49891",
"datePublished": "2024-10-21T18:01:26.314Z",
"dateReserved": "2024-10-21T12:17:06.025Z",
"dateUpdated": "2026-01-05T10:54:15.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50040 (GCVE-0-2024-50040)
Vulnerability from cvelistv5 – Published: 2024-10-21 19:39 – Updated: 2025-11-03 22:24
VLAI?
EPSS
Title
igb: Do not bring the device up after non-fatal error
Summary
In the Linux kernel, the following vulnerability has been resolved:
igb: Do not bring the device up after non-fatal error
Commit 004d25060c78 ("igb: Fix igb_down hung on surprise removal")
changed igb_io_error_detected() to ignore non-fatal pcie errors in order
to avoid hung task that can happen when igb_down() is called multiple
times. This caused an issue when processing transient non-fatal errors.
igb_io_resume(), which is called after igb_io_error_detected(), assumes
that device is brought down by igb_io_error_detected() if the interface
is up. This resulted in panic with stacktrace below.
[ T3256] igb 0000:09:00.0 haeth0: igb: haeth0 NIC Link is Down
[ T292] pcieport 0000:00:1c.5: AER: Uncorrected (Non-Fatal) error received: 0000:09:00.0
[ T292] igb 0000:09:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ T292] igb 0000:09:00.0: device [8086:1537] error status/mask=00004000/00000000
[ T292] igb 0000:09:00.0: [14] CmpltTO [ 200.105524,009][ T292] igb 0000:09:00.0: AER: TLP Header: 00000000 00000000 00000000 00000000
[ T292] pcieport 0000:00:1c.5: AER: broadcast error_detected message
[ T292] igb 0000:09:00.0: Non-correctable non-fatal error reported.
[ T292] pcieport 0000:00:1c.5: AER: broadcast mmio_enabled message
[ T292] pcieport 0000:00:1c.5: AER: broadcast resume message
[ T292] ------------[ cut here ]------------
[ T292] kernel BUG at net/core/dev.c:6539!
[ T292] invalid opcode: 0000 [#1] PREEMPT SMP
[ T292] RIP: 0010:napi_enable+0x37/0x40
[ T292] Call Trace:
[ T292] <TASK>
[ T292] ? die+0x33/0x90
[ T292] ? do_trap+0xdc/0x110
[ T292] ? napi_enable+0x37/0x40
[ T292] ? do_error_trap+0x70/0xb0
[ T292] ? napi_enable+0x37/0x40
[ T292] ? napi_enable+0x37/0x40
[ T292] ? exc_invalid_op+0x4e/0x70
[ T292] ? napi_enable+0x37/0x40
[ T292] ? asm_exc_invalid_op+0x16/0x20
[ T292] ? napi_enable+0x37/0x40
[ T292] igb_up+0x41/0x150
[ T292] igb_io_resume+0x25/0x70
[ T292] report_resume+0x54/0x70
[ T292] ? report_frozen_detected+0x20/0x20
[ T292] pci_walk_bus+0x6c/0x90
[ T292] ? aer_print_port_info+0xa0/0xa0
[ T292] pcie_do_recovery+0x22f/0x380
[ T292] aer_process_err_devices+0x110/0x160
[ T292] aer_isr+0x1c1/0x1e0
[ T292] ? disable_irq_nosync+0x10/0x10
[ T292] irq_thread_fn+0x1a/0x60
[ T292] irq_thread+0xe3/0x1a0
[ T292] ? irq_set_affinity_notifier+0x120/0x120
[ T292] ? irq_affinity_notify+0x100/0x100
[ T292] kthread+0xe2/0x110
[ T292] ? kthread_complete_and_exit+0x20/0x20
[ T292] ret_from_fork+0x2d/0x50
[ T292] ? kthread_complete_and_exit+0x20/0x20
[ T292] ret_from_fork_asm+0x11/0x20
[ T292] </TASK>
To fix this issue igb_io_resume() checks if the interface is running and
the device is not down this means igb_io_error_detected() did not bring
the device down and there is no need to bring it up.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
124e39a734cb90658b8f0dc110847bbfc6e33792 , < dca2ca65a8695d9593e2cf1b40848e073ad75413
(git)
Affected: c9f56f3c7bc908caa772112d3ae71cdd5d18c257 , < c92cbd283ddcf55fd85a9a9b0ba13298213f3dd7 (git) Affected: 994c2ceb70ea99264ccc6f09e6703ca267dad63c , < d79af3af2f49c6aae9add3d492c04d60c1b85ce4 (git) Affected: fa92c463eba75dcedbd8d689ffdcb83293aaa0c3 , < 0a94079e3841d00ea5abb05e3233d019a86745f6 (git) Affected: 39695e87d86f0e7d897fba1d2559f825aa20caeb , < 6a39c8f5c8aae74c5ab2ba466791f59ffaab0178 (git) Affected: 004d25060c78fc31f66da0fa439c544dda1ac9d5 , < 57c5053eaa5f9a8a99e34732e37a86615318e464 (git) Affected: 004d25060c78fc31f66da0fa439c544dda1ac9d5 , < 500be93c5d53b7e2c5314292012185f0207bad0c (git) Affected: 004d25060c78fc31f66da0fa439c544dda1ac9d5 , < 330a699ecbfc9c26ec92c6310686da1230b4e7eb (git) Affected: c2312e1d12b1c3ee4100c173131b102e2aed4d04 (git) Affected: 41f63b72a01c0e0ac59ab83fd2d921fcce0f602d (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50040",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:24:54.389339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:44.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:24:46.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/igb/igb_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dca2ca65a8695d9593e2cf1b40848e073ad75413",
"status": "affected",
"version": "124e39a734cb90658b8f0dc110847bbfc6e33792",
"versionType": "git"
},
{
"lessThan": "c92cbd283ddcf55fd85a9a9b0ba13298213f3dd7",
"status": "affected",
"version": "c9f56f3c7bc908caa772112d3ae71cdd5d18c257",
"versionType": "git"
},
{
"lessThan": "d79af3af2f49c6aae9add3d492c04d60c1b85ce4",
"status": "affected",
"version": "994c2ceb70ea99264ccc6f09e6703ca267dad63c",
"versionType": "git"
},
{
"lessThan": "0a94079e3841d00ea5abb05e3233d019a86745f6",
"status": "affected",
"version": "fa92c463eba75dcedbd8d689ffdcb83293aaa0c3",
"versionType": "git"
},
{
"lessThan": "6a39c8f5c8aae74c5ab2ba466791f59ffaab0178",
"status": "affected",
"version": "39695e87d86f0e7d897fba1d2559f825aa20caeb",
"versionType": "git"
},
{
"lessThan": "57c5053eaa5f9a8a99e34732e37a86615318e464",
"status": "affected",
"version": "004d25060c78fc31f66da0fa439c544dda1ac9d5",
"versionType": "git"
},
{
"lessThan": "500be93c5d53b7e2c5314292012185f0207bad0c",
"status": "affected",
"version": "004d25060c78fc31f66da0fa439c544dda1ac9d5",
"versionType": "git"
},
{
"lessThan": "330a699ecbfc9c26ec92c6310686da1230b4e7eb",
"status": "affected",
"version": "004d25060c78fc31f66da0fa439c544dda1ac9d5",
"versionType": "git"
},
{
"status": "affected",
"version": "c2312e1d12b1c3ee4100c173131b102e2aed4d04",
"versionType": "git"
},
{
"status": "affected",
"version": "41f63b72a01c0e0ac59ab83fd2d921fcce0f602d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/igb/igb_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.57",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.19.291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "5.4.251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.10.188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "6.1.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.57",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.4",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Do not bring the device up after non-fatal error\n\nCommit 004d25060c78 (\"igb: Fix igb_down hung on surprise removal\")\nchanged igb_io_error_detected() to ignore non-fatal pcie errors in order\nto avoid hung task that can happen when igb_down() is called multiple\ntimes. This caused an issue when processing transient non-fatal errors.\nigb_io_resume(), which is called after igb_io_error_detected(), assumes\nthat device is brought down by igb_io_error_detected() if the interface\nis up. This resulted in panic with stacktrace below.\n\n[ T3256] igb 0000:09:00.0 haeth0: igb: haeth0 NIC Link is Down\n[ T292] pcieport 0000:00:1c.5: AER: Uncorrected (Non-Fatal) error received: 0000:09:00.0\n[ T292] igb 0000:09:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)\n[ T292] igb 0000:09:00.0: device [8086:1537] error status/mask=00004000/00000000\n[ T292] igb 0000:09:00.0: [14] CmpltTO [ 200.105524,009][ T292] igb 0000:09:00.0: AER: TLP Header: 00000000 00000000 00000000 00000000\n[ T292] pcieport 0000:00:1c.5: AER: broadcast error_detected message\n[ T292] igb 0000:09:00.0: Non-correctable non-fatal error reported.\n[ T292] pcieport 0000:00:1c.5: AER: broadcast mmio_enabled message\n[ T292] pcieport 0000:00:1c.5: AER: broadcast resume message\n[ T292] ------------[ cut here ]------------\n[ T292] kernel BUG at net/core/dev.c:6539!\n[ T292] invalid opcode: 0000 [#1] PREEMPT SMP\n[ T292] RIP: 0010:napi_enable+0x37/0x40\n[ T292] Call Trace:\n[ T292] \u003cTASK\u003e\n[ T292] ? die+0x33/0x90\n[ T292] ? do_trap+0xdc/0x110\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? do_error_trap+0x70/0xb0\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? exc_invalid_op+0x4e/0x70\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? asm_exc_invalid_op+0x16/0x20\n[ T292] ? napi_enable+0x37/0x40\n[ T292] igb_up+0x41/0x150\n[ T292] igb_io_resume+0x25/0x70\n[ T292] report_resume+0x54/0x70\n[ T292] ? report_frozen_detected+0x20/0x20\n[ T292] pci_walk_bus+0x6c/0x90\n[ T292] ? aer_print_port_info+0xa0/0xa0\n[ T292] pcie_do_recovery+0x22f/0x380\n[ T292] aer_process_err_devices+0x110/0x160\n[ T292] aer_isr+0x1c1/0x1e0\n[ T292] ? disable_irq_nosync+0x10/0x10\n[ T292] irq_thread_fn+0x1a/0x60\n[ T292] irq_thread+0xe3/0x1a0\n[ T292] ? irq_set_affinity_notifier+0x120/0x120\n[ T292] ? irq_affinity_notify+0x100/0x100\n[ T292] kthread+0xe2/0x110\n[ T292] ? kthread_complete_and_exit+0x20/0x20\n[ T292] ret_from_fork+0x2d/0x50\n[ T292] ? kthread_complete_and_exit+0x20/0x20\n[ T292] ret_from_fork_asm+0x11/0x20\n[ T292] \u003c/TASK\u003e\n\nTo fix this issue igb_io_resume() checks if the interface is running and\nthe device is not down this means igb_io_error_detected() did not bring\nthe device down and there is no need to bring it up."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:59:23.034Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dca2ca65a8695d9593e2cf1b40848e073ad75413"
},
{
"url": "https://git.kernel.org/stable/c/c92cbd283ddcf55fd85a9a9b0ba13298213f3dd7"
},
{
"url": "https://git.kernel.org/stable/c/d79af3af2f49c6aae9add3d492c04d60c1b85ce4"
},
{
"url": "https://git.kernel.org/stable/c/0a94079e3841d00ea5abb05e3233d019a86745f6"
},
{
"url": "https://git.kernel.org/stable/c/6a39c8f5c8aae74c5ab2ba466791f59ffaab0178"
},
{
"url": "https://git.kernel.org/stable/c/57c5053eaa5f9a8a99e34732e37a86615318e464"
},
{
"url": "https://git.kernel.org/stable/c/500be93c5d53b7e2c5314292012185f0207bad0c"
},
{
"url": "https://git.kernel.org/stable/c/330a699ecbfc9c26ec92c6310686da1230b4e7eb"
}
],
"title": "igb: Do not bring the device up after non-fatal error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50040",
"datePublished": "2024-10-21T19:39:39.771Z",
"dateReserved": "2024-10-21T12:17:06.071Z",
"dateUpdated": "2025-11-03T22:24:46.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49922 (GCVE-0-2024-49922)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-07-11 17:21
VLAI?
EPSS
Title
drm/amd/display: Check null pointers before using them
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check null pointers before using them
[WHAT & HOW]
These pointers are null checked previously in the same function,
indicating they might be null as reported by Coverity. As a result,
they need to be checked when used again.
This fixes 3 FORWARD_NULL issue reported by Coverity.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 65e1d2c291553ef3f433a0b7109cc3002a5f40ae
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 5e9386baa3033c369564d55de4bab62423e8a1d3 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 1ff12bcd7deaeed25efb5120433c6a45dd5504a8 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49922",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:40:13.536076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:44.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "65e1d2c291553ef3f433a0b7109cc3002a5f40ae",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "5e9386baa3033c369564d55de4bab62423e8a1d3",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "1ff12bcd7deaeed25efb5120433c6a45dd5504a8",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before using them\n\n[WHAT \u0026 HOW]\nThese pointers are null checked previously in the same function,\nindicating they might be null as reported by Coverity. As a result,\nthey need to be checked when used again.\n\nThis fixes 3 FORWARD_NULL issue reported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:21:21.706Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/65e1d2c291553ef3f433a0b7109cc3002a5f40ae"
},
{
"url": "https://git.kernel.org/stable/c/5e9386baa3033c369564d55de4bab62423e8a1d3"
},
{
"url": "https://git.kernel.org/stable/c/1ff12bcd7deaeed25efb5120433c6a45dd5504a8"
}
],
"title": "drm/amd/display: Check null pointers before using them",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49922",
"datePublished": "2024-10-21T18:01:47.751Z",
"dateReserved": "2024-10-21T12:17:06.035Z",
"dateUpdated": "2025-07-11T17:21:21.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47731 (GCVE-0-2024-47731)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
drivers/perf: Fix ali_drw_pmu driver interrupt status clearing
Summary
In the Linux kernel, the following vulnerability has been resolved:
drivers/perf: Fix ali_drw_pmu driver interrupt status clearing
The alibaba_uncore_pmu driver forgot to clear all interrupt status
in the interrupt processing function. After the PMU counter overflow
interrupt occurred, an interrupt storm occurred, causing the system
to hang.
Therefore, clear the correct interrupt status in the interrupt handling
function to fix it.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
cf7b61073e4526caa247616f6fbb174cbd2a5366 , < 24f30b34ff76648d26872dd4eaa002f074225058
(git)
Affected: cf7b61073e4526caa247616f6fbb174cbd2a5366 , < 3b839d4619042b02eecdfc986484ac6e6be6acbf (git) Affected: cf7b61073e4526caa247616f6fbb174cbd2a5366 , < 062b7176e484678b2c9072d28fbecea47846b274 (git) Affected: cf7b61073e4526caa247616f6fbb174cbd2a5366 , < 85702fddba70d2b63f5646793d77de2ad4fc3784 (git) Affected: cf7b61073e4526caa247616f6fbb174cbd2a5366 , < a3dd920977dccc453c550260c4b7605b280b79c3 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:00:30.719959Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:15.861Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:28.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/perf/alibaba_uncore_drw_pmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "24f30b34ff76648d26872dd4eaa002f074225058",
"status": "affected",
"version": "cf7b61073e4526caa247616f6fbb174cbd2a5366",
"versionType": "git"
},
{
"lessThan": "3b839d4619042b02eecdfc986484ac6e6be6acbf",
"status": "affected",
"version": "cf7b61073e4526caa247616f6fbb174cbd2a5366",
"versionType": "git"
},
{
"lessThan": "062b7176e484678b2c9072d28fbecea47846b274",
"status": "affected",
"version": "cf7b61073e4526caa247616f6fbb174cbd2a5366",
"versionType": "git"
},
{
"lessThan": "85702fddba70d2b63f5646793d77de2ad4fc3784",
"status": "affected",
"version": "cf7b61073e4526caa247616f6fbb174cbd2a5366",
"versionType": "git"
},
{
"lessThan": "a3dd920977dccc453c550260c4b7605b280b79c3",
"status": "affected",
"version": "cf7b61073e4526caa247616f6fbb174cbd2a5366",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/perf/alibaba_uncore_drw_pmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: Fix ali_drw_pmu driver interrupt status clearing\n\nThe alibaba_uncore_pmu driver forgot to clear all interrupt status\nin the interrupt processing function. After the PMU counter overflow\ninterrupt occurred, an interrupt storm occurred, causing the system\nto hang.\n\nTherefore, clear the correct interrupt status in the interrupt handling\nfunction to fix it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:38:27.965Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/24f30b34ff76648d26872dd4eaa002f074225058"
},
{
"url": "https://git.kernel.org/stable/c/3b839d4619042b02eecdfc986484ac6e6be6acbf"
},
{
"url": "https://git.kernel.org/stable/c/062b7176e484678b2c9072d28fbecea47846b274"
},
{
"url": "https://git.kernel.org/stable/c/85702fddba70d2b63f5646793d77de2ad4fc3784"
},
{
"url": "https://git.kernel.org/stable/c/a3dd920977dccc453c550260c4b7605b280b79c3"
}
],
"title": "drivers/perf: Fix ali_drw_pmu driver interrupt status clearing",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47731",
"datePublished": "2024-10-21T12:14:03.184Z",
"dateReserved": "2024-09-30T16:00:12.957Z",
"dateUpdated": "2025-11-03T22:21:28.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49957 (GCVE-0-2024-49957)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
ocfs2: fix null-ptr-deref when journal load failed.
Summary
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix null-ptr-deref when journal load failed.
During the mounting process, if journal_reset() fails because of too short
journal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer.
Subsequently, ocfs2_journal_shutdown() calls
jbd2_journal_flush()->jbd2_cleanup_journal_tail()->
__jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail()
->lock_buffer(journal->j_sb_buffer), resulting in a null-pointer
dereference error.
To resolve this issue, we should check the JBD2_LOADED flag to ensure the
journal was properly loaded. Additionally, use journal instead of
osb->journal directly to simplify the code.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < fd89d92c1140cee8f59de336cb37fa65e359c123
(git)
Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < 703b2c7e0798d263154dc8593dc2345f75dc077f (git) Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < bf605ae98dab5c15c5b631d4d7f88898cb41b649 (git) Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < ff55291fb36779819211b596da703389135f5b05 (git) Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < 82dfdd1e31e774578f76ce6dc90c834f96403a0f (git) Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < 86a89e75e9e4dfa768b97db466ad6bedf2e7ea5b (git) Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < f60e94a83db799bde625ac8671a5b4a6354e7120 (git) Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < 387bf565cc03e2e8c720b8b4798efea4aacb6962 (git) Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < 5784d9fcfd43bd853654bb80c87ef293b9e8e80a (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:35:36.575300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:48.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:36.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/journal.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fd89d92c1140cee8f59de336cb37fa65e359c123",
"status": "affected",
"version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
"versionType": "git"
},
{
"lessThan": "703b2c7e0798d263154dc8593dc2345f75dc077f",
"status": "affected",
"version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
"versionType": "git"
},
{
"lessThan": "bf605ae98dab5c15c5b631d4d7f88898cb41b649",
"status": "affected",
"version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
"versionType": "git"
},
{
"lessThan": "ff55291fb36779819211b596da703389135f5b05",
"status": "affected",
"version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
"versionType": "git"
},
{
"lessThan": "82dfdd1e31e774578f76ce6dc90c834f96403a0f",
"status": "affected",
"version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
"versionType": "git"
},
{
"lessThan": "86a89e75e9e4dfa768b97db466ad6bedf2e7ea5b",
"status": "affected",
"version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
"versionType": "git"
},
{
"lessThan": "f60e94a83db799bde625ac8671a5b4a6354e7120",
"status": "affected",
"version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
"versionType": "git"
},
{
"lessThan": "387bf565cc03e2e8c720b8b4798efea4aacb6962",
"status": "affected",
"version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
"versionType": "git"
},
{
"lessThan": "5784d9fcfd43bd853654bb80c87ef293b9e8e80a",
"status": "affected",
"version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/journal.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.32"
},
{
"lessThan": "2.6.32",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix null-ptr-deref when journal load failed.\n\nDuring the mounting process, if journal_reset() fails because of too short\njournal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. \nSubsequently, ocfs2_journal_shutdown() calls\njbd2_journal_flush()-\u003ejbd2_cleanup_journal_tail()-\u003e\n__jbd2_update_log_tail()-\u003ejbd2_journal_update_sb_log_tail()\n-\u003elock_buffer(journal-\u003ej_sb_buffer), resulting in a null-pointer\ndereference error.\n\nTo resolve this issue, we should check the JBD2_LOADED flag to ensure the\njournal was properly loaded. Additionally, use journal instead of\nosb-\u003ejournal directly to simplify the code."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:42:19.684Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fd89d92c1140cee8f59de336cb37fa65e359c123"
},
{
"url": "https://git.kernel.org/stable/c/703b2c7e0798d263154dc8593dc2345f75dc077f"
},
{
"url": "https://git.kernel.org/stable/c/bf605ae98dab5c15c5b631d4d7f88898cb41b649"
},
{
"url": "https://git.kernel.org/stable/c/ff55291fb36779819211b596da703389135f5b05"
},
{
"url": "https://git.kernel.org/stable/c/82dfdd1e31e774578f76ce6dc90c834f96403a0f"
},
{
"url": "https://git.kernel.org/stable/c/86a89e75e9e4dfa768b97db466ad6bedf2e7ea5b"
},
{
"url": "https://git.kernel.org/stable/c/f60e94a83db799bde625ac8671a5b4a6354e7120"
},
{
"url": "https://git.kernel.org/stable/c/387bf565cc03e2e8c720b8b4798efea4aacb6962"
},
{
"url": "https://git.kernel.org/stable/c/5784d9fcfd43bd853654bb80c87ef293b9e8e80a"
}
],
"title": "ocfs2: fix null-ptr-deref when journal load failed.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49957",
"datePublished": "2024-10-21T18:02:11.046Z",
"dateReserved": "2024-10-21T12:17:06.048Z",
"dateUpdated": "2025-11-03T22:23:36.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48973 (GCVE-0-2022-48973)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
gpio: amd8111: Fix PCI device reference count leak
Summary
In the Linux kernel, the following vulnerability has been resolved:
gpio: amd8111: Fix PCI device reference count leak
for_each_pci_dev() is implemented by pci_get_device(). The comment of
pci_get_device() says that it will increase the reference count for the
returned pci_dev and also decrease the reference count for the input
pci_dev @from if it is not NULL.
If we break for_each_pci_dev() loop with pdev not NULL, we need to call
pci_dev_put() to decrease the reference count. Add the missing
pci_dev_put() after the 'out' label. Since pci_dev_put() can handle NULL
input parameter, there is no problem for the 'Device not found' branch.
For the normal path, add pci_dev_put() in amd_gpio_exit().
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
f942a7de047d8c599cc1a9a26293c8c7400450ea , < 4749c5cc147c9860b96db1e71cc36d1de1bd3f59
(git)
Affected: f942a7de047d8c599cc1a9a26293c8c7400450ea , < 71d591ef873f9ebb86cd8d053b3caee785b2de6a (git) Affected: f942a7de047d8c599cc1a9a26293c8c7400450ea , < b2bc053ebbba57a06fa655db5ea796de2edce445 (git) Affected: f942a7de047d8c599cc1a9a26293c8c7400450ea , < 48bd5d3801f6b67cc144449d434abbd5043a6d37 (git) Affected: f942a7de047d8c599cc1a9a26293c8c7400450ea , < 5ee6413d3dd972930af787b2c0c7aaeb379fa521 (git) Affected: f942a7de047d8c599cc1a9a26293c8c7400450ea , < 4271515f189bd5fe2ec86b4089dab7cb804625d2 (git) Affected: f942a7de047d8c599cc1a9a26293c8c7400450ea , < e364ce04d8f840478b09eee57b614de7cf1e743e (git) Affected: f942a7de047d8c599cc1a9a26293c8c7400450ea , < 45fecdb9f658d9c82960c98240bc0770ade19aca (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:18:53.419831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:37.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpio-amd8111.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4749c5cc147c9860b96db1e71cc36d1de1bd3f59",
"status": "affected",
"version": "f942a7de047d8c599cc1a9a26293c8c7400450ea",
"versionType": "git"
},
{
"lessThan": "71d591ef873f9ebb86cd8d053b3caee785b2de6a",
"status": "affected",
"version": "f942a7de047d8c599cc1a9a26293c8c7400450ea",
"versionType": "git"
},
{
"lessThan": "b2bc053ebbba57a06fa655db5ea796de2edce445",
"status": "affected",
"version": "f942a7de047d8c599cc1a9a26293c8c7400450ea",
"versionType": "git"
},
{
"lessThan": "48bd5d3801f6b67cc144449d434abbd5043a6d37",
"status": "affected",
"version": "f942a7de047d8c599cc1a9a26293c8c7400450ea",
"versionType": "git"
},
{
"lessThan": "5ee6413d3dd972930af787b2c0c7aaeb379fa521",
"status": "affected",
"version": "f942a7de047d8c599cc1a9a26293c8c7400450ea",
"versionType": "git"
},
{
"lessThan": "4271515f189bd5fe2ec86b4089dab7cb804625d2",
"status": "affected",
"version": "f942a7de047d8c599cc1a9a26293c8c7400450ea",
"versionType": "git"
},
{
"lessThan": "e364ce04d8f840478b09eee57b614de7cf1e743e",
"status": "affected",
"version": "f942a7de047d8c599cc1a9a26293c8c7400450ea",
"versionType": "git"
},
{
"lessThan": "45fecdb9f658d9c82960c98240bc0770ade19aca",
"status": "affected",
"version": "f942a7de047d8c599cc1a9a26293c8c7400450ea",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpio-amd8111.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.6"
},
{
"lessThan": "3.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.336",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.336",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.302",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.269",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: amd8111: Fix PCI device reference count leak\n\nfor_each_pci_dev() is implemented by pci_get_device(). The comment of\npci_get_device() says that it will increase the reference count for the\nreturned pci_dev and also decrease the reference count for the input\npci_dev @from if it is not NULL.\n\nIf we break for_each_pci_dev() loop with pdev not NULL, we need to call\npci_dev_put() to decrease the reference count. Add the missing\npci_dev_put() after the \u0027out\u0027 label. Since pci_dev_put() can handle NULL\ninput parameter, there is no problem for the \u0027Device not found\u0027 branch.\nFor the normal path, add pci_dev_put() in amd_gpio_exit()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:12.627Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4749c5cc147c9860b96db1e71cc36d1de1bd3f59"
},
{
"url": "https://git.kernel.org/stable/c/71d591ef873f9ebb86cd8d053b3caee785b2de6a"
},
{
"url": "https://git.kernel.org/stable/c/b2bc053ebbba57a06fa655db5ea796de2edce445"
},
{
"url": "https://git.kernel.org/stable/c/48bd5d3801f6b67cc144449d434abbd5043a6d37"
},
{
"url": "https://git.kernel.org/stable/c/5ee6413d3dd972930af787b2c0c7aaeb379fa521"
},
{
"url": "https://git.kernel.org/stable/c/4271515f189bd5fe2ec86b4089dab7cb804625d2"
},
{
"url": "https://git.kernel.org/stable/c/e364ce04d8f840478b09eee57b614de7cf1e743e"
},
{
"url": "https://git.kernel.org/stable/c/45fecdb9f658d9c82960c98240bc0770ade19aca"
}
],
"title": "gpio: amd8111: Fix PCI device reference count leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48973",
"datePublished": "2024-10-21T20:05:53.769Z",
"dateReserved": "2024-08-22T01:27:53.631Z",
"dateUpdated": "2025-05-04T08:27:12.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49938 (GCVE-0-2024-49938)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2026-01-05 10:54
VLAI?
EPSS
Title
wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
Syzbot points out that skb_trim() has a sanity check on the existing length of
the skb, which can be uninitialised in some error paths. The intent here is
clearly just to reset the length to zero before resubmitting, so switch to
calling __skb_set_length(skb, 0) directly. In addition, __skb_set_length()
already contains a call to skb_reset_tail_pointer(), so remove the redundant
call.
The syzbot report came from ath9k_hif_usb_reg_in_cb(), but there's a similar
usage of skb_trim() in ath9k_hif_usb_rx_cb(), change both while we're at it.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
fb9987d0f748c983bb795a86f47522313f701a08 , < e6b9bf32e0695e4f374674002de0527d2a6768eb
(git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < d1f2fbc6a769081503f6ffedbb5cd1ac497f0e77 (git) Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < b02eb7c86ff2ef1411c3095ec8a52b13f68db04f (git) Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < 012ae530afa0785102360de452745d33c99a321b (git) Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < 6a875220670475d9247e576c15dc29823100a4e4 (git) Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < e37e348835032d6940ec89308cc8996ded691d2d (git) Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < 2c230210ec0ae6ed08306ac70dc21c24b817bb95 (git) Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < a9f4e28e8adaf0715bd4e01462af0a52ee46b01f (git) Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < 94745807f3ebd379f23865e6dab196f220664179 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:38:08.567983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:50.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:23.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath9k/hif_usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e6b9bf32e0695e4f374674002de0527d2a6768eb",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "d1f2fbc6a769081503f6ffedbb5cd1ac497f0e77",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "b02eb7c86ff2ef1411c3095ec8a52b13f68db04f",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "012ae530afa0785102360de452745d33c99a321b",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "6a875220670475d9247e576c15dc29823100a4e4",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "e37e348835032d6940ec89308cc8996ded691d2d",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "2c230210ec0ae6ed08306ac70dc21c24b817bb95",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "a9f4e28e8adaf0715bd4e01462af0a52ee46b01f",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "94745807f3ebd379f23865e6dab196f220664179",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath9k/hif_usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit\n\nSyzbot points out that skb_trim() has a sanity check on the existing length of\nthe skb, which can be uninitialised in some error paths. The intent here is\nclearly just to reset the length to zero before resubmitting, so switch to\ncalling __skb_set_length(skb, 0) directly. In addition, __skb_set_length()\nalready contains a call to skb_reset_tail_pointer(), so remove the redundant\ncall.\n\nThe syzbot report came from ath9k_hif_usb_reg_in_cb(), but there\u0027s a similar\nusage of skb_trim() in ath9k_hif_usb_rx_cb(), change both while we\u0027re at it."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:54:32.382Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e6b9bf32e0695e4f374674002de0527d2a6768eb"
},
{
"url": "https://git.kernel.org/stable/c/d1f2fbc6a769081503f6ffedbb5cd1ac497f0e77"
},
{
"url": "https://git.kernel.org/stable/c/b02eb7c86ff2ef1411c3095ec8a52b13f68db04f"
},
{
"url": "https://git.kernel.org/stable/c/012ae530afa0785102360de452745d33c99a321b"
},
{
"url": "https://git.kernel.org/stable/c/6a875220670475d9247e576c15dc29823100a4e4"
},
{
"url": "https://git.kernel.org/stable/c/e37e348835032d6940ec89308cc8996ded691d2d"
},
{
"url": "https://git.kernel.org/stable/c/2c230210ec0ae6ed08306ac70dc21c24b817bb95"
},
{
"url": "https://git.kernel.org/stable/c/a9f4e28e8adaf0715bd4e01462af0a52ee46b01f"
},
{
"url": "https://git.kernel.org/stable/c/94745807f3ebd379f23865e6dab196f220664179"
}
],
"title": "wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49938",
"datePublished": "2024-10-21T18:01:58.359Z",
"dateReserved": "2024-10-21T12:17:06.042Z",
"dateUpdated": "2026-01-05T10:54:32.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49014 (GCVE-0-2022-49014)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
net: tun: Fix use-after-free in tun_detach()
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: tun: Fix use-after-free in tun_detach()
syzbot reported use-after-free in tun_detach() [1]. This causes call
trace like below:
==================================================================
BUG: KASAN: use-after-free in notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75
Read of size 8 at addr ffff88807324e2a8 by task syz-executor.0/3673
CPU: 0 PID: 3673 Comm: syz-executor.0 Not tainted 6.1.0-rc5-syzkaller-00044-gcc675d22e422 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:284 [inline]
print_report+0x15e/0x461 mm/kasan/report.c:395
kasan_report+0xbf/0x1f0 mm/kasan/report.c:495
notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75
call_netdevice_notifiers_info+0x86/0x130 net/core/dev.c:1942
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_wait_allrefs_any net/core/dev.c:10237 [inline]
netdev_run_todo+0xbc6/0x1100 net/core/dev.c:10351
tun_detach drivers/net/tun.c:704 [inline]
tun_chr_close+0xe4/0x190 drivers/net/tun.c:3467
__fput+0x27c/0xa90 fs/file_table.c:320
task_work_run+0x16f/0x270 kernel/task_work.c:179
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0xb3d/0x2a30 kernel/exit.c:820
do_group_exit+0xd4/0x2a0 kernel/exit.c:950
get_signal+0x21b1/0x2440 kernel/signal.c:2858
arch_do_signal_or_restart+0x86/0x2300 arch/x86/kernel/signal.c:869
exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203
__syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296
do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x63/0xcd
The cause of the issue is that sock_put() from __tun_detach() drops
last reference count for struct net, and then notifier_call_chain()
from netdev_state_change() accesses that struct net.
This patch fixes the issue by calling sock_put() from tun_detach()
after all necessary accesses for the struct net has done.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
83c1f36f9880814b24cdf6c2f91f66f61db65326 , < 1f23f1890d91812c35d32eab1b49621b6d32dc7b
(git)
Affected: 83c1f36f9880814b24cdf6c2f91f66f61db65326 , < 16c244bc65d1175775325ec0489a5a5c830e02c7 (git) Affected: 83c1f36f9880814b24cdf6c2f91f66f61db65326 , < 5f442e1d403e0496bacb74a58e2be7f500695e6f (git) Affected: 83c1f36f9880814b24cdf6c2f91f66f61db65326 , < 04b995e963229501401810dab89dc73e7f12d054 (git) Affected: 83c1f36f9880814b24cdf6c2f91f66f61db65326 , < 4cde8da2d814a3b7b176db81922d4ddaad7c0f0e (git) Affected: 83c1f36f9880814b24cdf6c2f91f66f61db65326 , < 5daadc86f27ea4d691e2131c04310d0418c6cd12 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:13:28.883740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:38.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/tun.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1f23f1890d91812c35d32eab1b49621b6d32dc7b",
"status": "affected",
"version": "83c1f36f9880814b24cdf6c2f91f66f61db65326",
"versionType": "git"
},
{
"lessThan": "16c244bc65d1175775325ec0489a5a5c830e02c7",
"status": "affected",
"version": "83c1f36f9880814b24cdf6c2f91f66f61db65326",
"versionType": "git"
},
{
"lessThan": "5f442e1d403e0496bacb74a58e2be7f500695e6f",
"status": "affected",
"version": "83c1f36f9880814b24cdf6c2f91f66f61db65326",
"versionType": "git"
},
{
"lessThan": "04b995e963229501401810dab89dc73e7f12d054",
"status": "affected",
"version": "83c1f36f9880814b24cdf6c2f91f66f61db65326",
"versionType": "git"
},
{
"lessThan": "4cde8da2d814a3b7b176db81922d4ddaad7c0f0e",
"status": "affected",
"version": "83c1f36f9880814b24cdf6c2f91f66f61db65326",
"versionType": "git"
},
{
"lessThan": "5daadc86f27ea4d691e2131c04310d0418c6cd12",
"status": "affected",
"version": "83c1f36f9880814b24cdf6c2f91f66f61db65326",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/tun.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.268",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tun: Fix use-after-free in tun_detach()\n\nsyzbot reported use-after-free in tun_detach() [1]. This causes call\ntrace like below:\n\n==================================================================\nBUG: KASAN: use-after-free in notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75\nRead of size 8 at addr ffff88807324e2a8 by task syz-executor.0/3673\n\nCPU: 0 PID: 3673 Comm: syz-executor.0 Not tainted 6.1.0-rc5-syzkaller-00044-gcc675d22e422 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x15e/0x461 mm/kasan/report.c:395\n kasan_report+0xbf/0x1f0 mm/kasan/report.c:495\n notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75\n call_netdevice_notifiers_info+0x86/0x130 net/core/dev.c:1942\n call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]\n call_netdevice_notifiers net/core/dev.c:1997 [inline]\n netdev_wait_allrefs_any net/core/dev.c:10237 [inline]\n netdev_run_todo+0xbc6/0x1100 net/core/dev.c:10351\n tun_detach drivers/net/tun.c:704 [inline]\n tun_chr_close+0xe4/0x190 drivers/net/tun.c:3467\n __fput+0x27c/0xa90 fs/file_table.c:320\n task_work_run+0x16f/0x270 kernel/task_work.c:179\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0xb3d/0x2a30 kernel/exit.c:820\n do_group_exit+0xd4/0x2a0 kernel/exit.c:950\n get_signal+0x21b1/0x2440 kernel/signal.c:2858\n arch_do_signal_or_restart+0x86/0x2300 arch/x86/kernel/signal.c:869\n exit_to_user_mode_loop kernel/entry/common.c:168 [inline]\n exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203\n __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]\n syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296\n do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe cause of the issue is that sock_put() from __tun_detach() drops\nlast reference count for struct net, and then notifier_call_chain()\nfrom netdev_state_change() accesses that struct net.\n\nThis patch fixes the issue by calling sock_put() from tun_detach()\nafter all necessary accesses for the struct net has done."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:05.831Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1f23f1890d91812c35d32eab1b49621b6d32dc7b"
},
{
"url": "https://git.kernel.org/stable/c/16c244bc65d1175775325ec0489a5a5c830e02c7"
},
{
"url": "https://git.kernel.org/stable/c/5f442e1d403e0496bacb74a58e2be7f500695e6f"
},
{
"url": "https://git.kernel.org/stable/c/04b995e963229501401810dab89dc73e7f12d054"
},
{
"url": "https://git.kernel.org/stable/c/4cde8da2d814a3b7b176db81922d4ddaad7c0f0e"
},
{
"url": "https://git.kernel.org/stable/c/5daadc86f27ea4d691e2131c04310d0418c6cd12"
}
],
"title": "net: tun: Fix use-after-free in tun_detach()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49014",
"datePublished": "2024-10-21T20:06:24.020Z",
"dateReserved": "2024-08-22T01:27:53.645Z",
"dateUpdated": "2025-05-04T08:28:05.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50015 (GCVE-0-2024-50015)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:54 – Updated: 2025-11-03 22:24
VLAI?
EPSS
Title
ext4: dax: fix overflowing extents beyond inode size when partially writing
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: dax: fix overflowing extents beyond inode size when partially writing
The dax_iomap_rw() does two things in each iteration: map written blocks
and copy user data to blocks. If the process is killed by user(See signal
handling in dax_iomap_iter()), the copied data will be returned and added
on inode size, which means that the length of written extents may exceed
the inode size, then fsck will fail. An example is given as:
dd if=/dev/urandom of=file bs=4M count=1
dax_iomap_rw
iomap_iter // round 1
ext4_iomap_begin
ext4_iomap_alloc // allocate 0~2M extents(written flag)
dax_iomap_iter // copy 2M data
iomap_iter // round 2
iomap_iter_advance
iter->pos += iter->processed // iter->pos = 2M
ext4_iomap_begin
ext4_iomap_alloc // allocate 2~4M extents(written flag)
dax_iomap_iter
fatal_signal_pending
done = iter->pos - iocb->ki_pos // done = 2M
ext4_handle_inode_extension
ext4_update_inode_size // inode size = 2M
fsck reports: Inode 13, i_size is 2097152, should be 4194304. Fix?
Fix the problem by truncating extents if the written length is smaller
than expected.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
776722e85d3b0936253ecc3d14db4fba37f191ba , < f8a7c342326f6ad1dfdb30a18dd013c70f5e9669
(git)
Affected: 776722e85d3b0936253ecc3d14db4fba37f191ba , < 8c30a9a8610c314554997f86370140746aa35661 (git) Affected: 776722e85d3b0936253ecc3d14db4fba37f191ba , < abfaa876b948baaea4d14f21a1963789845c8b4c (git) Affected: 776722e85d3b0936253ecc3d14db4fba37f191ba , < 5efccdee4a7d507a483f20f880b809cc4eaef14d (git) Affected: 776722e85d3b0936253ecc3d14db4fba37f191ba , < a9f331f51515bdb3ebc8d0963131af367ef468f6 (git) Affected: 776722e85d3b0936253ecc3d14db4fba37f191ba , < ec0dd451e236c46e4858d53e9e82bae7797a7af5 (git) Affected: 776722e85d3b0936253ecc3d14db4fba37f191ba , < dda898d7ffe85931f9cca6d702a51f33717c501e (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50015",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:28:08.580885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:48.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:24:30.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f8a7c342326f6ad1dfdb30a18dd013c70f5e9669",
"status": "affected",
"version": "776722e85d3b0936253ecc3d14db4fba37f191ba",
"versionType": "git"
},
{
"lessThan": "8c30a9a8610c314554997f86370140746aa35661",
"status": "affected",
"version": "776722e85d3b0936253ecc3d14db4fba37f191ba",
"versionType": "git"
},
{
"lessThan": "abfaa876b948baaea4d14f21a1963789845c8b4c",
"status": "affected",
"version": "776722e85d3b0936253ecc3d14db4fba37f191ba",
"versionType": "git"
},
{
"lessThan": "5efccdee4a7d507a483f20f880b809cc4eaef14d",
"status": "affected",
"version": "776722e85d3b0936253ecc3d14db4fba37f191ba",
"versionType": "git"
},
{
"lessThan": "a9f331f51515bdb3ebc8d0963131af367ef468f6",
"status": "affected",
"version": "776722e85d3b0936253ecc3d14db4fba37f191ba",
"versionType": "git"
},
{
"lessThan": "ec0dd451e236c46e4858d53e9e82bae7797a7af5",
"status": "affected",
"version": "776722e85d3b0936253ecc3d14db4fba37f191ba",
"versionType": "git"
},
{
"lessThan": "dda898d7ffe85931f9cca6d702a51f33717c501e",
"status": "affected",
"version": "776722e85d3b0936253ecc3d14db4fba37f191ba",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: dax: fix overflowing extents beyond inode size when partially writing\n\nThe dax_iomap_rw() does two things in each iteration: map written blocks\nand copy user data to blocks. If the process is killed by user(See signal\nhandling in dax_iomap_iter()), the copied data will be returned and added\non inode size, which means that the length of written extents may exceed\nthe inode size, then fsck will fail. An example is given as:\n\ndd if=/dev/urandom of=file bs=4M count=1\n dax_iomap_rw\n iomap_iter // round 1\n ext4_iomap_begin\n ext4_iomap_alloc // allocate 0~2M extents(written flag)\n dax_iomap_iter // copy 2M data\n iomap_iter // round 2\n iomap_iter_advance\n iter-\u003epos += iter-\u003eprocessed // iter-\u003epos = 2M\n ext4_iomap_begin\n ext4_iomap_alloc // allocate 2~4M extents(written flag)\n dax_iomap_iter\n fatal_signal_pending\n done = iter-\u003epos - iocb-\u003eki_pos // done = 2M\n ext4_handle_inode_extension\n ext4_update_inode_size // inode size = 2M\n\nfsck reports: Inode 13, i_size is 2097152, should be 4194304. Fix?\n\nFix the problem by truncating extents if the written length is smaller\nthan expected."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:43:51.569Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f8a7c342326f6ad1dfdb30a18dd013c70f5e9669"
},
{
"url": "https://git.kernel.org/stable/c/8c30a9a8610c314554997f86370140746aa35661"
},
{
"url": "https://git.kernel.org/stable/c/abfaa876b948baaea4d14f21a1963789845c8b4c"
},
{
"url": "https://git.kernel.org/stable/c/5efccdee4a7d507a483f20f880b809cc4eaef14d"
},
{
"url": "https://git.kernel.org/stable/c/a9f331f51515bdb3ebc8d0963131af367ef468f6"
},
{
"url": "https://git.kernel.org/stable/c/ec0dd451e236c46e4858d53e9e82bae7797a7af5"
},
{
"url": "https://git.kernel.org/stable/c/dda898d7ffe85931f9cca6d702a51f33717c501e"
}
],
"title": "ext4: dax: fix overflowing extents beyond inode size when partially writing",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50015",
"datePublished": "2024-10-21T18:54:06.465Z",
"dateReserved": "2024-10-21T12:17:06.062Z",
"dateUpdated": "2025-11-03T22:24:30.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48946 (GCVE-0-2022-48946)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-12-23 13:21
VLAI?
EPSS
Title
udf: Fix preallocation discarding at indirect extent boundary
Summary
In the Linux kernel, the following vulnerability has been resolved:
udf: Fix preallocation discarding at indirect extent boundary
When preallocation extent is the first one in the extent block, the
code would corrupt extent tree header instead. Fix the problem and use
udf_delete_aext() for deleting extent to avoid some code duplication.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c8b6fa4511a7900db9fb0353b630d4d2ed1ba99c
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7665857f88557c372da35534165721156756f77f (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 72f651c96c8aadf087fd782d551bf7db648a8c2e (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 4d835efd561dfb9bf5409f11f4ecd428d5d29226 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1a075f4a549481ce6e8518d8379f193ccec6b746 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 63dbbd8f1499b0a161e701a04aa50148d60bd1f7 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ae56d9a017724f130cf1a263dd82a78d2a6e3852 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 12a88f572d6d94b5c0b72e2d1782cc2e96ac06cf (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < cfe4c1b25dd6d2f056afc00b7c98bcb3dd0b1fc3 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:22:15.056500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:41.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/udf/truncate.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c8b6fa4511a7900db9fb0353b630d4d2ed1ba99c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7665857f88557c372da35534165721156756f77f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "72f651c96c8aadf087fd782d551bf7db648a8c2e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4d835efd561dfb9bf5409f11f4ecd428d5d29226",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1a075f4a549481ce6e8518d8379f193ccec6b746",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "63dbbd8f1499b0a161e701a04aa50148d60bd1f7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ae56d9a017724f130cf1a263dd82a78d2a6e3852",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "12a88f572d6d94b5c0b72e2d1782cc2e96ac06cf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cfe4c1b25dd6d2f056afc00b7c98bcb3dd0b1fc3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/udf/truncate.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.337",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.303",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.337",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.303",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.161",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.85",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.15",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.1",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix preallocation discarding at indirect extent boundary\n\nWhen preallocation extent is the first one in the extent block, the\ncode would corrupt extent tree header instead. Fix the problem and use\nudf_delete_aext() for deleting extent to avoid some code duplication."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T13:21:13.097Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c8b6fa4511a7900db9fb0353b630d4d2ed1ba99c"
},
{
"url": "https://git.kernel.org/stable/c/7665857f88557c372da35534165721156756f77f"
},
{
"url": "https://git.kernel.org/stable/c/72f651c96c8aadf087fd782d551bf7db648a8c2e"
},
{
"url": "https://git.kernel.org/stable/c/4d835efd561dfb9bf5409f11f4ecd428d5d29226"
},
{
"url": "https://git.kernel.org/stable/c/1a075f4a549481ce6e8518d8379f193ccec6b746"
},
{
"url": "https://git.kernel.org/stable/c/63dbbd8f1499b0a161e701a04aa50148d60bd1f7"
},
{
"url": "https://git.kernel.org/stable/c/ae56d9a017724f130cf1a263dd82a78d2a6e3852"
},
{
"url": "https://git.kernel.org/stable/c/12a88f572d6d94b5c0b72e2d1782cc2e96ac06cf"
},
{
"url": "https://git.kernel.org/stable/c/cfe4c1b25dd6d2f056afc00b7c98bcb3dd0b1fc3"
}
],
"title": "udf: Fix preallocation discarding at indirect extent boundary",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48946",
"datePublished": "2024-10-21T20:05:35.818Z",
"dateReserved": "2024-08-22T01:27:53.624Z",
"dateUpdated": "2025-12-23T13:21:13.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47693 (GCVE-0-2024-47693)
Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-11-03 22:20
VLAI?
EPSS
Title
IB/core: Fix ib_cache_setup_one error flow cleanup
Summary
In the Linux kernel, the following vulnerability has been resolved:
IB/core: Fix ib_cache_setup_one error flow cleanup
When ib_cache_update return an error, we exit ib_cache_setup_one
instantly with no proper cleanup, even though before this we had
already successfully done gid_table_setup_one, that results in
the kernel WARN below.
Do proper cleanup using gid_table_cleanup_one before returning
the err in order to fix the issue.
WARNING: CPU: 4 PID: 922 at drivers/infiniband/core/cache.c:806 gid_table_release_one+0x181/0x1a0
Modules linked in:
CPU: 4 UID: 0 PID: 922 Comm: c_repro Not tainted 6.11.0-rc1+ #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
RIP: 0010:gid_table_release_one+0x181/0x1a0
Code: 44 8b 38 75 0c e8 2f cb 34 ff 4d 8b b5 28 05 00 00 e8 23 cb 34 ff 44 89 f9 89 da 4c 89 f6 48 c7 c7 d0 58 14 83 e8 4f de 21 ff <0f> 0b 4c 8b 75 30 e9 54 ff ff ff 48 8 3 c4 10 5b 5d 41 5c 41 5d 41
RSP: 0018:ffffc90002b835b0 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811c8527
RDX: 0000000000000000 RSI: ffffffff811c8534 RDI: 0000000000000001
RBP: ffff8881011b3d00 R08: ffff88810b3abe00 R09: 205d303839303631
R10: 666572207972746e R11: 72746e6520444947 R12: 0000000000000001
R13: ffff888106390000 R14: ffff8881011f2110 R15: 0000000000000001
FS: 00007fecc3b70800(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000340 CR3: 000000010435a001 CR4: 00000000003706b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
? show_regs+0x94/0xa0
? __warn+0x9e/0x1c0
? gid_table_release_one+0x181/0x1a0
? report_bug+0x1f9/0x340
? gid_table_release_one+0x181/0x1a0
? handle_bug+0xa2/0x110
? exc_invalid_op+0x31/0xa0
? asm_exc_invalid_op+0x16/0x20
? __warn_printk+0xc7/0x180
? __warn_printk+0xd4/0x180
? gid_table_release_one+0x181/0x1a0
ib_device_release+0x71/0xe0
? __pfx_ib_device_release+0x10/0x10
device_release+0x44/0xd0
kobject_put+0x135/0x3d0
put_device+0x20/0x30
rxe_net_add+0x7d/0xa0
rxe_newlink+0xd7/0x190
nldev_newlink+0x1b0/0x2a0
? __pfx_nldev_newlink+0x10/0x10
rdma_nl_rcv_msg+0x1ad/0x2e0
rdma_nl_rcv_skb.constprop.0+0x176/0x210
netlink_unicast+0x2de/0x400
netlink_sendmsg+0x306/0x660
__sock_sendmsg+0x110/0x120
____sys_sendmsg+0x30e/0x390
___sys_sendmsg+0x9b/0xf0
? kstrtouint+0x6e/0xa0
? kstrtouint_from_user+0x7c/0xb0
? get_pid_task+0xb0/0xd0
? proc_fail_nth_write+0x5b/0x140
? __fget_light+0x9a/0x200
? preempt_count_add+0x47/0xa0
__sys_sendmsg+0x61/0xd0
do_syscall_64+0x50/0x110
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
1901b91f99821955eac2bd48fe25ee983385dc00 , < 1730d47d1865af89efd01cf0469a9a739cbf60f2
(git)
Affected: 1901b91f99821955eac2bd48fe25ee983385dc00 , < 45f63f4bb9a7128a6209d766c2fc02b3d42fbf3e (git) Affected: 1901b91f99821955eac2bd48fe25ee983385dc00 , < d08754be993f270e3d296d8f5d8e071fe6638651 (git) Affected: 1901b91f99821955eac2bd48fe25ee983385dc00 , < af633fd9d9fff59e31c804f47ca0c8a784977773 (git) Affected: 1901b91f99821955eac2bd48fe25ee983385dc00 , < 290fe42fe0165205c4451334d8833a9202ae1d52 (git) Affected: 1901b91f99821955eac2bd48fe25ee983385dc00 , < 1403c8b14765eab805377dd3b75e96ace8747aed (git) Affected: ee7ce7d7e7c76d5ec4c8067d32bbee9728dc9d29 (git) Affected: 2a5968f266c7b9dc13917ac573af8d7b7da4023c (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47693",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:05:38.150217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:14:14.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:20:58.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/cache.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1730d47d1865af89efd01cf0469a9a739cbf60f2",
"status": "affected",
"version": "1901b91f99821955eac2bd48fe25ee983385dc00",
"versionType": "git"
},
{
"lessThan": "45f63f4bb9a7128a6209d766c2fc02b3d42fbf3e",
"status": "affected",
"version": "1901b91f99821955eac2bd48fe25ee983385dc00",
"versionType": "git"
},
{
"lessThan": "d08754be993f270e3d296d8f5d8e071fe6638651",
"status": "affected",
"version": "1901b91f99821955eac2bd48fe25ee983385dc00",
"versionType": "git"
},
{
"lessThan": "af633fd9d9fff59e31c804f47ca0c8a784977773",
"status": "affected",
"version": "1901b91f99821955eac2bd48fe25ee983385dc00",
"versionType": "git"
},
{
"lessThan": "290fe42fe0165205c4451334d8833a9202ae1d52",
"status": "affected",
"version": "1901b91f99821955eac2bd48fe25ee983385dc00",
"versionType": "git"
},
{
"lessThan": "1403c8b14765eab805377dd3b75e96ace8747aed",
"status": "affected",
"version": "1901b91f99821955eac2bd48fe25ee983385dc00",
"versionType": "git"
},
{
"status": "affected",
"version": "ee7ce7d7e7c76d5ec4c8067d32bbee9728dc9d29",
"versionType": "git"
},
{
"status": "affected",
"version": "2a5968f266c7b9dc13917ac573af8d7b7da4023c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/cache.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.6.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/core: Fix ib_cache_setup_one error flow cleanup\n\nWhen ib_cache_update return an error, we exit ib_cache_setup_one\ninstantly with no proper cleanup, even though before this we had\nalready successfully done gid_table_setup_one, that results in\nthe kernel WARN below.\n\nDo proper cleanup using gid_table_cleanup_one before returning\nthe err in order to fix the issue.\n\nWARNING: CPU: 4 PID: 922 at drivers/infiniband/core/cache.c:806 gid_table_release_one+0x181/0x1a0\nModules linked in:\nCPU: 4 UID: 0 PID: 922 Comm: c_repro Not tainted 6.11.0-rc1+ #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:gid_table_release_one+0x181/0x1a0\nCode: 44 8b 38 75 0c e8 2f cb 34 ff 4d 8b b5 28 05 00 00 e8 23 cb 34 ff 44 89 f9 89 da 4c 89 f6 48 c7 c7 d0 58 14 83 e8 4f de 21 ff \u003c0f\u003e 0b 4c 8b 75 30 e9 54 ff ff ff 48 8 3 c4 10 5b 5d 41 5c 41 5d 41\nRSP: 0018:ffffc90002b835b0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811c8527\nRDX: 0000000000000000 RSI: ffffffff811c8534 RDI: 0000000000000001\nRBP: ffff8881011b3d00 R08: ffff88810b3abe00 R09: 205d303839303631\nR10: 666572207972746e R11: 72746e6520444947 R12: 0000000000000001\nR13: ffff888106390000 R14: ffff8881011f2110 R15: 0000000000000001\nFS: 00007fecc3b70800(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000340 CR3: 000000010435a001 CR4: 00000000003706b0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x94/0xa0\n ? __warn+0x9e/0x1c0\n ? gid_table_release_one+0x181/0x1a0\n ? report_bug+0x1f9/0x340\n ? gid_table_release_one+0x181/0x1a0\n ? handle_bug+0xa2/0x110\n ? exc_invalid_op+0x31/0xa0\n ? asm_exc_invalid_op+0x16/0x20\n ? __warn_printk+0xc7/0x180\n ? __warn_printk+0xd4/0x180\n ? gid_table_release_one+0x181/0x1a0\n ib_device_release+0x71/0xe0\n ? __pfx_ib_device_release+0x10/0x10\n device_release+0x44/0xd0\n kobject_put+0x135/0x3d0\n put_device+0x20/0x30\n rxe_net_add+0x7d/0xa0\n rxe_newlink+0xd7/0x190\n nldev_newlink+0x1b0/0x2a0\n ? __pfx_nldev_newlink+0x10/0x10\n rdma_nl_rcv_msg+0x1ad/0x2e0\n rdma_nl_rcv_skb.constprop.0+0x176/0x210\n netlink_unicast+0x2de/0x400\n netlink_sendmsg+0x306/0x660\n __sock_sendmsg+0x110/0x120\n ____sys_sendmsg+0x30e/0x390\n ___sys_sendmsg+0x9b/0xf0\n ? kstrtouint+0x6e/0xa0\n ? kstrtouint_from_user+0x7c/0xb0\n ? get_pid_task+0xb0/0xd0\n ? proc_fail_nth_write+0x5b/0x140\n ? __fget_light+0x9a/0x200\n ? preempt_count_add+0x47/0xa0\n __sys_sendmsg+0x61/0xd0\n do_syscall_64+0x50/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:58:57.166Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1730d47d1865af89efd01cf0469a9a739cbf60f2"
},
{
"url": "https://git.kernel.org/stable/c/45f63f4bb9a7128a6209d766c2fc02b3d42fbf3e"
},
{
"url": "https://git.kernel.org/stable/c/d08754be993f270e3d296d8f5d8e071fe6638651"
},
{
"url": "https://git.kernel.org/stable/c/af633fd9d9fff59e31c804f47ca0c8a784977773"
},
{
"url": "https://git.kernel.org/stable/c/290fe42fe0165205c4451334d8833a9202ae1d52"
},
{
"url": "https://git.kernel.org/stable/c/1403c8b14765eab805377dd3b75e96ace8747aed"
}
],
"title": "IB/core: Fix ib_cache_setup_one error flow cleanup",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47693",
"datePublished": "2024-10-21T11:53:31.924Z",
"dateReserved": "2024-09-30T16:00:12.942Z",
"dateUpdated": "2025-11-03T22:20:58.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49862 (GCVE-0-2024-49862)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:27 – Updated: 2025-05-04 09:39
VLAI?
EPSS
Title
powercap: intel_rapl: Fix off by one in get_rpi()
Summary
In the Linux kernel, the following vulnerability has been resolved:
powercap: intel_rapl: Fix off by one in get_rpi()
The rp->priv->rpi array is either rpi_msr or rpi_tpmi which have
NR_RAPL_PRIMITIVES number of elements. Thus the > needs to be >=
to prevent an off by one access.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
98ff639a7289067247b3ef9dd5d1e922361e7365 , < 288cbc505e2046638c615c36357cb78bc9fee1e0
(git)
Affected: 98ff639a7289067247b3ef9dd5d1e922361e7365 , < 851e7f7f14a15f4e47b7d0f70d5c4a2b95b824d6 (git) Affected: 98ff639a7289067247b3ef9dd5d1e922361e7365 , < 6a34f3b0d7f11fb6ed72da315fd2360abd9c0737 (git) Affected: 98ff639a7289067247b3ef9dd5d1e922361e7365 , < 95f6580352a7225e619551febb83595bcb77ab17 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:54:50.217091Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T12:55:35.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/powercap/intel_rapl_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "288cbc505e2046638c615c36357cb78bc9fee1e0",
"status": "affected",
"version": "98ff639a7289067247b3ef9dd5d1e922361e7365",
"versionType": "git"
},
{
"lessThan": "851e7f7f14a15f4e47b7d0f70d5c4a2b95b824d6",
"status": "affected",
"version": "98ff639a7289067247b3ef9dd5d1e922361e7365",
"versionType": "git"
},
{
"lessThan": "6a34f3b0d7f11fb6ed72da315fd2360abd9c0737",
"status": "affected",
"version": "98ff639a7289067247b3ef9dd5d1e922361e7365",
"versionType": "git"
},
{
"lessThan": "95f6580352a7225e619551febb83595bcb77ab17",
"status": "affected",
"version": "98ff639a7289067247b3ef9dd5d1e922361e7365",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/powercap/intel_rapl_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowercap: intel_rapl: Fix off by one in get_rpi()\n\nThe rp-\u003epriv-\u003erpi array is either rpi_msr or rpi_tpmi which have\nNR_RAPL_PRIMITIVES number of elements. Thus the \u003e needs to be \u003e=\nto prevent an off by one access."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:39:47.618Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/288cbc505e2046638c615c36357cb78bc9fee1e0"
},
{
"url": "https://git.kernel.org/stable/c/851e7f7f14a15f4e47b7d0f70d5c4a2b95b824d6"
},
{
"url": "https://git.kernel.org/stable/c/6a34f3b0d7f11fb6ed72da315fd2360abd9c0737"
},
{
"url": "https://git.kernel.org/stable/c/95f6580352a7225e619551febb83595bcb77ab17"
}
],
"title": "powercap: intel_rapl: Fix off by one in get_rpi()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49862",
"datePublished": "2024-10-21T12:27:19.981Z",
"dateReserved": "2024-10-21T12:17:06.017Z",
"dateUpdated": "2025-05-04T09:39:47.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49918 (GCVE-0-2024-49918)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-07-11 17:21
VLAI?
EPSS
Title
drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer
This commit addresses a potential null pointer dereference issue in the
`dcn32_acquire_idle_pipe_for_head_pipe_in_layer` function. The issue
could occur when `head_pipe` is null.
The fix adds a check to ensure `head_pipe` is not null before asserting
it. If `head_pipe` is null, the function returns NULL to prevent a
potential null pointer dereference.
Reported by smatch:
drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn32/dcn32_resource.c:2690 dcn32_acquire_idle_pipe_for_head_pipe_in_layer() error: we previously assumed 'head_pipe' could be null (see line 2681)
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 4f47292f488fa7041284dca1f1244116c18721f1
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 96d4c2ee18d732a248d053aae8c4a27cb1d68d1c (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < ac2140449184a26eac99585b7f69814bd3ba8f2d (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:40:44.529990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:44.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4f47292f488fa7041284dca1f1244116c18721f1",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "96d4c2ee18d732a248d053aae8c4a27cb1d68d1c",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "ac2140449184a26eac99585b7f69814bd3ba8f2d",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn32_acquire_idle_pipe_for_head_pipe_in_layer` function. The issue\ncould occur when `head_pipe` is null.\n\nThe fix adds a check to ensure `head_pipe` is not null before asserting\nit. If `head_pipe` is null, the function returns NULL to prevent a\npotential null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn32/dcn32_resource.c:2690 dcn32_acquire_idle_pipe_for_head_pipe_in_layer() error: we previously assumed \u0027head_pipe\u0027 could be null (see line 2681)"
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:21:16.727Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4f47292f488fa7041284dca1f1244116c18721f1"
},
{
"url": "https://git.kernel.org/stable/c/96d4c2ee18d732a248d053aae8c4a27cb1d68d1c"
},
{
"url": "https://git.kernel.org/stable/c/ac2140449184a26eac99585b7f69814bd3ba8f2d"
}
],
"title": "drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49918",
"datePublished": "2024-10-21T18:01:45.036Z",
"dateReserved": "2024-10-21T12:17:06.034Z",
"dateUpdated": "2025-07-11T17:21:16.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47696 (GCVE-0-2024-47696)
Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
In the commit aee2424246f9 ("RDMA/iwcm: Fix a use-after-free related to
destroying CM IDs"), the function flush_workqueue is invoked to flush the
work queue iwcm_wq.
But at that time, the work queue iwcm_wq was created via the function
alloc_ordered_workqueue without the flag WQ_MEM_RECLAIM.
Because the current process is trying to flush the whole iwcm_wq, if
iwcm_wq doesn't have the flag WQ_MEM_RECLAIM, verify that the current
process is not reclaiming memory or running on a workqueue which doesn't
have the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee
leading to a deadlock.
The call trace is as below:
[ 125.350876][ T1430] Call Trace:
[ 125.356281][ T1430] <TASK>
[ 125.361285][ T1430] ? __warn (kernel/panic.c:693)
[ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))
[ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219)
[ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239)
[ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))
[ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)
[ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))
[ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))
[ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970)
[ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151)
[ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm
[ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910)
[ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)
[ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161)
[ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm
[ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma
[ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma
[ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231)
[ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393)
[ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339)
[ 125.531837][ T1430] kthread (kernel/kthread.c:389)
[ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342)
[ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147)
[ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342)
[ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)
[ 125.566487][ T1430] </TASK>
[ 125.566488][ T1430] ---[ end trace 0000000000000000 ]---
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
d91d253c87fd1efece521ff2612078a35af673c6 , < da2708a19f45b4a7278adf523837c8db21d1e2b5
(git)
Affected: 7f25f296fc9bd0435be14e89bf657cd615a23574 , < 29b3bbd912b8db86df7a3c180b910ccb621f5635 (git) Affected: 94ee7ff99b87435ec63211f632918dc7f44dac79 , < 2efe8da2ddbf873385b4bc55366d09350b408df6 (git) Affected: 557d035fe88d78dd51664f4dc0e1896c04c97cf6 , < da0392698c62397c19deb1b9e9bdf2fbb5a9420e (git) Affected: dc8074b8901caabb97c2d353abd6b4e7fa5a59a5 , < a64f30db12bdc937c5108158d98c8eab1925c548 (git) Affected: ff5bbbdee08287d75d72e65b72a2b76d9637892a , < 8b7df76356d098f85f3bd2c7cf6fb43f531893d7 (git) Affected: ee39384ee787e86e9db4efb843818ef0ea9cb8ae , < c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58 (git) Affected: aee2424246f9f1dadc33faa78990c1e2eb7826e4 , < a09dc967b3c58899e259c0aea092f421d22a0b04 (git) Affected: aee2424246f9f1dadc33faa78990c1e2eb7826e4 , < 86dfdd8288907f03c18b7fb462e0e232c4f98d89 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47696",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:05:12.849051Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:14:14.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:01.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/iwcm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "da2708a19f45b4a7278adf523837c8db21d1e2b5",
"status": "affected",
"version": "d91d253c87fd1efece521ff2612078a35af673c6",
"versionType": "git"
},
{
"lessThan": "29b3bbd912b8db86df7a3c180b910ccb621f5635",
"status": "affected",
"version": "7f25f296fc9bd0435be14e89bf657cd615a23574",
"versionType": "git"
},
{
"lessThan": "2efe8da2ddbf873385b4bc55366d09350b408df6",
"status": "affected",
"version": "94ee7ff99b87435ec63211f632918dc7f44dac79",
"versionType": "git"
},
{
"lessThan": "da0392698c62397c19deb1b9e9bdf2fbb5a9420e",
"status": "affected",
"version": "557d035fe88d78dd51664f4dc0e1896c04c97cf6",
"versionType": "git"
},
{
"lessThan": "a64f30db12bdc937c5108158d98c8eab1925c548",
"status": "affected",
"version": "dc8074b8901caabb97c2d353abd6b4e7fa5a59a5",
"versionType": "git"
},
{
"lessThan": "8b7df76356d098f85f3bd2c7cf6fb43f531893d7",
"status": "affected",
"version": "ff5bbbdee08287d75d72e65b72a2b76d9637892a",
"versionType": "git"
},
{
"lessThan": "c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58",
"status": "affected",
"version": "ee39384ee787e86e9db4efb843818ef0ea9cb8ae",
"versionType": "git"
},
{
"lessThan": "a09dc967b3c58899e259c0aea092f421d22a0b04",
"status": "affected",
"version": "aee2424246f9f1dadc33faa78990c1e2eb7826e4",
"versionType": "git"
},
{
"lessThan": "86dfdd8288907f03c18b7fb462e0e232c4f98d89",
"status": "affected",
"version": "aee2424246f9f1dadc33faa78990c1e2eb7826e4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/iwcm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.11"
},
{
"lessThan": "6.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.19.320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "5.4.282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.10.224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.15.165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "6.1.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "6.6.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "6.10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "6.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency\n\nIn the commit aee2424246f9 (\"RDMA/iwcm: Fix a use-after-free related to\ndestroying CM IDs\"), the function flush_workqueue is invoked to flush the\nwork queue iwcm_wq.\n\nBut at that time, the work queue iwcm_wq was created via the function\nalloc_ordered_workqueue without the flag WQ_MEM_RECLAIM.\n\nBecause the current process is trying to flush the whole iwcm_wq, if\niwcm_wq doesn\u0027t have the flag WQ_MEM_RECLAIM, verify that the current\nprocess is not reclaiming memory or running on a workqueue which doesn\u0027t\nhave the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee\nleading to a deadlock.\n\nThe call trace is as below:\n\n[ 125.350876][ T1430] Call Trace:\n[ 125.356281][ T1430] \u003cTASK\u003e\n[ 125.361285][ T1430] ? __warn (kernel/panic.c:693)\n[ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219)\n[ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239)\n[ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\n[ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970)\n[ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151)\n[ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm\n[ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910)\n[ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161)\n[ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm\n[ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma\n[ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma\n[ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231)\n[ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393)\n[ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339)\n[ 125.531837][ T1430] kthread (kernel/kthread.c:389)\n[ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\n[ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147)\n[ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\n[ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)\n[ 125.566487][ T1430] \u003c/TASK\u003e\n[ 125.566488][ T1430] ---[ end trace 0000000000000000 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:37:36.111Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/da2708a19f45b4a7278adf523837c8db21d1e2b5"
},
{
"url": "https://git.kernel.org/stable/c/29b3bbd912b8db86df7a3c180b910ccb621f5635"
},
{
"url": "https://git.kernel.org/stable/c/2efe8da2ddbf873385b4bc55366d09350b408df6"
},
{
"url": "https://git.kernel.org/stable/c/da0392698c62397c19deb1b9e9bdf2fbb5a9420e"
},
{
"url": "https://git.kernel.org/stable/c/a64f30db12bdc937c5108158d98c8eab1925c548"
},
{
"url": "https://git.kernel.org/stable/c/8b7df76356d098f85f3bd2c7cf6fb43f531893d7"
},
{
"url": "https://git.kernel.org/stable/c/c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58"
},
{
"url": "https://git.kernel.org/stable/c/a09dc967b3c58899e259c0aea092f421d22a0b04"
},
{
"url": "https://git.kernel.org/stable/c/86dfdd8288907f03c18b7fb462e0e232c4f98d89"
}
],
"title": "RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47696",
"datePublished": "2024-10-21T11:53:33.950Z",
"dateReserved": "2024-09-30T16:00:12.942Z",
"dateUpdated": "2025-11-03T22:21:01.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46806 (GCVE-0-2024-46806)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-09-19 15:21
VLAI?
EPSS
Title
drm/amdgpu: Fix the warning division or modulo by zero
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix the warning division or modulo by zero
Checks the partition mode and returns an error for an invalid mode.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
3177b3c52f62e262c6a8eff19358ca128c26d518 , < d116bb921e8b104f45d1f30a473ea99ef4262b9a
(git)
Affected: 3177b3c52f62e262c6a8eff19358ca128c26d518 , < a01618adcba78c6bd6c4557a4a5e32f58b658cd1 (git) Affected: 3177b3c52f62e262c6a8eff19358ca128c26d518 , < 1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46806",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:20:13.007099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:20:25.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d116bb921e8b104f45d1f30a473ea99ef4262b9a",
"status": "affected",
"version": "3177b3c52f62e262c6a8eff19358ca128c26d518",
"versionType": "git"
},
{
"lessThan": "a01618adcba78c6bd6c4557a4a5e32f58b658cd1",
"status": "affected",
"version": "3177b3c52f62e262c6a8eff19358ca128c26d518",
"versionType": "git"
},
{
"lessThan": "1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c",
"status": "affected",
"version": "3177b3c52f62e262c6a8eff19358ca128c26d518",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.50",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.50",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the warning division or modulo by zero\n\nChecks the partition mode and returns an error for an invalid mode."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T15:21:42.544Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d116bb921e8b104f45d1f30a473ea99ef4262b9a"
},
{
"url": "https://git.kernel.org/stable/c/a01618adcba78c6bd6c4557a4a5e32f58b658cd1"
},
{
"url": "https://git.kernel.org/stable/c/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c"
}
],
"title": "drm/amdgpu: Fix the warning division or modulo by zero",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46806",
"datePublished": "2024-09-27T12:35:51.156Z",
"dateReserved": "2024-09-11T15:12:18.282Z",
"dateUpdated": "2025-09-19T15:21:42.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49917 (GCVE-0-2024-49917)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 20:41
VLAI?
EPSS
Title
drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw
This commit addresses a potential null pointer dereference issue in the
`dcn30_init_hw` function. The issue could occur when `dc->clk_mgr` or
`dc->clk_mgr->funcs` is null.
The fix adds a check to ensure `dc->clk_mgr` and `dc->clk_mgr->funcs` is
not null before accessing its functions. This prevents a potential null
pointer dereference.
Reported by smatch:
drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:789 dcn30_init_hw() error: we previously assumed 'dc->clk_mgr' could be null (see line 628)
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 23cb6139543580dc36743586ca86fbb3f7ab2c9d
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 205e3b96cc9aa9211fd2c849a16245cf236b2d36 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 5443c83eb8fd2f88c71ced38848fbf744d6206a2 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 56c326577971adc3a230f29dfd3aa3abdd505f5d (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < cba7fec864172dadd953daefdd26e01742b71a6a (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:40:51.944829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:45.284Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:41:59.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "23cb6139543580dc36743586ca86fbb3f7ab2c9d",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "205e3b96cc9aa9211fd2c849a16245cf236b2d36",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "5443c83eb8fd2f88c71ced38848fbf744d6206a2",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "56c326577971adc3a230f29dfd3aa3abdd505f5d",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "cba7fec864172dadd953daefdd26e01742b71a6a",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for clk_mgr and clk_mgr-\u003efuncs in dcn30_init_hw\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn30_init_hw` function. The issue could occur when `dc-\u003eclk_mgr` or\n`dc-\u003eclk_mgr-\u003efuncs` is null.\n\nThe fix adds a check to ensure `dc-\u003eclk_mgr` and `dc-\u003eclk_mgr-\u003efuncs` is\nnot null before accessing its functions. This prevents a potential null\npointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:789 dcn30_init_hw() error: we previously assumed \u0027dc-\u003eclk_mgr\u0027 could be null (see line 628)"
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:21:15.617Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/23cb6139543580dc36743586ca86fbb3f7ab2c9d"
},
{
"url": "https://git.kernel.org/stable/c/205e3b96cc9aa9211fd2c849a16245cf236b2d36"
},
{
"url": "https://git.kernel.org/stable/c/5443c83eb8fd2f88c71ced38848fbf744d6206a2"
},
{
"url": "https://git.kernel.org/stable/c/56c326577971adc3a230f29dfd3aa3abdd505f5d"
},
{
"url": "https://git.kernel.org/stable/c/cba7fec864172dadd953daefdd26e01742b71a6a"
}
],
"title": "drm/amd/display: Add NULL check for clk_mgr and clk_mgr-\u003efuncs in dcn30_init_hw",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49917",
"datePublished": "2024-10-21T18:01:44.295Z",
"dateReserved": "2024-10-21T12:17:06.033Z",
"dateUpdated": "2025-11-03T20:41:59.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48997 (GCVE-0-2022-48997)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
char: tpm: Protect tpm_pm_suspend with locks
Summary
In the Linux kernel, the following vulnerability has been resolved:
char: tpm: Protect tpm_pm_suspend with locks
Currently tpm transactions are executed unconditionally in
tpm_pm_suspend() function, which may lead to races with other tpm
accessors in the system.
Specifically, the hw_random tpm driver makes use of tpm_get_random(),
and this function is called in a loop from a kthread, which means it's
not frozen alongside userspace, and so can race with the work done
during system suspend:
tpm tpm0: tpm_transmit: tpm_recv: error -52
tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics
CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014
Call Trace:
tpm_tis_status.cold+0x19/0x20
tpm_transmit+0x13b/0x390
tpm_transmit_cmd+0x20/0x80
tpm1_pm_suspend+0xa6/0x110
tpm_pm_suspend+0x53/0x80
__pnp_bus_suspend+0x35/0xe0
__device_suspend+0x10f/0x350
Fix this by calling tpm_try_get_ops(), which itself is a wrapper around
tpm_chip_start(), but takes the appropriate mutex.
[Jason: reworked commit message, added metadata]
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
e891db1a18bf11e02533ec2386b796cfd8d60666 , < d699373ac5f3545243d3c73a1ccab77fdef8cec6
(git)
Affected: e891db1a18bf11e02533ec2386b796cfd8d60666 , < 4e0d6c687c925e27fd4bc78a2721d10acf5614d6 (git) Affected: e891db1a18bf11e02533ec2386b796cfd8d60666 , < 571b6bbbf54d835ea6120f65575cb55cd767e603 (git) Affected: e891db1a18bf11e02533ec2386b796cfd8d60666 , < 25b78bf98b07ff5aceb9b1e24f72ec0236c5c053 (git) Affected: e891db1a18bf11e02533ec2386b796cfd8d60666 , < 23393c6461422df5bf8084a086ada9a7e17dc2ba (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:15:42.230328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:41.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/char/tpm/tpm-interface.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d699373ac5f3545243d3c73a1ccab77fdef8cec6",
"status": "affected",
"version": "e891db1a18bf11e02533ec2386b796cfd8d60666",
"versionType": "git"
},
{
"lessThan": "4e0d6c687c925e27fd4bc78a2721d10acf5614d6",
"status": "affected",
"version": "e891db1a18bf11e02533ec2386b796cfd8d60666",
"versionType": "git"
},
{
"lessThan": "571b6bbbf54d835ea6120f65575cb55cd767e603",
"status": "affected",
"version": "e891db1a18bf11e02533ec2386b796cfd8d60666",
"versionType": "git"
},
{
"lessThan": "25b78bf98b07ff5aceb9b1e24f72ec0236c5c053",
"status": "affected",
"version": "e891db1a18bf11e02533ec2386b796cfd8d60666",
"versionType": "git"
},
{
"lessThan": "23393c6461422df5bf8084a086ada9a7e17dc2ba",
"status": "affected",
"version": "e891db1a18bf11e02533ec2386b796cfd8d60666",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/char/tpm/tpm-interface.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: tpm: Protect tpm_pm_suspend with locks\n\nCurrently tpm transactions are executed unconditionally in\ntpm_pm_suspend() function, which may lead to races with other tpm\naccessors in the system.\n\nSpecifically, the hw_random tpm driver makes use of tpm_get_random(),\nand this function is called in a loop from a kthread, which means it\u0027s\nnot frozen alongside userspace, and so can race with the work done\nduring system suspend:\n\n tpm tpm0: tpm_transmit: tpm_recv: error -52\n tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics\n CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014\n Call Trace:\n tpm_tis_status.cold+0x19/0x20\n tpm_transmit+0x13b/0x390\n tpm_transmit_cmd+0x20/0x80\n tpm1_pm_suspend+0xa6/0x110\n tpm_pm_suspend+0x53/0x80\n __pnp_bus_suspend+0x35/0xe0\n __device_suspend+0x10f/0x350\n\nFix this by calling tpm_try_get_ops(), which itself is a wrapper around\ntpm_chip_start(), but takes the appropriate mutex.\n\n[Jason: reworked commit message, added metadata]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:44.392Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d699373ac5f3545243d3c73a1ccab77fdef8cec6"
},
{
"url": "https://git.kernel.org/stable/c/4e0d6c687c925e27fd4bc78a2721d10acf5614d6"
},
{
"url": "https://git.kernel.org/stable/c/571b6bbbf54d835ea6120f65575cb55cd767e603"
},
{
"url": "https://git.kernel.org/stable/c/25b78bf98b07ff5aceb9b1e24f72ec0236c5c053"
},
{
"url": "https://git.kernel.org/stable/c/23393c6461422df5bf8084a086ada9a7e17dc2ba"
}
],
"title": "char: tpm: Protect tpm_pm_suspend with locks",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48997",
"datePublished": "2024-10-21T20:06:12.787Z",
"dateReserved": "2024-08-22T01:27:53.637Z",
"dateUpdated": "2025-05-04T08:27:44.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47745 (GCVE-0-2024-47745)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2026-01-05 10:54
VLAI?
EPSS
Title
mm: call the security_mmap_file() LSM hook in remap_file_pages()
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm: call the security_mmap_file() LSM hook in remap_file_pages()
The remap_file_pages syscall handler calls do_mmap() directly, which
doesn't contain the LSM security check. And if the process has called
personality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for
RW pages, this will actually result in remapping the pages to RWX,
bypassing a W^X policy enforced by SELinux.
So we should check prot by security_mmap_file LSM hook in the
remap_file_pages syscall handler before do_mmap() is called. Otherwise, it
potentially permits an attacker to bypass a W^X policy enforced by
SELinux.
The bypass is similar to CVE-2016-10044, which bypass the same thing via
AIO and can be found in [1].
The PoC:
$ cat > test.c
int main(void) {
size_t pagesz = sysconf(_SC_PAGE_SIZE);
int mfd = syscall(SYS_memfd_create, "test", 0);
const char *buf = mmap(NULL, 4 * pagesz, PROT_READ | PROT_WRITE,
MAP_SHARED, mfd, 0);
unsigned int old = syscall(SYS_personality, 0xffffffff);
syscall(SYS_personality, READ_IMPLIES_EXEC | old);
syscall(SYS_remap_file_pages, buf, pagesz, 0, 2, 0);
syscall(SYS_personality, old);
// show the RWX page exists even if W^X policy is enforced
int fd = open("/proc/self/maps", O_RDONLY);
unsigned char buf2[1024];
while (1) {
int ret = read(fd, buf2, 1024);
if (ret <= 0) break;
write(1, buf2, ret);
}
close(fd);
}
$ gcc test.c -o test
$ ./test | grep rwx
7f1836c34000-7f1836c35000 rwxs 00002000 00:01 2050 /memfd:test (deleted)
[PM: subject line tweaks]
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
c8d78c1823f46519473949d33f0d1d33fe21ea16 , < 0f910dbf2f2a4a7820ba4bac7b280f7108aa05b1
(git)
Affected: c8d78c1823f46519473949d33f0d1d33fe21ea16 , < 49d3a4ad57c57227c3b0fd6cd4188b2a5ebd6178 (git) Affected: c8d78c1823f46519473949d33f0d1d33fe21ea16 , < 3393fddbfa947c8e1fdcc4509226905ffffd8b89 (git) Affected: c8d78c1823f46519473949d33f0d1d33fe21ea16 , < ce14f38d6ee9e88e37ec28427b4b93a7c33c70d3 (git) Affected: c8d78c1823f46519473949d33f0d1d33fe21ea16 , < ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 (git) Affected: 097f98edde717ce09f217d8a285fe357dcd29fd1 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:58:41.257228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:13.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:40:38.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/mmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0f910dbf2f2a4a7820ba4bac7b280f7108aa05b1",
"status": "affected",
"version": "c8d78c1823f46519473949d33f0d1d33fe21ea16",
"versionType": "git"
},
{
"lessThan": "49d3a4ad57c57227c3b0fd6cd4188b2a5ebd6178",
"status": "affected",
"version": "c8d78c1823f46519473949d33f0d1d33fe21ea16",
"versionType": "git"
},
{
"lessThan": "3393fddbfa947c8e1fdcc4509226905ffffd8b89",
"status": "affected",
"version": "c8d78c1823f46519473949d33f0d1d33fe21ea16",
"versionType": "git"
},
{
"lessThan": "ce14f38d6ee9e88e37ec28427b4b93a7c33c70d3",
"status": "affected",
"version": "c8d78c1823f46519473949d33f0d1d33fe21ea16",
"versionType": "git"
},
{
"lessThan": "ea7e2d5e49c05e5db1922387b09ca74aa40f46e2",
"status": "affected",
"version": "c8d78c1823f46519473949d33f0d1d33fe21ea16",
"versionType": "git"
},
{
"status": "affected",
"version": "097f98edde717ce09f217d8a285fe357dcd29fd1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/mmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"lessThan": "4.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16.59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: call the security_mmap_file() LSM hook in remap_file_pages()\n\nThe remap_file_pages syscall handler calls do_mmap() directly, which\ndoesn\u0027t contain the LSM security check. And if the process has called\npersonality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for\nRW pages, this will actually result in remapping the pages to RWX,\nbypassing a W^X policy enforced by SELinux.\n\nSo we should check prot by security_mmap_file LSM hook in the\nremap_file_pages syscall handler before do_mmap() is called. Otherwise, it\npotentially permits an attacker to bypass a W^X policy enforced by\nSELinux.\n\nThe bypass is similar to CVE-2016-10044, which bypass the same thing via\nAIO and can be found in [1].\n\nThe PoC:\n\n$ cat \u003e test.c\n\nint main(void) {\n\tsize_t pagesz = sysconf(_SC_PAGE_SIZE);\n\tint mfd = syscall(SYS_memfd_create, \"test\", 0);\n\tconst char *buf = mmap(NULL, 4 * pagesz, PROT_READ | PROT_WRITE,\n\t\tMAP_SHARED, mfd, 0);\n\tunsigned int old = syscall(SYS_personality, 0xffffffff);\n\tsyscall(SYS_personality, READ_IMPLIES_EXEC | old);\n\tsyscall(SYS_remap_file_pages, buf, pagesz, 0, 2, 0);\n\tsyscall(SYS_personality, old);\n\t// show the RWX page exists even if W^X policy is enforced\n\tint fd = open(\"/proc/self/maps\", O_RDONLY);\n\tunsigned char buf2[1024];\n\twhile (1) {\n\t\tint ret = read(fd, buf2, 1024);\n\t\tif (ret \u003c= 0) break;\n\t\twrite(1, buf2, ret);\n\t}\n\tclose(fd);\n}\n\n$ gcc test.c -o test\n$ ./test | grep rwx\n7f1836c34000-7f1836c35000 rwxs 00002000 00:01 2050 /memfd:test (deleted)\n\n[PM: subject line tweaks]"
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:54:03.184Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f910dbf2f2a4a7820ba4bac7b280f7108aa05b1"
},
{
"url": "https://git.kernel.org/stable/c/49d3a4ad57c57227c3b0fd6cd4188b2a5ebd6178"
},
{
"url": "https://git.kernel.org/stable/c/3393fddbfa947c8e1fdcc4509226905ffffd8b89"
},
{
"url": "https://git.kernel.org/stable/c/ce14f38d6ee9e88e37ec28427b4b93a7c33c70d3"
},
{
"url": "https://git.kernel.org/stable/c/ea7e2d5e49c05e5db1922387b09ca74aa40f46e2"
}
],
"title": "mm: call the security_mmap_file() LSM hook in remap_file_pages()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47745",
"datePublished": "2024-10-21T12:14:12.488Z",
"dateReserved": "2024-09-30T16:00:12.960Z",
"dateUpdated": "2026-01-05T10:54:03.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-3435 (GCVE-0-2022-3435)
Vulnerability from cvelistv5 – Published: 2022-10-08 00:00 – Updated: 2025-04-15 13:46
VLAI?
EPSS
Title
Linux Kernel IPv4 fib_semantics.c fib_nh_match out-of-bounds
Summary
A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability.
Severity ?
4.3 (Medium)
CWE
- CWE-119 - Memory Corruption -> CWE-125 Out-of-Bounds Read
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/netdev/20221005181257.8897-1-dsahern%40kernel.org/T/#u"
},
{
"tags": [
"x_transferred"
],
"url": "https://vuldb.com/?id.210357"
},
{
"name": "FEDORA-2022-2cfbe17910",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/"
},
{
"name": "FEDORA-2022-b948fc3cfb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/"
},
{
"name": "FEDORA-2022-1a5b125ac6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/"
},
{
"name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:10:02.272892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:46:07.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Memory Corruption -\u003e CWE-125 Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"url": "https://lore.kernel.org/netdev/20221005181257.8897-1-dsahern%40kernel.org/T/#u"
},
{
"url": "https://vuldb.com/?id.210357"
},
{
"name": "FEDORA-2022-2cfbe17910",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/"
},
{
"name": "FEDORA-2022-b948fc3cfb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/"
},
{
"name": "FEDORA-2022-1a5b125ac6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/"
},
{
"name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"
}
],
"title": "Linux Kernel IPv4 fib_semantics.c fib_nh_match out-of-bounds",
"x_generator": "vuldb.com"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-3435",
"datePublished": "2022-10-08T00:00:00.000Z",
"dateReserved": "2022-10-08T00:00:00.000Z",
"dateUpdated": "2025-04-15T13:46:07.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49032 (GCVE-0-2022-49032)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
Summary
In the Linux kernel, the following vulnerability has been resolved:
iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
KASAN report out-of-bounds read as follows:
BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380
Read of size 4 at addr ffffffffc00e4658 by task cat/278
Call Trace:
afe4404_read_raw
iio_read_channel_info
dev_attr_show
The buggy address belongs to the variable:
afe4404_channel_leds+0x18/0xffffffffffffe9c0
This issue can be reproduce by singe command:
$ cat /sys/bus/i2c/devices/0-0058/iio\:device0/in_intensity6_raw
The array size of afe4404_channel_leds and afe4404_channel_offdacs
are less than channels, so access with chan->address cause OOB read
in afe4404_[read|write]_raw. Fix it by moving access before use them.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
b36e8257641a043764c62240316610c81e36376c , < 68de7da092f38395dde523f2e5db26eba6c23e28
(git)
Affected: b36e8257641a043764c62240316610c81e36376c , < 113c08030a89aaf406f8a1d4549d758a67c2afba (git) Affected: b36e8257641a043764c62240316610c81e36376c , < f5575041ec15310bdc50c42b8b22118cc900226e (git) Affected: b36e8257641a043764c62240316610c81e36376c , < 3f566b626029ca8598d48e5074e56bb37399ca1b (git) Affected: b36e8257641a043764c62240316610c81e36376c , < 5eb114f55b37dbc0487aa9c1913b81bb7837f1c4 (git) Affected: b36e8257641a043764c62240316610c81e36376c , < f7419fc42afc035f6b29ce713e17dcd2000c833f (git) Affected: b36e8257641a043764c62240316610c81e36376c , < d45d9f45e7b1365fd0d9bf14680d6d5082a590d1 (git) Affected: b36e8257641a043764c62240316610c81e36376c , < fc92d9e3de0b2d30a3ccc08048a5fad533e4672b (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49032",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:11:06.095851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:35.607Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iio/health/afe4404.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "68de7da092f38395dde523f2e5db26eba6c23e28",
"status": "affected",
"version": "b36e8257641a043764c62240316610c81e36376c",
"versionType": "git"
},
{
"lessThan": "113c08030a89aaf406f8a1d4549d758a67c2afba",
"status": "affected",
"version": "b36e8257641a043764c62240316610c81e36376c",
"versionType": "git"
},
{
"lessThan": "f5575041ec15310bdc50c42b8b22118cc900226e",
"status": "affected",
"version": "b36e8257641a043764c62240316610c81e36376c",
"versionType": "git"
},
{
"lessThan": "3f566b626029ca8598d48e5074e56bb37399ca1b",
"status": "affected",
"version": "b36e8257641a043764c62240316610c81e36376c",
"versionType": "git"
},
{
"lessThan": "5eb114f55b37dbc0487aa9c1913b81bb7837f1c4",
"status": "affected",
"version": "b36e8257641a043764c62240316610c81e36376c",
"versionType": "git"
},
{
"lessThan": "f7419fc42afc035f6b29ce713e17dcd2000c833f",
"status": "affected",
"version": "b36e8257641a043764c62240316610c81e36376c",
"versionType": "git"
},
{
"lessThan": "d45d9f45e7b1365fd0d9bf14680d6d5082a590d1",
"status": "affected",
"version": "b36e8257641a043764c62240316610c81e36376c",
"versionType": "git"
},
{
"lessThan": "fc92d9e3de0b2d30a3ccc08048a5fad533e4672b",
"status": "affected",
"version": "b36e8257641a043764c62240316610c81e36376c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iio/health/afe4404.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.335",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.301",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.335",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.301",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.268",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: health: afe4404: Fix oob read in afe4404_[read|write]_raw\n\nKASAN report out-of-bounds read as follows:\n\nBUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380\nRead of size 4 at addr ffffffffc00e4658 by task cat/278\n\nCall Trace:\n afe4404_read_raw\n iio_read_channel_info\n dev_attr_show\n\nThe buggy address belongs to the variable:\n afe4404_channel_leds+0x18/0xffffffffffffe9c0\n\nThis issue can be reproduce by singe command:\n\n $ cat /sys/bus/i2c/devices/0-0058/iio\\:device0/in_intensity6_raw\n\nThe array size of afe4404_channel_leds and afe4404_channel_offdacs\nare less than channels, so access with chan-\u003eaddress cause OOB read\nin afe4404_[read|write]_raw. Fix it by moving access before use them."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:28.046Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/68de7da092f38395dde523f2e5db26eba6c23e28"
},
{
"url": "https://git.kernel.org/stable/c/113c08030a89aaf406f8a1d4549d758a67c2afba"
},
{
"url": "https://git.kernel.org/stable/c/f5575041ec15310bdc50c42b8b22118cc900226e"
},
{
"url": "https://git.kernel.org/stable/c/3f566b626029ca8598d48e5074e56bb37399ca1b"
},
{
"url": "https://git.kernel.org/stable/c/5eb114f55b37dbc0487aa9c1913b81bb7837f1c4"
},
{
"url": "https://git.kernel.org/stable/c/f7419fc42afc035f6b29ce713e17dcd2000c833f"
},
{
"url": "https://git.kernel.org/stable/c/d45d9f45e7b1365fd0d9bf14680d6d5082a590d1"
},
{
"url": "https://git.kernel.org/stable/c/fc92d9e3de0b2d30a3ccc08048a5fad533e4672b"
}
],
"title": "iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49032",
"datePublished": "2024-10-21T20:06:35.864Z",
"dateReserved": "2024-08-22T01:27:53.652Z",
"dateUpdated": "2025-05-04T08:28:28.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50047 (GCVE-0-2024-50047)
Vulnerability from cvelistv5 – Published: 2024-10-21 19:39 – Updated: 2026-01-05 10:54
VLAI?
EPSS
Title
smb: client: fix UAF in async decryption
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix UAF in async decryption
Doing an async decryption (large read) crashes with a
slab-use-after-free way down in the crypto API.
Reproducer:
# mount.cifs -o ...,seal,esize=1 //srv/share /mnt
# dd if=/mnt/largefile of=/dev/null
...
[ 194.196391] ==================================================================
[ 194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110
[ 194.197269] Read of size 8 at addr ffff888112bd0448 by task kworker/u77:2/899
[ 194.197707]
[ 194.197818] CPU: 12 UID: 0 PID: 899 Comm: kworker/u77:2 Not tainted 6.11.0-lku-00028-gfca3ca14a17a-dirty #43
[ 194.198400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014
[ 194.199046] Workqueue: smb3decryptd smb2_decrypt_offload [cifs]
[ 194.200032] Call Trace:
[ 194.200191] <TASK>
[ 194.200327] dump_stack_lvl+0x4e/0x70
[ 194.200558] ? gf128mul_4k_lle+0xc1/0x110
[ 194.200809] print_report+0x174/0x505
[ 194.201040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 194.201352] ? srso_return_thunk+0x5/0x5f
[ 194.201604] ? __virt_addr_valid+0xdf/0x1c0
[ 194.201868] ? gf128mul_4k_lle+0xc1/0x110
[ 194.202128] kasan_report+0xc8/0x150
[ 194.202361] ? gf128mul_4k_lle+0xc1/0x110
[ 194.202616] gf128mul_4k_lle+0xc1/0x110
[ 194.202863] ghash_update+0x184/0x210
[ 194.203103] shash_ahash_update+0x184/0x2a0
[ 194.203377] ? __pfx_shash_ahash_update+0x10/0x10
[ 194.203651] ? srso_return_thunk+0x5/0x5f
[ 194.203877] ? crypto_gcm_init_common+0x1ba/0x340
[ 194.204142] gcm_hash_assoc_remain_continue+0x10a/0x140
[ 194.204434] crypt_message+0xec1/0x10a0 [cifs]
[ 194.206489] ? __pfx_crypt_message+0x10/0x10 [cifs]
[ 194.208507] ? srso_return_thunk+0x5/0x5f
[ 194.209205] ? srso_return_thunk+0x5/0x5f
[ 194.209925] ? srso_return_thunk+0x5/0x5f
[ 194.210443] ? srso_return_thunk+0x5/0x5f
[ 194.211037] decrypt_raw_data+0x15f/0x250 [cifs]
[ 194.212906] ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]
[ 194.214670] ? srso_return_thunk+0x5/0x5f
[ 194.215193] smb2_decrypt_offload+0x12a/0x6c0 [cifs]
This is because TFM is being used in parallel.
Fix this by allocating a new AEAD TFM for async decryption, but keep
the existing one for synchronous READ cases (similar to what is done
in smb3_calc_signature()).
Also remove the calls to aead_request_set_callback() and
crypto_wait_req() since it's always going to be a synchronous operation.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
35cf94a397280b9e27576ac1480f631bdd3e7b70 , < 8f14a476abba13144df5434871a7225fd29af633
(git)
Affected: 35cf94a397280b9e27576ac1480f631bdd3e7b70 , < ef51c0d544b1518b35364480317ab6d3468f205d (git) Affected: 35cf94a397280b9e27576ac1480f631bdd3e7b70 , < bce966530fd5542bbb422cb45ecb775f7a1a6bc3 (git) Affected: 35cf94a397280b9e27576ac1480f631bdd3e7b70 , < 0809fb86ad13b29e1d6d491364fc7ea4fb545995 (git) Affected: 35cf94a397280b9e27576ac1480f631bdd3e7b70 , < 538c26d9bf70c90edc460d18c81008a4e555925a (git) Affected: 35cf94a397280b9e27576ac1480f631bdd3e7b70 , < b0abcd65ec545701b8793e12bc27dc98042b151a (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50047",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:23:59.456851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:43.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:43:16.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/client/smb2ops.c",
"fs/smb/client/smb2pdu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8f14a476abba13144df5434871a7225fd29af633",
"status": "affected",
"version": "35cf94a397280b9e27576ac1480f631bdd3e7b70",
"versionType": "git"
},
{
"lessThan": "ef51c0d544b1518b35364480317ab6d3468f205d",
"status": "affected",
"version": "35cf94a397280b9e27576ac1480f631bdd3e7b70",
"versionType": "git"
},
{
"lessThan": "bce966530fd5542bbb422cb45ecb775f7a1a6bc3",
"status": "affected",
"version": "35cf94a397280b9e27576ac1480f631bdd3e7b70",
"versionType": "git"
},
{
"lessThan": "0809fb86ad13b29e1d6d491364fc7ea4fb545995",
"status": "affected",
"version": "35cf94a397280b9e27576ac1480f631bdd3e7b70",
"versionType": "git"
},
{
"lessThan": "538c26d9bf70c90edc460d18c81008a4e555925a",
"status": "affected",
"version": "35cf94a397280b9e27576ac1480f631bdd3e7b70",
"versionType": "git"
},
{
"lessThan": "b0abcd65ec545701b8793e12bc27dc98042b151a",
"status": "affected",
"version": "35cf94a397280b9e27576ac1480f631bdd3e7b70",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/client/smb2ops.c",
"fs/smb/client/smb2pdu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.128",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.57",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.237",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.181",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.128",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.57",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.4",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix UAF in async decryption\n\nDoing an async decryption (large read) crashes with a\nslab-use-after-free way down in the crypto API.\n\nReproducer:\n # mount.cifs -o ...,seal,esize=1 //srv/share /mnt\n # dd if=/mnt/largefile of=/dev/null\n ...\n [ 194.196391] ==================================================================\n [ 194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110\n [ 194.197269] Read of size 8 at addr ffff888112bd0448 by task kworker/u77:2/899\n [ 194.197707]\n [ 194.197818] CPU: 12 UID: 0 PID: 899 Comm: kworker/u77:2 Not tainted 6.11.0-lku-00028-gfca3ca14a17a-dirty #43\n [ 194.198400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014\n [ 194.199046] Workqueue: smb3decryptd smb2_decrypt_offload [cifs]\n [ 194.200032] Call Trace:\n [ 194.200191] \u003cTASK\u003e\n [ 194.200327] dump_stack_lvl+0x4e/0x70\n [ 194.200558] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.200809] print_report+0x174/0x505\n [ 194.201040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n [ 194.201352] ? srso_return_thunk+0x5/0x5f\n [ 194.201604] ? __virt_addr_valid+0xdf/0x1c0\n [ 194.201868] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.202128] kasan_report+0xc8/0x150\n [ 194.202361] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.202616] gf128mul_4k_lle+0xc1/0x110\n [ 194.202863] ghash_update+0x184/0x210\n [ 194.203103] shash_ahash_update+0x184/0x2a0\n [ 194.203377] ? __pfx_shash_ahash_update+0x10/0x10\n [ 194.203651] ? srso_return_thunk+0x5/0x5f\n [ 194.203877] ? crypto_gcm_init_common+0x1ba/0x340\n [ 194.204142] gcm_hash_assoc_remain_continue+0x10a/0x140\n [ 194.204434] crypt_message+0xec1/0x10a0 [cifs]\n [ 194.206489] ? __pfx_crypt_message+0x10/0x10 [cifs]\n [ 194.208507] ? srso_return_thunk+0x5/0x5f\n [ 194.209205] ? srso_return_thunk+0x5/0x5f\n [ 194.209925] ? srso_return_thunk+0x5/0x5f\n [ 194.210443] ? srso_return_thunk+0x5/0x5f\n [ 194.211037] decrypt_raw_data+0x15f/0x250 [cifs]\n [ 194.212906] ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]\n [ 194.214670] ? srso_return_thunk+0x5/0x5f\n [ 194.215193] smb2_decrypt_offload+0x12a/0x6c0 [cifs]\n\nThis is because TFM is being used in parallel.\n\nFix this by allocating a new AEAD TFM for async decryption, but keep\nthe existing one for synchronous READ cases (similar to what is done\nin smb3_calc_signature()).\n\nAlso remove the calls to aead_request_set_callback() and\ncrypto_wait_req() since it\u0027s always going to be a synchronous operation."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:54:46.912Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8f14a476abba13144df5434871a7225fd29af633"
},
{
"url": "https://git.kernel.org/stable/c/ef51c0d544b1518b35364480317ab6d3468f205d"
},
{
"url": "https://git.kernel.org/stable/c/bce966530fd5542bbb422cb45ecb775f7a1a6bc3"
},
{
"url": "https://git.kernel.org/stable/c/0809fb86ad13b29e1d6d491364fc7ea4fb545995"
},
{
"url": "https://git.kernel.org/stable/c/538c26d9bf70c90edc460d18c81008a4e555925a"
},
{
"url": "https://git.kernel.org/stable/c/b0abcd65ec545701b8793e12bc27dc98042b151a"
}
],
"title": "smb: client: fix UAF in async decryption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50047",
"datePublished": "2024-10-21T19:39:44.430Z",
"dateReserved": "2024-10-21T12:17:06.071Z",
"dateUpdated": "2026-01-05T10:54:46.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50058 (GCVE-0-2024-50058)
Vulnerability from cvelistv5 – Published: 2024-10-21 19:39 – Updated: 2026-01-05 10:54
VLAI?
EPSS
Title
serial: protect uart_port_dtr_rts() in uart_shutdown() too
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: protect uart_port_dtr_rts() in uart_shutdown() too
Commit af224ca2df29 (serial: core: Prevent unsafe uart port access, part
3) added few uport == NULL checks. It added one to uart_shutdown(), so
the commit assumes, uport can be NULL in there. But right after that
protection, there is an unprotected "uart_port_dtr_rts(uport, false);"
call. That is invoked only if HUPCL is set, so I assume that is the
reason why we do not see lots of these reports.
Or it cannot be NULL at this point at all for some reason :P.
Until the above is investigated, stay on the safe side and move this
dereference to the if too.
I got this inconsistency from Coverity under CID 1585130. Thanks.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
af224ca2df297440448b9d407d21b50982c6d532 , < 2fe399bb8efd0d325ab1138cf8e3ecf23a39e96d
(git)
Affected: af224ca2df297440448b9d407d21b50982c6d532 , < 399927f0f875b93f3d5a0336d382ba48b8671eb2 (git) Affected: af224ca2df297440448b9d407d21b50982c6d532 , < d7b5876a6e74cdf8468a478be6b23f2f5464ac7a (git) Affected: af224ca2df297440448b9d407d21b50982c6d532 , < e418d91195d29d5f9c9685ff309b92b04b41dc40 (git) Affected: af224ca2df297440448b9d407d21b50982c6d532 , < 76ed24a34223bb2c6b6162e1d8389ec4e602a290 (git) Affected: af224ca2df297440448b9d407d21b50982c6d532 , < 602babaa84d627923713acaf5f7e9a4369e77473 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50058",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:23:14.442818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:42.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:24:57.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/serial_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2fe399bb8efd0d325ab1138cf8e3ecf23a39e96d",
"status": "affected",
"version": "af224ca2df297440448b9d407d21b50982c6d532",
"versionType": "git"
},
{
"lessThan": "399927f0f875b93f3d5a0336d382ba48b8671eb2",
"status": "affected",
"version": "af224ca2df297440448b9d407d21b50982c6d532",
"versionType": "git"
},
{
"lessThan": "d7b5876a6e74cdf8468a478be6b23f2f5464ac7a",
"status": "affected",
"version": "af224ca2df297440448b9d407d21b50982c6d532",
"versionType": "git"
},
{
"lessThan": "e418d91195d29d5f9c9685ff309b92b04b41dc40",
"status": "affected",
"version": "af224ca2df297440448b9d407d21b50982c6d532",
"versionType": "git"
},
{
"lessThan": "76ed24a34223bb2c6b6162e1d8389ec4e602a290",
"status": "affected",
"version": "af224ca2df297440448b9d407d21b50982c6d532",
"versionType": "git"
},
{
"lessThan": "602babaa84d627923713acaf5f7e9a4369e77473",
"status": "affected",
"version": "af224ca2df297440448b9d407d21b50982c6d532",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/serial_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.170",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.115",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.57",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.229",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.170",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.115",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.57",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.4",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: protect uart_port_dtr_rts() in uart_shutdown() too\n\nCommit af224ca2df29 (serial: core: Prevent unsafe uart port access, part\n3) added few uport == NULL checks. It added one to uart_shutdown(), so\nthe commit assumes, uport can be NULL in there. But right after that\nprotection, there is an unprotected \"uart_port_dtr_rts(uport, false);\"\ncall. That is invoked only if HUPCL is set, so I assume that is the\nreason why we do not see lots of these reports.\n\nOr it cannot be NULL at this point at all for some reason :P.\n\nUntil the above is investigated, stay on the safe side and move this\ndereference to the if too.\n\nI got this inconsistency from Coverity under CID 1585130. Thanks."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:54:51.255Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2fe399bb8efd0d325ab1138cf8e3ecf23a39e96d"
},
{
"url": "https://git.kernel.org/stable/c/399927f0f875b93f3d5a0336d382ba48b8671eb2"
},
{
"url": "https://git.kernel.org/stable/c/d7b5876a6e74cdf8468a478be6b23f2f5464ac7a"
},
{
"url": "https://git.kernel.org/stable/c/e418d91195d29d5f9c9685ff309b92b04b41dc40"
},
{
"url": "https://git.kernel.org/stable/c/76ed24a34223bb2c6b6162e1d8389ec4e602a290"
},
{
"url": "https://git.kernel.org/stable/c/602babaa84d627923713acaf5f7e9a4369e77473"
}
],
"title": "serial: protect uart_port_dtr_rts() in uart_shutdown() too",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50058",
"datePublished": "2024-10-21T19:39:48.420Z",
"dateReserved": "2024-10-21T19:36:19.938Z",
"dateUpdated": "2026-01-05T10:54:51.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49883 (GCVE-0-2024-49883)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 22:22
VLAI?
EPSS
Title
ext4: aovid use-after-free in ext4_ext_insert_extent()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: aovid use-after-free in ext4_ext_insert_extent()
As Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is
reallocated in ext4_ext_create_new_leaf(), we'll use the stale path and
cause UAF. Below is a sample trace with dummy values:
ext4_ext_insert_extent
path = *ppath = 2000
ext4_ext_create_new_leaf(ppath)
ext4_find_extent(ppath)
path = *ppath = 2000
if (depth > path[0].p_maxdepth)
kfree(path = 2000);
*ppath = path = NULL;
path = kcalloc() = 3000
*ppath = 3000;
return path;
/* here path is still 2000, UAF! */
eh = path[depth].p_hdr
==================================================================
BUG: KASAN: slab-use-after-free in ext4_ext_insert_extent+0x26d4/0x3330
Read of size 8 at addr ffff8881027bf7d0 by task kworker/u36:1/179
CPU: 3 UID: 0 PID: 179 Comm: kworker/u6:1 Not tainted 6.11.0-rc2-dirty #866
Call Trace:
<TASK>
ext4_ext_insert_extent+0x26d4/0x3330
ext4_ext_map_blocks+0xe22/0x2d40
ext4_map_blocks+0x71e/0x1700
ext4_do_writepages+0x1290/0x2800
[...]
Allocated by task 179:
ext4_find_extent+0x81c/0x1f70
ext4_ext_map_blocks+0x146/0x2d40
ext4_map_blocks+0x71e/0x1700
ext4_do_writepages+0x1290/0x2800
ext4_writepages+0x26d/0x4e0
do_writepages+0x175/0x700
[...]
Freed by task 179:
kfree+0xcb/0x240
ext4_find_extent+0x7c0/0x1f70
ext4_ext_insert_extent+0xa26/0x3330
ext4_ext_map_blocks+0xe22/0x2d40
ext4_map_blocks+0x71e/0x1700
ext4_do_writepages+0x1290/0x2800
ext4_writepages+0x26d/0x4e0
do_writepages+0x175/0x700
[...]
==================================================================
So use *ppath to update the path to avoid the above problem.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
10809df84a4d868db61af621bae3658494165279 , < e17ebe4fdd7665c93ae9459ba40fcdfb76769ac1
(git)
Affected: 10809df84a4d868db61af621bae3658494165279 , < 975ca06f3fd154c5f7742083e7b2574c57d1c0c3 (git) Affected: 10809df84a4d868db61af621bae3658494165279 , < 5e811066c5ab709b070659197dccfb80ab650ddd (git) Affected: 10809df84a4d868db61af621bae3658494165279 , < 9df59009dfc6d9fc1bd9ddf6c5ab6e56d6ed887a (git) Affected: 10809df84a4d868db61af621bae3658494165279 , < 51db04892a993cace63415be99848970a0f15ef2 (git) Affected: 10809df84a4d868db61af621bae3658494165279 , < 8162ee5d94b8c0351be0a9321be134872a7654a1 (git) Affected: 10809df84a4d868db61af621bae3658494165279 , < beb7b66fb489041c50c6473100b383f7a51648fc (git) Affected: 10809df84a4d868db61af621bae3658494165279 , < bfed082ce4b1ce6349b05c09a0fa4f3da35ecb1b (git) Affected: 10809df84a4d868db61af621bae3658494165279 , < a164f3a432aae62ca23d03e6d926b122ee5b860d (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:45:23.101470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:50.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:49.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/extents.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e17ebe4fdd7665c93ae9459ba40fcdfb76769ac1",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "975ca06f3fd154c5f7742083e7b2574c57d1c0c3",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "5e811066c5ab709b070659197dccfb80ab650ddd",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "9df59009dfc6d9fc1bd9ddf6c5ab6e56d6ed887a",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "51db04892a993cace63415be99848970a0f15ef2",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "8162ee5d94b8c0351be0a9321be134872a7654a1",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "beb7b66fb489041c50c6473100b383f7a51648fc",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "bfed082ce4b1ce6349b05c09a0fa4f3da35ecb1b",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "a164f3a432aae62ca23d03e6d926b122ee5b860d",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/extents.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: aovid use-after-free in ext4_ext_insert_extent()\n\nAs Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is\nreallocated in ext4_ext_create_new_leaf(), we\u0027ll use the stale path and\ncause UAF. Below is a sample trace with dummy values:\n\next4_ext_insert_extent\n path = *ppath = 2000\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(ppath)\n path = *ppath = 2000\n if (depth \u003e path[0].p_maxdepth)\n kfree(path = 2000);\n *ppath = path = NULL;\n path = kcalloc() = 3000\n *ppath = 3000;\n return path;\n /* here path is still 2000, UAF! */\n eh = path[depth].p_hdr\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_ext_insert_extent+0x26d4/0x3330\nRead of size 8 at addr ffff8881027bf7d0 by task kworker/u36:1/179\nCPU: 3 UID: 0 PID: 179 Comm: kworker/u6:1 Not tainted 6.11.0-rc2-dirty #866\nCall Trace:\n \u003cTASK\u003e\n ext4_ext_insert_extent+0x26d4/0x3330\n ext4_ext_map_blocks+0xe22/0x2d40\n ext4_map_blocks+0x71e/0x1700\n ext4_do_writepages+0x1290/0x2800\n[...]\n\nAllocated by task 179:\n ext4_find_extent+0x81c/0x1f70\n ext4_ext_map_blocks+0x146/0x2d40\n ext4_map_blocks+0x71e/0x1700\n ext4_do_writepages+0x1290/0x2800\n ext4_writepages+0x26d/0x4e0\n do_writepages+0x175/0x700\n[...]\n\nFreed by task 179:\n kfree+0xcb/0x240\n ext4_find_extent+0x7c0/0x1f70\n ext4_ext_insert_extent+0xa26/0x3330\n ext4_ext_map_blocks+0xe22/0x2d40\n ext4_map_blocks+0x71e/0x1700\n ext4_do_writepages+0x1290/0x2800\n ext4_writepages+0x26d/0x4e0\n do_writepages+0x175/0x700\n[...]\n==================================================================\n\nSo use *ppath to update the path to avoid the above problem."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:40:24.275Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e17ebe4fdd7665c93ae9459ba40fcdfb76769ac1"
},
{
"url": "https://git.kernel.org/stable/c/975ca06f3fd154c5f7742083e7b2574c57d1c0c3"
},
{
"url": "https://git.kernel.org/stable/c/5e811066c5ab709b070659197dccfb80ab650ddd"
},
{
"url": "https://git.kernel.org/stable/c/9df59009dfc6d9fc1bd9ddf6c5ab6e56d6ed887a"
},
{
"url": "https://git.kernel.org/stable/c/51db04892a993cace63415be99848970a0f15ef2"
},
{
"url": "https://git.kernel.org/stable/c/8162ee5d94b8c0351be0a9321be134872a7654a1"
},
{
"url": "https://git.kernel.org/stable/c/beb7b66fb489041c50c6473100b383f7a51648fc"
},
{
"url": "https://git.kernel.org/stable/c/bfed082ce4b1ce6349b05c09a0fa4f3da35ecb1b"
},
{
"url": "https://git.kernel.org/stable/c/a164f3a432aae62ca23d03e6d926b122ee5b860d"
}
],
"title": "ext4: aovid use-after-free in ext4_ext_insert_extent()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49883",
"datePublished": "2024-10-21T18:01:20.827Z",
"dateReserved": "2024-10-21T12:17:06.021Z",
"dateUpdated": "2025-11-03T22:22:49.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50013 (GCVE-0-2024-50013)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:54 – Updated: 2025-11-03 22:24
VLAI?
EPSS
Title
exfat: fix memory leak in exfat_load_bitmap()
Summary
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix memory leak in exfat_load_bitmap()
If the first directory entry in the root directory is not a bitmap
directory entry, 'bh' will not be released and reassigned, which
will cause a memory leak.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
1e49a94cf707204b66a3fb242f2814712c941f52 , < f692160d3e1e5450605071b8df8f7d08d9b09a83
(git)
Affected: 1e49a94cf707204b66a3fb242f2814712c941f52 , < ddf704c2ce3b73f38d2dd8cf1bb0f7ec038bdf63 (git) Affected: 1e49a94cf707204b66a3fb242f2814712c941f52 , < 4e1813e52f86eb8db0c6c9570251f2fcbc571f5d (git) Affected: 1e49a94cf707204b66a3fb242f2814712c941f52 , < bf0b3b35259475d1fe377bcaa565488e26684f7a (git) Affected: 1e49a94cf707204b66a3fb242f2814712c941f52 , < dca359db1eb37f334267ebd7e3cab9a66d191d5b (git) Affected: 1e49a94cf707204b66a3fb242f2814712c941f52 , < 89081e8407e637463db5880d168e3652fb9f4330 (git) Affected: 1e49a94cf707204b66a3fb242f2814712c941f52 , < d2b537b3e533f28e0d97293fe9293161fe8cd137 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:28:23.211214Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:48.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:24:29.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/exfat/balloc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f692160d3e1e5450605071b8df8f7d08d9b09a83",
"status": "affected",
"version": "1e49a94cf707204b66a3fb242f2814712c941f52",
"versionType": "git"
},
{
"lessThan": "ddf704c2ce3b73f38d2dd8cf1bb0f7ec038bdf63",
"status": "affected",
"version": "1e49a94cf707204b66a3fb242f2814712c941f52",
"versionType": "git"
},
{
"lessThan": "4e1813e52f86eb8db0c6c9570251f2fcbc571f5d",
"status": "affected",
"version": "1e49a94cf707204b66a3fb242f2814712c941f52",
"versionType": "git"
},
{
"lessThan": "bf0b3b35259475d1fe377bcaa565488e26684f7a",
"status": "affected",
"version": "1e49a94cf707204b66a3fb242f2814712c941f52",
"versionType": "git"
},
{
"lessThan": "dca359db1eb37f334267ebd7e3cab9a66d191d5b",
"status": "affected",
"version": "1e49a94cf707204b66a3fb242f2814712c941f52",
"versionType": "git"
},
{
"lessThan": "89081e8407e637463db5880d168e3652fb9f4330",
"status": "affected",
"version": "1e49a94cf707204b66a3fb242f2814712c941f52",
"versionType": "git"
},
{
"lessThan": "d2b537b3e533f28e0d97293fe9293161fe8cd137",
"status": "affected",
"version": "1e49a94cf707204b66a3fb242f2814712c941f52",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/exfat/balloc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix memory leak in exfat_load_bitmap()\n\nIf the first directory entry in the root directory is not a bitmap\ndirectory entry, \u0027bh\u0027 will not be released and reassigned, which\nwill cause a memory leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:43:48.620Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f692160d3e1e5450605071b8df8f7d08d9b09a83"
},
{
"url": "https://git.kernel.org/stable/c/ddf704c2ce3b73f38d2dd8cf1bb0f7ec038bdf63"
},
{
"url": "https://git.kernel.org/stable/c/4e1813e52f86eb8db0c6c9570251f2fcbc571f5d"
},
{
"url": "https://git.kernel.org/stable/c/bf0b3b35259475d1fe377bcaa565488e26684f7a"
},
{
"url": "https://git.kernel.org/stable/c/dca359db1eb37f334267ebd7e3cab9a66d191d5b"
},
{
"url": "https://git.kernel.org/stable/c/89081e8407e637463db5880d168e3652fb9f4330"
},
{
"url": "https://git.kernel.org/stable/c/d2b537b3e533f28e0d97293fe9293161fe8cd137"
}
],
"title": "exfat: fix memory leak in exfat_load_bitmap()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50013",
"datePublished": "2024-10-21T18:54:05.089Z",
"dateReserved": "2024-10-21T12:17:06.061Z",
"dateUpdated": "2025-11-03T22:24:29.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49000 (GCVE-0-2022-49000)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
for_each_pci_dev() is implemented by pci_get_device(). The comment of
pci_get_device() says that it will increase the reference count for the
returned pci_dev and also decrease the reference count for the input
pci_dev @from if it is not NULL.
If we break for_each_pci_dev() loop with pdev not NULL, we need to call
pci_dev_put() to decrease the reference count. Add the missing
pci_dev_put() before 'return true' to avoid reference count leak.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
89a6079df791aeace2044ea93be1b397195824ec , < 10ed7655a17f6a3eaecd1293830488259ccd5723
(git)
Affected: 89a6079df791aeace2044ea93be1b397195824ec , < b6eea8b2e858a20ad58ac62dc2de90fea2413f94 (git) Affected: 89a6079df791aeace2044ea93be1b397195824ec , < 17f67414718e6aba123335a33b7d15aa594fff34 (git) Affected: 89a6079df791aeace2044ea93be1b397195824ec , < afca9e19cc720bfafc75dc5ce429c185ca93f31d (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:15:17.821654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:40.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/intel/iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "10ed7655a17f6a3eaecd1293830488259ccd5723",
"status": "affected",
"version": "89a6079df791aeace2044ea93be1b397195824ec",
"versionType": "git"
},
{
"lessThan": "b6eea8b2e858a20ad58ac62dc2de90fea2413f94",
"status": "affected",
"version": "89a6079df791aeace2044ea93be1b397195824ec",
"versionType": "git"
},
{
"lessThan": "17f67414718e6aba123335a33b7d15aa594fff34",
"status": "affected",
"version": "89a6079df791aeace2044ea93be1b397195824ec",
"versionType": "git"
},
{
"lessThan": "afca9e19cc720bfafc75dc5ce429c185ca93f31d",
"status": "affected",
"version": "89a6079df791aeace2044ea93be1b397195824ec",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/intel/iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix PCI device refcount leak in has_external_pci()\n\nfor_each_pci_dev() is implemented by pci_get_device(). The comment of\npci_get_device() says that it will increase the reference count for the\nreturned pci_dev and also decrease the reference count for the input\npci_dev @from if it is not NULL.\n\nIf we break for_each_pci_dev() loop with pdev not NULL, we need to call\npci_dev_put() to decrease the reference count. Add the missing\npci_dev_put() before \u0027return true\u0027 to avoid reference count leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:47.892Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/10ed7655a17f6a3eaecd1293830488259ccd5723"
},
{
"url": "https://git.kernel.org/stable/c/b6eea8b2e858a20ad58ac62dc2de90fea2413f94"
},
{
"url": "https://git.kernel.org/stable/c/17f67414718e6aba123335a33b7d15aa594fff34"
},
{
"url": "https://git.kernel.org/stable/c/afca9e19cc720bfafc75dc5ce429c185ca93f31d"
}
],
"title": "iommu/vt-d: Fix PCI device refcount leak in has_external_pci()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49000",
"datePublished": "2024-10-21T20:06:14.753Z",
"dateReserved": "2024-08-22T01:27:53.642Z",
"dateUpdated": "2025-05-04T08:27:47.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49974 (GCVE-0-2024-49974)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
NFSD: Limit the number of concurrent async COPY operations
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Limit the number of concurrent async COPY operations
Nothing appears to limit the number of concurrent async COPY
operations that clients can start. In addition, AFAICT each async
COPY can copy an unlimited number of 4MB chunks, so can run for a
long time. Thus IMO async COPY can become a DoS vector.
Add a restriction mechanism that bounds the number of concurrent
background COPY operations. Start simple and try to be fair -- this
patch implements a per-namespace limit.
An async COPY request that occurs while this limit is exceeded gets
NFS4ERR_DELAY. The requesting client can choose to send the request
again after a delay or fall back to a traditional read/write style
copy.
If there is need to make the mechanism more sophisticated, we can
visit that in future patches.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < 9e52ff544e0bfa09ee339fd7b0937ee3c080c24e
(git)
Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < 43e46ee5efc03990b223f7aa8b77aa9c3d3acfdf (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < 7ea9260874b779637aff6d24c344b8ef4ac862a0 (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < ae267989b7b7933dfedcd26468d0a88fc3a9da9e (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < b4e21431a0db4854b5023cd5af001be557e6c3db (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < 6a488ad7745b8f64625c6d3a24ce7e448e83f11b (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < aadc3bbea163b6caaaebfdd2b6c4667fbc726752 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:33:23.238318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:45.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:54.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfsd/netns.h",
"fs/nfsd/nfs4proc.c",
"fs/nfsd/nfs4state.c",
"fs/nfsd/xdr4.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9e52ff544e0bfa09ee339fd7b0937ee3c080c24e",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
},
{
"lessThan": "43e46ee5efc03990b223f7aa8b77aa9c3d3acfdf",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
},
{
"lessThan": "7ea9260874b779637aff6d24c344b8ef4ac862a0",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
},
{
"lessThan": "ae267989b7b7933dfedcd26468d0a88fc3a9da9e",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
},
{
"lessThan": "b4e21431a0db4854b5023cd5af001be557e6c3db",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
},
{
"lessThan": "6a488ad7745b8f64625c6d3a24ce7e448e83f11b",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
},
{
"lessThan": "aadc3bbea163b6caaaebfdd2b6c4667fbc726752",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfsd/netns.h",
"fs/nfsd/nfs4proc.c",
"fs/nfsd/nfs4state.c",
"fs/nfsd/xdr4.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.119",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.231",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.119",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.63",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Limit the number of concurrent async COPY operations\n\nNothing appears to limit the number of concurrent async COPY\noperations that clients can start. In addition, AFAICT each async\nCOPY can copy an unlimited number of 4MB chunks, so can run for a\nlong time. Thus IMO async COPY can become a DoS vector.\n\nAdd a restriction mechanism that bounds the number of concurrent\nbackground COPY operations. Start simple and try to be fair -- this\npatch implements a per-namespace limit.\n\nAn async COPY request that occurs while this limit is exceeded gets\nNFS4ERR_DELAY. The requesting client can choose to send the request\nagain after a delay or fall back to a traditional read/write style\ncopy.\n\nIf there is need to make the mechanism more sophisticated, we can\nvisit that in future patches."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:33.931Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9e52ff544e0bfa09ee339fd7b0937ee3c080c24e"
},
{
"url": "https://git.kernel.org/stable/c/43e46ee5efc03990b223f7aa8b77aa9c3d3acfdf"
},
{
"url": "https://git.kernel.org/stable/c/7ea9260874b779637aff6d24c344b8ef4ac862a0"
},
{
"url": "https://git.kernel.org/stable/c/ae267989b7b7933dfedcd26468d0a88fc3a9da9e"
},
{
"url": "https://git.kernel.org/stable/c/b4e21431a0db4854b5023cd5af001be557e6c3db"
},
{
"url": "https://git.kernel.org/stable/c/6a488ad7745b8f64625c6d3a24ce7e448e83f11b"
},
{
"url": "https://git.kernel.org/stable/c/aadc3bbea163b6caaaebfdd2b6c4667fbc726752"
}
],
"title": "NFSD: Limit the number of concurrent async COPY operations",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49974",
"datePublished": "2024-10-21T18:02:22.392Z",
"dateReserved": "2024-10-21T12:17:06.052Z",
"dateUpdated": "2025-11-03T22:23:54.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47757 (GCVE-0-2024-47757)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
nilfs2: fix potential oob read in nilfs_btree_check_delete()
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential oob read in nilfs_btree_check_delete()
The function nilfs_btree_check_delete(), which checks whether degeneration
to direct mapping occurs before deleting a b-tree entry, causes memory
access outside the block buffer when retrieving the maximum key if the
root node has no entries.
This does not usually happen because b-tree mappings with 0 child nodes
are never created by mkfs.nilfs2 or nilfs2 itself. However, it can happen
if the b-tree root node read from a device is configured that way, so fix
this potential issue by adding a check for that case.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
17c76b0104e4a6513983777e1a17e0297a12b0c4 , < f3a9859767c7aea758976f5523903d247e585129
(git)
Affected: 17c76b0104e4a6513983777e1a17e0297a12b0c4 , < ed76d381dae125b81d09934e365391a656249da8 (git) Affected: 17c76b0104e4a6513983777e1a17e0297a12b0c4 , < d20674f31626e0596ae4c1d9401dfb6739b81b58 (git) Affected: 17c76b0104e4a6513983777e1a17e0297a12b0c4 , < c4f8554996e8ada3be872dfb8f60e93bcf15fb27 (git) Affected: 17c76b0104e4a6513983777e1a17e0297a12b0c4 , < a8abfda768b9f33630cfbc4af6c4214f1e5681b0 (git) Affected: 17c76b0104e4a6513983777e1a17e0297a12b0c4 , < 257f9e5185eb6de83377caea686c306e22e871f2 (git) Affected: 17c76b0104e4a6513983777e1a17e0297a12b0c4 , < a33e967b681e088a125b979975c93e3453e686cd (git) Affected: 17c76b0104e4a6513983777e1a17e0297a12b0c4 , < c4cbcc64bb31e67e02940ce060cc77f7180564cf (git) Affected: 17c76b0104e4a6513983777e1a17e0297a12b0c4 , < f9c96351aa6718b42a9f42eaf7adce0356bdb5e8 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:57:10.388189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:12.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:50.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/btree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f3a9859767c7aea758976f5523903d247e585129",
"status": "affected",
"version": "17c76b0104e4a6513983777e1a17e0297a12b0c4",
"versionType": "git"
},
{
"lessThan": "ed76d381dae125b81d09934e365391a656249da8",
"status": "affected",
"version": "17c76b0104e4a6513983777e1a17e0297a12b0c4",
"versionType": "git"
},
{
"lessThan": "d20674f31626e0596ae4c1d9401dfb6739b81b58",
"status": "affected",
"version": "17c76b0104e4a6513983777e1a17e0297a12b0c4",
"versionType": "git"
},
{
"lessThan": "c4f8554996e8ada3be872dfb8f60e93bcf15fb27",
"status": "affected",
"version": "17c76b0104e4a6513983777e1a17e0297a12b0c4",
"versionType": "git"
},
{
"lessThan": "a8abfda768b9f33630cfbc4af6c4214f1e5681b0",
"status": "affected",
"version": "17c76b0104e4a6513983777e1a17e0297a12b0c4",
"versionType": "git"
},
{
"lessThan": "257f9e5185eb6de83377caea686c306e22e871f2",
"status": "affected",
"version": "17c76b0104e4a6513983777e1a17e0297a12b0c4",
"versionType": "git"
},
{
"lessThan": "a33e967b681e088a125b979975c93e3453e686cd",
"status": "affected",
"version": "17c76b0104e4a6513983777e1a17e0297a12b0c4",
"versionType": "git"
},
{
"lessThan": "c4cbcc64bb31e67e02940ce060cc77f7180564cf",
"status": "affected",
"version": "17c76b0104e4a6513983777e1a17e0297a12b0c4",
"versionType": "git"
},
{
"lessThan": "f9c96351aa6718b42a9f42eaf7adce0356bdb5e8",
"status": "affected",
"version": "17c76b0104e4a6513983777e1a17e0297a12b0c4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/btree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential oob read in nilfs_btree_check_delete()\n\nThe function nilfs_btree_check_delete(), which checks whether degeneration\nto direct mapping occurs before deleting a b-tree entry, causes memory\naccess outside the block buffer when retrieving the maximum key if the\nroot node has no entries.\n\nThis does not usually happen because b-tree mappings with 0 child nodes\nare never created by mkfs.nilfs2 or nilfs2 itself. However, it can happen\nif the b-tree root node read from a device is configured that way, so fix\nthis potential issue by adding a check for that case."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:39:13.580Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f3a9859767c7aea758976f5523903d247e585129"
},
{
"url": "https://git.kernel.org/stable/c/ed76d381dae125b81d09934e365391a656249da8"
},
{
"url": "https://git.kernel.org/stable/c/d20674f31626e0596ae4c1d9401dfb6739b81b58"
},
{
"url": "https://git.kernel.org/stable/c/c4f8554996e8ada3be872dfb8f60e93bcf15fb27"
},
{
"url": "https://git.kernel.org/stable/c/a8abfda768b9f33630cfbc4af6c4214f1e5681b0"
},
{
"url": "https://git.kernel.org/stable/c/257f9e5185eb6de83377caea686c306e22e871f2"
},
{
"url": "https://git.kernel.org/stable/c/a33e967b681e088a125b979975c93e3453e686cd"
},
{
"url": "https://git.kernel.org/stable/c/c4cbcc64bb31e67e02940ce060cc77f7180564cf"
},
{
"url": "https://git.kernel.org/stable/c/f9c96351aa6718b42a9f42eaf7adce0356bdb5e8"
}
],
"title": "nilfs2: fix potential oob read in nilfs_btree_check_delete()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47757",
"datePublished": "2024-10-21T12:14:20.419Z",
"dateReserved": "2024-09-30T16:00:12.962Z",
"dateUpdated": "2025-11-03T22:21:50.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47667 (GCVE-0-2024-47667)
Vulnerability from cvelistv5 – Published: 2024-10-09 14:13 – Updated: 2026-01-05 10:53
VLAI?
EPSS
Title
PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
Summary
In the Linux kernel, the following vulnerability has been resolved:
PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
Errata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0
(SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an
inbound PCIe TLP spans more than two internal AXI 128-byte bursts,
the bus may corrupt the packet payload and the corrupt data may
cause associated applications or the processor to hang.
The workaround for Errata #i2037 is to limit the maximum read
request size and maximum payload size to 128 bytes. Add workaround
for Errata #i2037 here.
The errata and workaround is applicable only to AM65x SR 1.0 and
later versions of the silicon will have this fixed.
[1] -> https://www.ti.com/lit/er/sprz452i/sprz452i.pdf
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
18b0415bc802a8bab5dedba5ae2757e83259e6ee , < cfb006e185f64edbbdf7869eac352442bc76b8f6
(git)
Affected: 18b0415bc802a8bab5dedba5ae2757e83259e6ee , < ebbdbbc580c1695dec283d0ba6448729dc993246 (git) Affected: 18b0415bc802a8bab5dedba5ae2757e83259e6ee , < 135843c351c08df72bdd4b4ebea53c8052a76881 (git) Affected: 18b0415bc802a8bab5dedba5ae2757e83259e6ee , < af218c803fe298ddf00abef331aa526b20d7ea61 (git) Affected: 18b0415bc802a8bab5dedba5ae2757e83259e6ee , < 576d0fb6f8d4bd4695e70eee173a1b9c7bae9572 (git) Affected: 18b0415bc802a8bab5dedba5ae2757e83259e6ee , < dd47051c76c8acd8cb983f01b4d1265da29cb66a (git) Affected: 18b0415bc802a8bab5dedba5ae2757e83259e6ee , < 86f271f22bbb6391410a07e08d6ca3757fda01fa (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T13:21:25.873788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T13:21:40.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:20:31.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pci/controller/dwc/pci-keystone.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cfb006e185f64edbbdf7869eac352442bc76b8f6",
"status": "affected",
"version": "18b0415bc802a8bab5dedba5ae2757e83259e6ee",
"versionType": "git"
},
{
"lessThan": "ebbdbbc580c1695dec283d0ba6448729dc993246",
"status": "affected",
"version": "18b0415bc802a8bab5dedba5ae2757e83259e6ee",
"versionType": "git"
},
{
"lessThan": "135843c351c08df72bdd4b4ebea53c8052a76881",
"status": "affected",
"version": "18b0415bc802a8bab5dedba5ae2757e83259e6ee",
"versionType": "git"
},
{
"lessThan": "af218c803fe298ddf00abef331aa526b20d7ea61",
"status": "affected",
"version": "18b0415bc802a8bab5dedba5ae2757e83259e6ee",
"versionType": "git"
},
{
"lessThan": "576d0fb6f8d4bd4695e70eee173a1b9c7bae9572",
"status": "affected",
"version": "18b0415bc802a8bab5dedba5ae2757e83259e6ee",
"versionType": "git"
},
{
"lessThan": "dd47051c76c8acd8cb983f01b4d1265da29cb66a",
"status": "affected",
"version": "18b0415bc802a8bab5dedba5ae2757e83259e6ee",
"versionType": "git"
},
{
"lessThan": "86f271f22bbb6391410a07e08d6ca3757fda01fa",
"status": "affected",
"version": "18b0415bc802a8bab5dedba5ae2757e83259e6ee",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pci/controller/dwc/pci-keystone.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.110",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)\n\nErrata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0\n(SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an\ninbound PCIe TLP spans more than two internal AXI 128-byte bursts,\nthe bus may corrupt the packet payload and the corrupt data may\ncause associated applications or the processor to hang.\n\nThe workaround for Errata #i2037 is to limit the maximum read\nrequest size and maximum payload size to 128 bytes. Add workaround\nfor Errata #i2037 here.\n\nThe errata and workaround is applicable only to AM65x SR 1.0 and\nlater versions of the silicon will have this fixed.\n\n[1] -\u003e https://www.ti.com/lit/er/sprz452i/sprz452i.pdf"
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:53:50.473Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cfb006e185f64edbbdf7869eac352442bc76b8f6"
},
{
"url": "https://git.kernel.org/stable/c/ebbdbbc580c1695dec283d0ba6448729dc993246"
},
{
"url": "https://git.kernel.org/stable/c/135843c351c08df72bdd4b4ebea53c8052a76881"
},
{
"url": "https://git.kernel.org/stable/c/af218c803fe298ddf00abef331aa526b20d7ea61"
},
{
"url": "https://git.kernel.org/stable/c/576d0fb6f8d4bd4695e70eee173a1b9c7bae9572"
},
{
"url": "https://git.kernel.org/stable/c/dd47051c76c8acd8cb983f01b4d1265da29cb66a"
},
{
"url": "https://git.kernel.org/stable/c/86f271f22bbb6391410a07e08d6ca3757fda01fa"
}
],
"title": "PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47667",
"datePublished": "2024-10-09T14:13:59.522Z",
"dateReserved": "2024-09-30T16:00:12.936Z",
"dateUpdated": "2026-01-05T10:53:50.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50023 (GCVE-0-2024-50023)
Vulnerability from cvelistv5 – Published: 2024-10-21 19:39 – Updated: 2025-05-04 09:44
VLAI?
EPSS
Title
net: phy: Remove LED entry from LEDs list on unregister
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: phy: Remove LED entry from LEDs list on unregister
Commit c938ab4da0eb ("net: phy: Manual remove LEDs to ensure correct
ordering") correctly fixed a problem with using devm_ but missed
removing the LED entry from the LEDs list.
This cause kernel panic on specific scenario where the port for the PHY
is torn down and up and the kmod for the PHY is removed.
On setting the port down the first time, the assosiacted LEDs are
correctly unregistered. The associated kmod for the PHY is now removed.
The kmod is now added again and the port is now put up, the associated LED
are registered again.
On putting the port down again for the second time after these step, the
LED list now have 4 elements. With the first 2 already unregistered
previously and the 2 new one registered again.
This cause a kernel panic as the first 2 element should have been
removed.
Fix this by correctly removing the element when LED is unregistered.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
c938ab4da0eb1620ae3243b0b24c572ddfc318fc , < 143ffa7878e2d9d9c3836ee8304ce4930f7852a3
(git)
Affected: c938ab4da0eb1620ae3243b0b24c572ddfc318fc , < fba363f4d244269a0ba7abb8df953a244c6749af (git) Affected: c938ab4da0eb1620ae3243b0b24c572ddfc318fc , < f50b5d74c68e551667e265123659b187a30fe3a5 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:27:08.188732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:46.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/phy/phy_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "143ffa7878e2d9d9c3836ee8304ce4930f7852a3",
"status": "affected",
"version": "c938ab4da0eb1620ae3243b0b24c572ddfc318fc",
"versionType": "git"
},
{
"lessThan": "fba363f4d244269a0ba7abb8df953a244c6749af",
"status": "affected",
"version": "c938ab4da0eb1620ae3243b0b24c572ddfc318fc",
"versionType": "git"
},
{
"lessThan": "f50b5d74c68e551667e265123659b187a30fe3a5",
"status": "affected",
"version": "c938ab4da0eb1620ae3243b0b24c572ddfc318fc",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/phy/phy_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.57",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.57",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.4",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Remove LED entry from LEDs list on unregister\n\nCommit c938ab4da0eb (\"net: phy: Manual remove LEDs to ensure correct\nordering\") correctly fixed a problem with using devm_ but missed\nremoving the LED entry from the LEDs list.\n\nThis cause kernel panic on specific scenario where the port for the PHY\nis torn down and up and the kmod for the PHY is removed.\n\nOn setting the port down the first time, the assosiacted LEDs are\ncorrectly unregistered. The associated kmod for the PHY is now removed.\nThe kmod is now added again and the port is now put up, the associated LED\nare registered again.\nOn putting the port down again for the second time after these step, the\nLED list now have 4 elements. With the first 2 already unregistered\npreviously and the 2 new one registered again.\n\nThis cause a kernel panic as the first 2 element should have been\nremoved.\n\nFix this by correctly removing the element when LED is unregistered."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:44:02.404Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/143ffa7878e2d9d9c3836ee8304ce4930f7852a3"
},
{
"url": "https://git.kernel.org/stable/c/fba363f4d244269a0ba7abb8df953a244c6749af"
},
{
"url": "https://git.kernel.org/stable/c/f50b5d74c68e551667e265123659b187a30fe3a5"
}
],
"title": "net: phy: Remove LED entry from LEDs list on unregister",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50023",
"datePublished": "2024-10-21T19:39:28.524Z",
"dateReserved": "2024-10-21T12:17:06.065Z",
"dateUpdated": "2025-05-04T09:44:02.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48947 (GCVE-0-2022-48947)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-12-23 13:21
VLAI?
EPSS
Title
Bluetooth: L2CAP: Fix u8 overflow
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: L2CAP: Fix u8 overflow
By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases
multiple times and eventually it will wrap around the maximum number
(i.e., 255).
This patch prevents this by adding a boundary check with
L2CAP_MAX_CONF_RSP
Btmon log:
Bluetooth monitor ver 5.64
= Note: Linux version 6.1.0-rc2 (x86_64) 0.264594
= Note: Bluetooth subsystem version 2.22 0.264636
@ MGMT Open: btmon (privileged) version 1.22 {0x0001} 0.272191
= New Index: 00:00:00:00:00:00 (Primary,Virtual,hci0) [hci0] 13.877604
@ RAW Open: 9496 (privileged) version 2.22 {0x0002} 13.890741
= Open Index: 00:00:00:00:00:00 [hci0] 13.900426
(...)
> ACL Data RX: Handle 200 flags 0x00 dlen 1033 #32 [hci0] 14.273106
invalid packet size (12 != 1033)
08 00 01 00 02 01 04 00 01 10 ff ff ............
> ACL Data RX: Handle 200 flags 0x00 dlen 1547 #33 [hci0] 14.273561
invalid packet size (14 != 1547)
0a 00 01 00 04 01 06 00 40 00 00 00 00 00 ........@.....
> ACL Data RX: Handle 200 flags 0x00 dlen 2061 #34 [hci0] 14.274390
invalid packet size (16 != 2061)
0c 00 01 00 04 01 08 00 40 00 00 00 00 00 00 04 ........@.......
> ACL Data RX: Handle 200 flags 0x00 dlen 2061 #35 [hci0] 14.274932
invalid packet size (16 != 2061)
0c 00 01 00 04 01 08 00 40 00 00 00 07 00 03 00 ........@.......
= bluetoothd: Bluetooth daemon 5.43 14.401828
> ACL Data RX: Handle 200 flags 0x00 dlen 1033 #36 [hci0] 14.275753
invalid packet size (12 != 1033)
08 00 01 00 04 01 04 00 40 00 00 00 ........@...
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
f2fcfcd670257236ebf2088bbdf26f6a8ef459fe , < 49d5867819ab7c744852b45509e8469839c07e0e
(git)
Affected: f2fcfcd670257236ebf2088bbdf26f6a8ef459fe , < 95f1847a361c7b4bf7d74c06ecb6968455082c1a (git) Affected: f2fcfcd670257236ebf2088bbdf26f6a8ef459fe , < ad528fde0702903208d0a79d88d5a42ae3fc235b (git) Affected: f2fcfcd670257236ebf2088bbdf26f6a8ef459fe , < 9fdc79b571434af7bc742da40a3405f038b637a7 (git) Affected: f2fcfcd670257236ebf2088bbdf26f6a8ef459fe , < f3fe6817156a2ad4b06f01afab04638a34d7c9a6 (git) Affected: f2fcfcd670257236ebf2088bbdf26f6a8ef459fe , < 19a78143961a197de8502f4f29c453b913dc3c29 (git) Affected: f2fcfcd670257236ebf2088bbdf26f6a8ef459fe , < 5550bbf709c323194881737fd290c4bada9e6ead (git) Affected: f2fcfcd670257236ebf2088bbdf26f6a8ef459fe , < bcd70260ef56e0aee8a4fc6cd214a419900b0765 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:22:07.757358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:41.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/l2cap_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "49d5867819ab7c744852b45509e8469839c07e0e",
"status": "affected",
"version": "f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
"versionType": "git"
},
{
"lessThan": "95f1847a361c7b4bf7d74c06ecb6968455082c1a",
"status": "affected",
"version": "f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
"versionType": "git"
},
{
"lessThan": "ad528fde0702903208d0a79d88d5a42ae3fc235b",
"status": "affected",
"version": "f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
"versionType": "git"
},
{
"lessThan": "9fdc79b571434af7bc742da40a3405f038b637a7",
"status": "affected",
"version": "f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
"versionType": "git"
},
{
"lessThan": "f3fe6817156a2ad4b06f01afab04638a34d7c9a6",
"status": "affected",
"version": "f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
"versionType": "git"
},
{
"lessThan": "19a78143961a197de8502f4f29c453b913dc3c29",
"status": "affected",
"version": "f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
"versionType": "git"
},
{
"lessThan": "5550bbf709c323194881737fd290c4bada9e6ead",
"status": "affected",
"version": "f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
"versionType": "git"
},
{
"lessThan": "bcd70260ef56e0aee8a4fc6cd214a419900b0765",
"status": "affected",
"version": "f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/l2cap_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.32"
},
{
"lessThan": "2.6.32",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.337",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.303",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.337",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.303",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.161",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.85",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.15",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "2.6.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix u8 overflow\n\nBy keep sending L2CAP_CONF_REQ packets, chan-\u003enum_conf_rsp increases\nmultiple times and eventually it will wrap around the maximum number\n(i.e., 255).\nThis patch prevents this by adding a boundary check with\nL2CAP_MAX_CONF_RSP\n\nBtmon log:\nBluetooth monitor ver 5.64\n= Note: Linux version 6.1.0-rc2 (x86_64) 0.264594\n= Note: Bluetooth subsystem version 2.22 0.264636\n@ MGMT Open: btmon (privileged) version 1.22 {0x0001} 0.272191\n= New Index: 00:00:00:00:00:00 (Primary,Virtual,hci0) [hci0] 13.877604\n@ RAW Open: 9496 (privileged) version 2.22 {0x0002} 13.890741\n= Open Index: 00:00:00:00:00:00 [hci0] 13.900426\n(...)\n\u003e ACL Data RX: Handle 200 flags 0x00 dlen 1033 #32 [hci0] 14.273106\n invalid packet size (12 != 1033)\n 08 00 01 00 02 01 04 00 01 10 ff ff ............\n\u003e ACL Data RX: Handle 200 flags 0x00 dlen 1547 #33 [hci0] 14.273561\n invalid packet size (14 != 1547)\n 0a 00 01 00 04 01 06 00 40 00 00 00 00 00 ........@.....\n\u003e ACL Data RX: Handle 200 flags 0x00 dlen 2061 #34 [hci0] 14.274390\n invalid packet size (16 != 2061)\n 0c 00 01 00 04 01 08 00 40 00 00 00 00 00 00 04 ........@.......\n\u003e ACL Data RX: Handle 200 flags 0x00 dlen 2061 #35 [hci0] 14.274932\n invalid packet size (16 != 2061)\n 0c 00 01 00 04 01 08 00 40 00 00 00 07 00 03 00 ........@.......\n= bluetoothd: Bluetooth daemon 5.43 14.401828\n\u003e ACL Data RX: Handle 200 flags 0x00 dlen 1033 #36 [hci0] 14.275753\n invalid packet size (12 != 1033)\n 08 00 01 00 04 01 04 00 40 00 00 00 ........@..."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T13:21:14.514Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/49d5867819ab7c744852b45509e8469839c07e0e"
},
{
"url": "https://git.kernel.org/stable/c/95f1847a361c7b4bf7d74c06ecb6968455082c1a"
},
{
"url": "https://git.kernel.org/stable/c/ad528fde0702903208d0a79d88d5a42ae3fc235b"
},
{
"url": "https://git.kernel.org/stable/c/9fdc79b571434af7bc742da40a3405f038b637a7"
},
{
"url": "https://git.kernel.org/stable/c/f3fe6817156a2ad4b06f01afab04638a34d7c9a6"
},
{
"url": "https://git.kernel.org/stable/c/19a78143961a197de8502f4f29c453b913dc3c29"
},
{
"url": "https://git.kernel.org/stable/c/5550bbf709c323194881737fd290c4bada9e6ead"
},
{
"url": "https://git.kernel.org/stable/c/bcd70260ef56e0aee8a4fc6cd214a419900b0765"
}
],
"title": "Bluetooth: L2CAP: Fix u8 overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48947",
"datePublished": "2024-10-21T20:05:36.491Z",
"dateReserved": "2024-08-22T01:27:53.624Z",
"dateUpdated": "2025-12-23T13:21:14.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46813 (GCVE-0-2024-46813)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-07-11 17:20
VLAI?
EPSS
Title
drm/amd/display: Check link_index before accessing dc->links[]
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check link_index before accessing dc->links[]
[WHY & HOW]
dc->links[] has max size of MAX_LINKS and NULL is return when trying to
access with out-of-bound index.
This fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 032c5407a608ac3b2a98bf4fbda27d12c20c5887
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < ac04759b4a002969cf0f1384f1b8bb2001cfa782 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 8aa2864044b9d13e95fe224f32e808afbf79ecdf (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:18:36.575115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:18:48.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "032c5407a608ac3b2a98bf4fbda27d12c20c5887",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "ac04759b4a002969cf0f1384f1b8bb2001cfa782",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "8aa2864044b9d13e95fe224f32e808afbf79ecdf",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.87",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_index before accessing dc-\u003elinks[]\n\n[WHY \u0026 HOW]\ndc-\u003elinks[] has max size of MAX_LINKS and NULL is return when trying to\naccess with out-of-bound index.\n\nThis fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:20:38.616Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/032c5407a608ac3b2a98bf4fbda27d12c20c5887"
},
{
"url": "https://git.kernel.org/stable/c/ac04759b4a002969cf0f1384f1b8bb2001cfa782"
},
{
"url": "https://git.kernel.org/stable/c/8aa2864044b9d13e95fe224f32e808afbf79ecdf"
}
],
"title": "drm/amd/display: Check link_index before accessing dc-\u003elinks[]",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46813",
"datePublished": "2024-09-27T12:35:55.786Z",
"dateReserved": "2024-09-11T15:12:18.283Z",
"dateUpdated": "2025-07-11T17:20:38.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46777 (GCVE-0-2024-46777)
Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2026-01-05 10:53
VLAI?
EPSS
Title
udf: Avoid excessive partition lengths
Summary
In the Linux kernel, the following vulnerability has been resolved:
udf: Avoid excessive partition lengths
Avoid mounting filesystems where the partition would overflow the
32-bits used for block number. Also refuse to mount filesystems where
the partition length is so large we cannot safely index bits in a
block bitmap.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c0c23130d38e8bc28e9ef581443de9b1fc749966
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1497a4484cdb2cf6c37960d788fb6ba67567bdb7 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 551966371e17912564bc387fbeb2ac13077c3db1 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2ddf831451357c6da4b64645eb797c93c1c054d1 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 0173999123082280cf904bd640015951f194a294 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a56330761950cb83de1dfb348479f20c56c95f90 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 925fd8ee80d5348a5e965548e5484d164d19221d (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ebbe26fd54a9621994bc16b14f2ba8f84c089693 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:39:05.257297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:39:19.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:18:17.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/udf/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c0c23130d38e8bc28e9ef581443de9b1fc749966",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1497a4484cdb2cf6c37960d788fb6ba67567bdb7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "551966371e17912564bc387fbeb2ac13077c3db1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2ddf831451357c6da4b64645eb797c93c1c054d1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0173999123082280cf904bd640015951f194a294",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a56330761950cb83de1dfb348479f20c56c95f90",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "925fd8ee80d5348a5e965548e5484d164d19221d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ebbe26fd54a9621994bc16b14f2ba8f84c089693",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/udf/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.322",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.322",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.110",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid excessive partition lengths\n\nAvoid mounting filesystems where the partition would overflow the\n32-bits used for block number. Also refuse to mount filesystems where\nthe partition length is so large we cannot safely index bits in a\nblock bitmap."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:53:18.029Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c0c23130d38e8bc28e9ef581443de9b1fc749966"
},
{
"url": "https://git.kernel.org/stable/c/1497a4484cdb2cf6c37960d788fb6ba67567bdb7"
},
{
"url": "https://git.kernel.org/stable/c/551966371e17912564bc387fbeb2ac13077c3db1"
},
{
"url": "https://git.kernel.org/stable/c/2ddf831451357c6da4b64645eb797c93c1c054d1"
},
{
"url": "https://git.kernel.org/stable/c/0173999123082280cf904bd640015951f194a294"
},
{
"url": "https://git.kernel.org/stable/c/a56330761950cb83de1dfb348479f20c56c95f90"
},
{
"url": "https://git.kernel.org/stable/c/925fd8ee80d5348a5e965548e5484d164d19221d"
},
{
"url": "https://git.kernel.org/stable/c/ebbe26fd54a9621994bc16b14f2ba8f84c089693"
}
],
"title": "udf: Avoid excessive partition lengths",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46777",
"datePublished": "2024-09-18T07:12:34.315Z",
"dateReserved": "2024-09-11T15:12:18.275Z",
"dateUpdated": "2026-01-05T10:53:18.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47664 (GCVE-0-2024-47664)
Vulnerability from cvelistv5 – Published: 2024-10-09 14:13 – Updated: 2025-05-04 09:36
VLAI?
EPSS
Title
spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware
Summary
In the Linux kernel, the following vulnerability has been resolved:
spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware
If the value of max_speed_hz is 0, it may cause a division by zero
error in hisi_calc_effective_speed().
The value of max_speed_hz is provided by firmware.
Firmware is generally considered as a trusted domain. However, as
division by zero errors can cause system failure, for defense measure,
the value of max_speed is validated here. So 0 is regarded as invalid
and an error code is returned.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
c770d8631e1810d8f1ce21b18ad5dd67eeb39e5c , < 16ccaf581da4fcf1e4d66086cf37263f9a656d43
(git)
Affected: c770d8631e1810d8f1ce21b18ad5dd67eeb39e5c , < ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc (git) Affected: c770d8631e1810d8f1ce21b18ad5dd67eeb39e5c , < 5127c42c77de18651aa9e8e0a3ced190103b449c (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T13:22:13.073715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T13:22:27.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi-hisi-kunpeng.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "16ccaf581da4fcf1e4d66086cf37263f9a656d43",
"status": "affected",
"version": "c770d8631e1810d8f1ce21b18ad5dd67eeb39e5c",
"versionType": "git"
},
{
"lessThan": "ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc",
"status": "affected",
"version": "c770d8631e1810d8f1ce21b18ad5dd67eeb39e5c",
"versionType": "git"
},
{
"lessThan": "5127c42c77de18651aa9e8e0a3ced190103b449c",
"status": "affected",
"version": "c770d8631e1810d8f1ce21b18ad5dd67eeb39e5c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi-hisi-kunpeng.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\n\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:36:42.722Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/16ccaf581da4fcf1e4d66086cf37263f9a656d43"
},
{
"url": "https://git.kernel.org/stable/c/ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc"
},
{
"url": "https://git.kernel.org/stable/c/5127c42c77de18651aa9e8e0a3ced190103b449c"
}
],
"title": "spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47664",
"datePublished": "2024-10-09T14:13:57.337Z",
"dateReserved": "2024-09-30T16:00:12.936Z",
"dateUpdated": "2025-05-04T09:36:42.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47744 (GCVE-0-2024-47744)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2025-05-04 09:38
VLAI?
EPSS
Title
KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock
Use a dedicated mutex to guard kvm_usage_count to fix a potential deadlock
on x86 due to a chain of locks and SRCU synchronizations. Translating the
below lockdep splat, CPU1 #6 will wait on CPU0 #1, CPU0 #8 will wait on
CPU2 #3, and CPU2 #7 will wait on CPU1 #4 (if there's a writer, due to the
fairness of r/w semaphores).
CPU0 CPU1 CPU2
1 lock(&kvm->slots_lock);
2 lock(&vcpu->mutex);
3 lock(&kvm->srcu);
4 lock(cpu_hotplug_lock);
5 lock(kvm_lock);
6 lock(&kvm->slots_lock);
7 lock(cpu_hotplug_lock);
8 sync(&kvm->srcu);
Note, there are likely more potential deadlocks in KVM x86, e.g. the same
pattern of taking cpu_hotplug_lock outside of kvm_lock likely exists with
__kvmclock_cpufreq_notifier():
cpuhp_cpufreq_online()
|
-> cpufreq_online()
|
-> cpufreq_gov_performance_limits()
|
-> __cpufreq_driver_target()
|
-> __target_index()
|
-> cpufreq_freq_transition_begin()
|
-> cpufreq_notify_transition()
|
-> ... __kvmclock_cpufreq_notifier()
But, actually triggering such deadlocks is beyond rare due to the
combination of dependencies and timings involved. E.g. the cpufreq
notifier is only used on older CPUs without a constant TSC, mucking with
the NX hugepage mitigation while VMs are running is very uncommon, and
doing so while also onlining/offlining a CPU (necessary to generate
contention on cpu_hotplug_lock) would be even more unusual.
The most robust solution to the general cpu_hotplug_lock issue is likely
to switch vm_list to be an RCU-protected list, e.g. so that x86's cpufreq
notifier doesn't to take kvm_lock. For now, settle for fixing the most
blatant deadlock, as switching to an RCU-protected list is a much more
involved change, but add a comment in locking.rst to call out that care
needs to be taken when walking holding kvm_lock and walking vm_list.
======================================================
WARNING: possible circular locking dependency detected
6.10.0-smp--c257535a0c9d-pip #330 Tainted: G S O
------------------------------------------------------
tee/35048 is trying to acquire lock:
ff6a80eced71e0a8 (&kvm->slots_lock){+.+.}-{3:3}, at: set_nx_huge_pages+0x179/0x1e0 [kvm]
but task is already holding lock:
ffffffffc07abb08 (kvm_lock){+.+.}-{3:3}, at: set_nx_huge_pages+0x14a/0x1e0 [kvm]
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (kvm_lock){+.+.}-{3:3}:
__mutex_lock+0x6a/0xb40
mutex_lock_nested+0x1f/0x30
kvm_dev_ioctl+0x4fb/0xe50 [kvm]
__se_sys_ioctl+0x7b/0xd0
__x64_sys_ioctl+0x21/0x30
x64_sys_call+0x15d0/0x2e60
do_syscall_64+0x83/0x160
entry_SYSCALL_64_after_hwframe+0x76/0x7e
-> #2 (cpu_hotplug_lock){++++}-{0:0}:
cpus_read_lock+0x2e/0xb0
static_key_slow_inc+0x16/0x30
kvm_lapic_set_base+0x6a/0x1c0 [kvm]
kvm_set_apic_base+0x8f/0xe0 [kvm]
kvm_set_msr_common+0x9ae/0xf80 [kvm]
vmx_set_msr+0xa54/0xbe0 [kvm_intel]
__kvm_set_msr+0xb6/0x1a0 [kvm]
kvm_arch_vcpu_ioctl+0xeca/0x10c0 [kvm]
kvm_vcpu_ioctl+0x485/0x5b0 [kvm]
__se_sys_ioctl+0x7b/0xd0
__x64_sys_ioctl+0x21/0x30
x64_sys_call+0x15d0/0x2e60
do_syscall_64+0x83/0x160
entry_SYSCALL_64_after_hwframe+0x76/0x7e
-> #1 (&kvm->srcu){.+.+}-{0:0}:
__synchronize_srcu+0x44/0x1a0
---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
0bf50497f03b3d892c470c7d1a10a3e9c3c95821 , < 4777225ec89f52bb9ca16a33cfb44c189f1b7b47
(git)
Affected: 0bf50497f03b3d892c470c7d1a10a3e9c3c95821 , < a2764afce521fd9fd7a5ff6ed52ac2095873128a (git) Affected: 0bf50497f03b3d892c470c7d1a10a3e9c3c95821 , < 760a196e6dcb29580e468b44b5400171dae184d8 (git) Affected: 0bf50497f03b3d892c470c7d1a10a3e9c3c95821 , < 44d17459626052a2390457e550a12cb973506b2f (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:58:48.680064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:14.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"Documentation/virt/kvm/locking.rst",
"virt/kvm/kvm_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4777225ec89f52bb9ca16a33cfb44c189f1b7b47",
"status": "affected",
"version": "0bf50497f03b3d892c470c7d1a10a3e9c3c95821",
"versionType": "git"
},
{
"lessThan": "a2764afce521fd9fd7a5ff6ed52ac2095873128a",
"status": "affected",
"version": "0bf50497f03b3d892c470c7d1a10a3e9c3c95821",
"versionType": "git"
},
{
"lessThan": "760a196e6dcb29580e468b44b5400171dae184d8",
"status": "affected",
"version": "0bf50497f03b3d892c470c7d1a10a3e9c3c95821",
"versionType": "git"
},
{
"lessThan": "44d17459626052a2390457e550a12cb973506b2f",
"status": "affected",
"version": "0bf50497f03b3d892c470c7d1a10a3e9c3c95821",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"Documentation/virt/kvm/locking.rst",
"virt/kvm/kvm_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock\n\nUse a dedicated mutex to guard kvm_usage_count to fix a potential deadlock\non x86 due to a chain of locks and SRCU synchronizations. Translating the\nbelow lockdep splat, CPU1 #6 will wait on CPU0 #1, CPU0 #8 will wait on\nCPU2 #3, and CPU2 #7 will wait on CPU1 #4 (if there\u0027s a writer, due to the\nfairness of r/w semaphores).\n\n CPU0 CPU1 CPU2\n1 lock(\u0026kvm-\u003eslots_lock);\n2 lock(\u0026vcpu-\u003emutex);\n3 lock(\u0026kvm-\u003esrcu);\n4 lock(cpu_hotplug_lock);\n5 lock(kvm_lock);\n6 lock(\u0026kvm-\u003eslots_lock);\n7 lock(cpu_hotplug_lock);\n8 sync(\u0026kvm-\u003esrcu);\n\nNote, there are likely more potential deadlocks in KVM x86, e.g. the same\npattern of taking cpu_hotplug_lock outside of kvm_lock likely exists with\n__kvmclock_cpufreq_notifier():\n\n cpuhp_cpufreq_online()\n |\n -\u003e cpufreq_online()\n |\n -\u003e cpufreq_gov_performance_limits()\n |\n -\u003e __cpufreq_driver_target()\n |\n -\u003e __target_index()\n |\n -\u003e cpufreq_freq_transition_begin()\n |\n -\u003e cpufreq_notify_transition()\n |\n -\u003e ... __kvmclock_cpufreq_notifier()\n\nBut, actually triggering such deadlocks is beyond rare due to the\ncombination of dependencies and timings involved. E.g. the cpufreq\nnotifier is only used on older CPUs without a constant TSC, mucking with\nthe NX hugepage mitigation while VMs are running is very uncommon, and\ndoing so while also onlining/offlining a CPU (necessary to generate\ncontention on cpu_hotplug_lock) would be even more unusual.\n\nThe most robust solution to the general cpu_hotplug_lock issue is likely\nto switch vm_list to be an RCU-protected list, e.g. so that x86\u0027s cpufreq\nnotifier doesn\u0027t to take kvm_lock. For now, settle for fixing the most\nblatant deadlock, as switching to an RCU-protected list is a much more\ninvolved change, but add a comment in locking.rst to call out that care\nneeds to be taken when walking holding kvm_lock and walking vm_list.\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 6.10.0-smp--c257535a0c9d-pip #330 Tainted: G S O\n ------------------------------------------------------\n tee/35048 is trying to acquire lock:\n ff6a80eced71e0a8 (\u0026kvm-\u003eslots_lock){+.+.}-{3:3}, at: set_nx_huge_pages+0x179/0x1e0 [kvm]\n\n but task is already holding lock:\n ffffffffc07abb08 (kvm_lock){+.+.}-{3:3}, at: set_nx_huge_pages+0x14a/0x1e0 [kvm]\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #3 (kvm_lock){+.+.}-{3:3}:\n __mutex_lock+0x6a/0xb40\n mutex_lock_nested+0x1f/0x30\n kvm_dev_ioctl+0x4fb/0xe50 [kvm]\n __se_sys_ioctl+0x7b/0xd0\n __x64_sys_ioctl+0x21/0x30\n x64_sys_call+0x15d0/0x2e60\n do_syscall_64+0x83/0x160\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n -\u003e #2 (cpu_hotplug_lock){++++}-{0:0}:\n cpus_read_lock+0x2e/0xb0\n static_key_slow_inc+0x16/0x30\n kvm_lapic_set_base+0x6a/0x1c0 [kvm]\n kvm_set_apic_base+0x8f/0xe0 [kvm]\n kvm_set_msr_common+0x9ae/0xf80 [kvm]\n vmx_set_msr+0xa54/0xbe0 [kvm_intel]\n __kvm_set_msr+0xb6/0x1a0 [kvm]\n kvm_arch_vcpu_ioctl+0xeca/0x10c0 [kvm]\n kvm_vcpu_ioctl+0x485/0x5b0 [kvm]\n __se_sys_ioctl+0x7b/0xd0\n __x64_sys_ioctl+0x21/0x30\n x64_sys_call+0x15d0/0x2e60\n do_syscall_64+0x83/0x160\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n -\u003e #1 (\u0026kvm-\u003esrcu){.+.+}-{0:0}:\n __synchronize_srcu+0x44/0x1a0\n \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:38:55.322Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4777225ec89f52bb9ca16a33cfb44c189f1b7b47"
},
{
"url": "https://git.kernel.org/stable/c/a2764afce521fd9fd7a5ff6ed52ac2095873128a"
},
{
"url": "https://git.kernel.org/stable/c/760a196e6dcb29580e468b44b5400171dae184d8"
},
{
"url": "https://git.kernel.org/stable/c/44d17459626052a2390457e550a12cb973506b2f"
}
],
"title": "KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47744",
"datePublished": "2024-10-21T12:14:11.830Z",
"dateReserved": "2024-09-30T16:00:12.960Z",
"dateUpdated": "2025-05-04T09:38:55.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48969 (GCVE-0-2022-48969)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
xen-netfront: Fix NULL sring after live migration
Summary
In the Linux kernel, the following vulnerability has been resolved:
xen-netfront: Fix NULL sring after live migration
A NAPI is setup for each network sring to poll data to kernel
The sring with source host is destroyed before live migration and
new sring with target host is setup after live migration.
The NAPI for the old sring is not deleted until setup new sring
with target host after migration. With busy_poll/busy_read enabled,
the NAPI can be polled before got deleted when resume VM.
BUG: unable to handle kernel NULL pointer dereference at
0000000000000008
IP: xennet_poll+0xae/0xd20
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
Call Trace:
finish_task_switch+0x71/0x230
timerqueue_del+0x1d/0x40
hrtimer_try_to_cancel+0xb5/0x110
xennet_alloc_rx_buffers+0x2a0/0x2a0
napi_busy_loop+0xdb/0x270
sock_poll+0x87/0x90
do_sys_poll+0x26f/0x580
tracing_map_insert+0x1d4/0x2f0
event_hist_trigger+0x14a/0x260
finish_task_switch+0x71/0x230
__schedule+0x256/0x890
recalc_sigpending+0x1b/0x50
xen_sched_clock+0x15/0x20
__rb_reserve_next+0x12d/0x140
ring_buffer_lock_reserve+0x123/0x3d0
event_triggers_call+0x87/0xb0
trace_event_buffer_commit+0x1c4/0x210
xen_clocksource_get_cycles+0x15/0x20
ktime_get_ts64+0x51/0xf0
SyS_ppoll+0x160/0x1a0
SyS_ppoll+0x160/0x1a0
do_syscall_64+0x73/0x130
entry_SYSCALL_64_after_hwframe+0x41/0xa6
...
RIP: xennet_poll+0xae/0xd20 RSP: ffffb4f041933900
CR2: 0000000000000008
---[ end trace f8601785b354351c ]---
xen frontend should remove the NAPIs for the old srings before live
migration as the bond srings are destroyed
There is a tiny window between the srings are set to NULL and
the NAPIs are disabled, It is safe as the NAPI threads are still
frozen at that time
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
4ec2411980d0fd2995e8dea8a06fe57aa47523cb , < 99859947517e446058ad7243ee81d2f9801fa3dd
(git)
Affected: 4ec2411980d0fd2995e8dea8a06fe57aa47523cb , < ed773dd798bf720756d20021b8d8a4a3d7184bda (git) Affected: 4ec2411980d0fd2995e8dea8a06fe57aa47523cb , < e6860c889f4ad50b6ab696f5ea154295d72cf27a (git) Affected: 4ec2411980d0fd2995e8dea8a06fe57aa47523cb , < e6e897d4fe2f89c0bd94600a40bedf5e6e75e050 (git) Affected: 4ec2411980d0fd2995e8dea8a06fe57aa47523cb , < f2dd60fd3fe98bd36a91b0c6e10bfe9d66258f84 (git) Affected: 4ec2411980d0fd2995e8dea8a06fe57aa47523cb , < d50b7914fae04d840ce36491d22133070b18cca9 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:19:22.834399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:38.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/xen-netfront.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "99859947517e446058ad7243ee81d2f9801fa3dd",
"status": "affected",
"version": "4ec2411980d0fd2995e8dea8a06fe57aa47523cb",
"versionType": "git"
},
{
"lessThan": "ed773dd798bf720756d20021b8d8a4a3d7184bda",
"status": "affected",
"version": "4ec2411980d0fd2995e8dea8a06fe57aa47523cb",
"versionType": "git"
},
{
"lessThan": "e6860c889f4ad50b6ab696f5ea154295d72cf27a",
"status": "affected",
"version": "4ec2411980d0fd2995e8dea8a06fe57aa47523cb",
"versionType": "git"
},
{
"lessThan": "e6e897d4fe2f89c0bd94600a40bedf5e6e75e050",
"status": "affected",
"version": "4ec2411980d0fd2995e8dea8a06fe57aa47523cb",
"versionType": "git"
},
{
"lessThan": "f2dd60fd3fe98bd36a91b0c6e10bfe9d66258f84",
"status": "affected",
"version": "4ec2411980d0fd2995e8dea8a06fe57aa47523cb",
"versionType": "git"
},
{
"lessThan": "d50b7914fae04d840ce36491d22133070b18cca9",
"status": "affected",
"version": "4ec2411980d0fd2995e8dea8a06fe57aa47523cb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/xen-netfront.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.24"
},
{
"lessThan": "2.6.24",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.269",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "2.6.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen-netfront: Fix NULL sring after live migration\n\nA NAPI is setup for each network sring to poll data to kernel\nThe sring with source host is destroyed before live migration and\nnew sring with target host is setup after live migration.\nThe NAPI for the old sring is not deleted until setup new sring\nwith target host after migration. With busy_poll/busy_read enabled,\nthe NAPI can be polled before got deleted when resume VM.\n\nBUG: unable to handle kernel NULL pointer dereference at\n0000000000000008\nIP: xennet_poll+0xae/0xd20\nPGD 0 P4D 0\nOops: 0000 [#1] SMP PTI\nCall Trace:\n finish_task_switch+0x71/0x230\n timerqueue_del+0x1d/0x40\n hrtimer_try_to_cancel+0xb5/0x110\n xennet_alloc_rx_buffers+0x2a0/0x2a0\n napi_busy_loop+0xdb/0x270\n sock_poll+0x87/0x90\n do_sys_poll+0x26f/0x580\n tracing_map_insert+0x1d4/0x2f0\n event_hist_trigger+0x14a/0x260\n\n finish_task_switch+0x71/0x230\n __schedule+0x256/0x890\n recalc_sigpending+0x1b/0x50\n xen_sched_clock+0x15/0x20\n __rb_reserve_next+0x12d/0x140\n ring_buffer_lock_reserve+0x123/0x3d0\n event_triggers_call+0x87/0xb0\n trace_event_buffer_commit+0x1c4/0x210\n xen_clocksource_get_cycles+0x15/0x20\n ktime_get_ts64+0x51/0xf0\n SyS_ppoll+0x160/0x1a0\n SyS_ppoll+0x160/0x1a0\n do_syscall_64+0x73/0x130\n entry_SYSCALL_64_after_hwframe+0x41/0xa6\n...\nRIP: xennet_poll+0xae/0xd20 RSP: ffffb4f041933900\nCR2: 0000000000000008\n---[ end trace f8601785b354351c ]---\n\nxen frontend should remove the NAPIs for the old srings before live\nmigration as the bond srings are destroyed\n\nThere is a tiny window between the srings are set to NULL and\nthe NAPIs are disabled, It is safe as the NAPI threads are still\nfrozen at that time"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:08.316Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/99859947517e446058ad7243ee81d2f9801fa3dd"
},
{
"url": "https://git.kernel.org/stable/c/ed773dd798bf720756d20021b8d8a4a3d7184bda"
},
{
"url": "https://git.kernel.org/stable/c/e6860c889f4ad50b6ab696f5ea154295d72cf27a"
},
{
"url": "https://git.kernel.org/stable/c/e6e897d4fe2f89c0bd94600a40bedf5e6e75e050"
},
{
"url": "https://git.kernel.org/stable/c/f2dd60fd3fe98bd36a91b0c6e10bfe9d66258f84"
},
{
"url": "https://git.kernel.org/stable/c/d50b7914fae04d840ce36491d22133070b18cca9"
}
],
"title": "xen-netfront: Fix NULL sring after live migration",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48969",
"datePublished": "2024-10-21T20:05:51.051Z",
"dateReserved": "2024-08-22T01:27:53.629Z",
"dateUpdated": "2025-05-04T08:27:08.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49935 (GCVE-0-2024-49935)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2026-01-05 10:54
VLAI?
EPSS
Title
ACPI: PAD: fix crash in exit_round_robin()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ACPI: PAD: fix crash in exit_round_robin()
The kernel occasionally crashes in cpumask_clear_cpu(), which is called
within exit_round_robin(), because when executing clear_bit(nr, addr) with
nr set to 0xffffffff, the address calculation may cause misalignment within
the memory, leading to access to an invalid memory address.
----------
BUG: unable to handle kernel paging request at ffffffffe0740618
...
CPU: 3 PID: 2919323 Comm: acpi_pad/14 Kdump: loaded Tainted: G OE X --------- - - 4.18.0-425.19.2.el8_7.x86_64 #1
...
RIP: 0010:power_saving_thread+0x313/0x411 [acpi_pad]
Code: 89 cd 48 89 d3 eb d1 48 c7 c7 55 70 72 c0 e8 64 86 b0 e4 c6 05 0d a1 02 00 01 e9 bc fd ff ff 45 89 e4 42 8b 04 a5 20 82 72 c0 <f0> 48 0f b3 05 f4 9c 01 00 42 c7 04 a5 20 82 72 c0 ff ff ff ff 31
RSP: 0018:ff72a5d51fa77ec8 EFLAGS: 00010202
RAX: 00000000ffffffff RBX: ff462981e5d8cb80 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000246
RBP: ff46297556959d80 R08: 0000000000000382 R09: ff46297c8d0f38d8
R10: 0000000000000000 R11: 0000000000000001 R12: 000000000000000e
R13: 0000000000000000 R14: ffffffffffffffff R15: 000000000000000e
FS: 0000000000000000(0000) GS:ff46297a800c0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffe0740618 CR3: 0000007e20410004 CR4: 0000000000771ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
? acpi_pad_add+0x120/0x120 [acpi_pad]
kthread+0x10b/0x130
? set_kthread_struct+0x50/0x50
ret_from_fork+0x1f/0x40
...
CR2: ffffffffe0740618
crash> dis -lr ffffffffc0726923
...
/usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./include/linux/cpumask.h: 114
0xffffffffc0726918 <power_saving_thread+776>: mov %r12d,%r12d
/usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./include/linux/cpumask.h: 325
0xffffffffc072691b <power_saving_thread+779>: mov -0x3f8d7de0(,%r12,4),%eax
/usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./arch/x86/include/asm/bitops.h: 80
0xffffffffc0726923 <power_saving_thread+787>: lock btr %rax,0x19cf4(%rip) # 0xffffffffc0740620 <pad_busy_cpus_bits>
crash> px tsk_in_cpu[14]
$66 = 0xffffffff
crash> px 0xffffffffc072692c+0x19cf4
$99 = 0xffffffffc0740620
crash> sym 0xffffffffc0740620
ffffffffc0740620 (b) pad_busy_cpus_bits [acpi_pad]
crash> px pad_busy_cpus_bits[0]
$42 = 0xfffc0
----------
To fix this, ensure that tsk_in_cpu[tsk_index] != -1 before calling
cpumask_clear_cpu() in exit_round_robin(), just as it is done in
round_robin_cpu().
[ rjw: Subject edit, avoid updates to the same value ]
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
8e0af5141ab950b78b3ebbfaded5439dcf8b3a8d , < 82191a21a0dedc8c64e14f07f5d568d09bc4b331
(git)
Affected: 8e0af5141ab950b78b3ebbfaded5439dcf8b3a8d , < d214ffa6eb39c08d18a460124dd7ba318dc56f33 (git) Affected: 8e0af5141ab950b78b3ebbfaded5439dcf8b3a8d , < 92e5661b7d0727ab912b76625a88b33fdb9b609a (git) Affected: 8e0af5141ab950b78b3ebbfaded5439dcf8b3a8d , < 68a599da16ebad442ce295d8d2d5c488e3992822 (git) Affected: 8e0af5141ab950b78b3ebbfaded5439dcf8b3a8d , < 68a8e45743d6a120f863fb14b72dc59616597019 (git) Affected: 8e0af5141ab950b78b3ebbfaded5439dcf8b3a8d , < 03593dbb0b272ef7b0358b099841e65735422aca (git) Affected: 8e0af5141ab950b78b3ebbfaded5439dcf8b3a8d , < 27c045f868f0e5052c6b532868a65e0cd250c8fc (git) Affected: 8e0af5141ab950b78b3ebbfaded5439dcf8b3a8d , < 0a2ed70a549e61c5181bad5db418d223b68ae932 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:38:31.252329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:51.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:19.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/acpi/acpi_pad.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "82191a21a0dedc8c64e14f07f5d568d09bc4b331",
"status": "affected",
"version": "8e0af5141ab950b78b3ebbfaded5439dcf8b3a8d",
"versionType": "git"
},
{
"lessThan": "d214ffa6eb39c08d18a460124dd7ba318dc56f33",
"status": "affected",
"version": "8e0af5141ab950b78b3ebbfaded5439dcf8b3a8d",
"versionType": "git"
},
{
"lessThan": "92e5661b7d0727ab912b76625a88b33fdb9b609a",
"status": "affected",
"version": "8e0af5141ab950b78b3ebbfaded5439dcf8b3a8d",
"versionType": "git"
},
{
"lessThan": "68a599da16ebad442ce295d8d2d5c488e3992822",
"status": "affected",
"version": "8e0af5141ab950b78b3ebbfaded5439dcf8b3a8d",
"versionType": "git"
},
{
"lessThan": "68a8e45743d6a120f863fb14b72dc59616597019",
"status": "affected",
"version": "8e0af5141ab950b78b3ebbfaded5439dcf8b3a8d",
"versionType": "git"
},
{
"lessThan": "03593dbb0b272ef7b0358b099841e65735422aca",
"status": "affected",
"version": "8e0af5141ab950b78b3ebbfaded5439dcf8b3a8d",
"versionType": "git"
},
{
"lessThan": "27c045f868f0e5052c6b532868a65e0cd250c8fc",
"status": "affected",
"version": "8e0af5141ab950b78b3ebbfaded5439dcf8b3a8d",
"versionType": "git"
},
{
"lessThan": "0a2ed70a549e61c5181bad5db418d223b68ae932",
"status": "affected",
"version": "8e0af5141ab950b78b3ebbfaded5439dcf8b3a8d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/acpi/acpi_pad.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.32"
},
{
"lessThan": "2.6.32",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.296",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.240",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.296",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.240",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: PAD: fix crash in exit_round_robin()\n\nThe kernel occasionally crashes in cpumask_clear_cpu(), which is called\nwithin exit_round_robin(), because when executing clear_bit(nr, addr) with\nnr set to 0xffffffff, the address calculation may cause misalignment within\nthe memory, leading to access to an invalid memory address.\n\n----------\nBUG: unable to handle kernel paging request at ffffffffe0740618\n ...\nCPU: 3 PID: 2919323 Comm: acpi_pad/14 Kdump: loaded Tainted: G OE X --------- - - 4.18.0-425.19.2.el8_7.x86_64 #1\n ...\nRIP: 0010:power_saving_thread+0x313/0x411 [acpi_pad]\nCode: 89 cd 48 89 d3 eb d1 48 c7 c7 55 70 72 c0 e8 64 86 b0 e4 c6 05 0d a1 02 00 01 e9 bc fd ff ff 45 89 e4 42 8b 04 a5 20 82 72 c0 \u003cf0\u003e 48 0f b3 05 f4 9c 01 00 42 c7 04 a5 20 82 72 c0 ff ff ff ff 31\nRSP: 0018:ff72a5d51fa77ec8 EFLAGS: 00010202\nRAX: 00000000ffffffff RBX: ff462981e5d8cb80 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000246\nRBP: ff46297556959d80 R08: 0000000000000382 R09: ff46297c8d0f38d8\nR10: 0000000000000000 R11: 0000000000000001 R12: 000000000000000e\nR13: 0000000000000000 R14: ffffffffffffffff R15: 000000000000000e\nFS: 0000000000000000(0000) GS:ff46297a800c0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffffe0740618 CR3: 0000007e20410004 CR4: 0000000000771ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n ? acpi_pad_add+0x120/0x120 [acpi_pad]\n kthread+0x10b/0x130\n ? set_kthread_struct+0x50/0x50\n ret_from_fork+0x1f/0x40\n ...\nCR2: ffffffffe0740618\n\ncrash\u003e dis -lr ffffffffc0726923\n ...\n/usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./include/linux/cpumask.h: 114\n0xffffffffc0726918 \u003cpower_saving_thread+776\u003e:\tmov %r12d,%r12d\n/usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./include/linux/cpumask.h: 325\n0xffffffffc072691b \u003cpower_saving_thread+779\u003e:\tmov -0x3f8d7de0(,%r12,4),%eax\n/usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./arch/x86/include/asm/bitops.h: 80\n0xffffffffc0726923 \u003cpower_saving_thread+787\u003e:\tlock btr %rax,0x19cf4(%rip) # 0xffffffffc0740620 \u003cpad_busy_cpus_bits\u003e\n\ncrash\u003e px tsk_in_cpu[14]\n$66 = 0xffffffff\n\ncrash\u003e px 0xffffffffc072692c+0x19cf4\n$99 = 0xffffffffc0740620\n\ncrash\u003e sym 0xffffffffc0740620\nffffffffc0740620 (b) pad_busy_cpus_bits [acpi_pad]\n\ncrash\u003e px pad_busy_cpus_bits[0]\n$42 = 0xfffc0\n----------\n\nTo fix this, ensure that tsk_in_cpu[tsk_index] != -1 before calling\ncpumask_clear_cpu() in exit_round_robin(), just as it is done in\nround_robin_cpu().\n\n[ rjw: Subject edit, avoid updates to the same value ]"
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:54:29.176Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/82191a21a0dedc8c64e14f07f5d568d09bc4b331"
},
{
"url": "https://git.kernel.org/stable/c/d214ffa6eb39c08d18a460124dd7ba318dc56f33"
},
{
"url": "https://git.kernel.org/stable/c/92e5661b7d0727ab912b76625a88b33fdb9b609a"
},
{
"url": "https://git.kernel.org/stable/c/68a599da16ebad442ce295d8d2d5c488e3992822"
},
{
"url": "https://git.kernel.org/stable/c/68a8e45743d6a120f863fb14b72dc59616597019"
},
{
"url": "https://git.kernel.org/stable/c/03593dbb0b272ef7b0358b099841e65735422aca"
},
{
"url": "https://git.kernel.org/stable/c/27c045f868f0e5052c6b532868a65e0cd250c8fc"
},
{
"url": "https://git.kernel.org/stable/c/0a2ed70a549e61c5181bad5db418d223b68ae932"
}
],
"title": "ACPI: PAD: fix crash in exit_round_robin()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49935",
"datePublished": "2024-10-21T18:01:56.404Z",
"dateReserved": "2024-10-21T12:17:06.042Z",
"dateUpdated": "2026-01-05T10:54:29.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46842 (GCVE-0-2024-46842)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:39 – Updated: 2026-01-05 10:53
VLAI?
EPSS
Title
scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
The MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the
routine unconditionally frees submitted mailbox commands regardless of
return status. The issue is that for MBX_TIMEOUT cases, when firmware
returns SFP information at a later time, that same mailbox memory region
references previously freed memory in its cmpl routine.
Fix by adding checks for the MBX_TIMEOUT return code. During mailbox
resource cleanup, check the mbox flag to make sure that the wait did not
timeout. If the MBOX_WAKE flag is not set, then do not free the resources
because it will be freed when firmware completes the mailbox at a later
time in its cmpl routine.
Also, increase the timeout from 30 to 60 seconds to accommodate boot
scripts requiring longer timeouts.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46842",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T13:59:24.823160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T13:59:29.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_els.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bba47fe3b038cca3d3ebd799665ce69d6d273b58",
"status": "affected",
"version": "479b0917e4477f49df2e3be454aac3cfa5dec171",
"versionType": "git"
},
{
"lessThan": "ede596b1434b57c0b3fd5c02b326efe5c54f6e48",
"status": "affected",
"version": "479b0917e4477f49df2e3be454aac3cfa5dec171",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_els.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info\n\nThe MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the\nroutine unconditionally frees submitted mailbox commands regardless of\nreturn status. The issue is that for MBX_TIMEOUT cases, when firmware\nreturns SFP information at a later time, that same mailbox memory region\nreferences previously freed memory in its cmpl routine.\n\nFix by adding checks for the MBX_TIMEOUT return code. During mailbox\nresource cleanup, check the mbox flag to make sure that the wait did not\ntimeout. If the MBOX_WAKE flag is not set, then do not free the resources\nbecause it will be freed when firmware completes the mailbox at a later\ntime in its cmpl routine.\n\nAlso, increase the timeout from 30 to 60 seconds to accommodate boot\nscripts requiring longer timeouts."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:53:38.168Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bba47fe3b038cca3d3ebd799665ce69d6d273b58"
},
{
"url": "https://git.kernel.org/stable/c/ede596b1434b57c0b3fd5c02b326efe5c54f6e48"
}
],
"title": "scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46842",
"datePublished": "2024-09-27T12:39:36.370Z",
"dateReserved": "2024-09-11T15:12:18.289Z",
"dateUpdated": "2026-01-05T10:53:38.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48956 (GCVE-0-2022-48956)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:26
VLAI?
EPSS
Title
ipv6: avoid use-after-free in ip6_fragment()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: avoid use-after-free in ip6_fragment()
Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers.
It seems to not be always true, at least for UDP stack.
syzbot reported:
BUG: KASAN: use-after-free in ip6_dst_idev include/net/ip6_fib.h:245 [inline]
BUG: KASAN: use-after-free in ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951
Read of size 8 at addr ffff88801d403e80 by task syz-executor.3/7618
CPU: 1 PID: 7618 Comm: syz-executor.3 Not tainted 6.1.0-rc6-syzkaller-00012-g4312098baf37 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:284 [inline]
print_report+0x15e/0x45d mm/kasan/report.c:395
kasan_report+0xbf/0x1f0 mm/kasan/report.c:495
ip6_dst_idev include/net/ip6_fib.h:245 [inline]
ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951
__ip6_finish_output net/ipv6/ip6_output.c:193 [inline]
ip6_finish_output+0x9a3/0x1170 net/ipv6/ip6_output.c:206
NF_HOOK_COND include/linux/netfilter.h:291 [inline]
ip6_output+0x1f1/0x540 net/ipv6/ip6_output.c:227
dst_output include/net/dst.h:445 [inline]
ip6_local_out+0xb3/0x1a0 net/ipv6/output_core.c:161
ip6_send_skb+0xbb/0x340 net/ipv6/ip6_output.c:1966
udp_v6_send_skb+0x82a/0x18a0 net/ipv6/udp.c:1286
udp_v6_push_pending_frames+0x140/0x200 net/ipv6/udp.c:1313
udpv6_sendmsg+0x18da/0x2c80 net/ipv6/udp.c:1606
inet6_sendmsg+0x9d/0xe0 net/ipv6/af_inet6.c:665
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0xd3/0x120 net/socket.c:734
sock_write_iter+0x295/0x3d0 net/socket.c:1108
call_write_iter include/linux/fs.h:2191 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x9ed/0xdd0 fs/read_write.c:584
ksys_write+0x1ec/0x250 fs/read_write.c:637
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fde3588c0d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fde365b6168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fde359ac050 RCX: 00007fde3588c0d9
RDX: 000000000000ffdc RSI: 00000000200000c0 RDI: 000000000000000a
RBP: 00007fde358e7ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fde35acfb1f R14: 00007fde365b6300 R15: 0000000000022000
</TASK>
Allocated by task 7618:
kasan_save_stack+0x22/0x40 mm/kasan/common.c:45
kasan_set_track+0x25/0x30 mm/kasan/common.c:52
__kasan_slab_alloc+0x82/0x90 mm/kasan/common.c:325
kasan_slab_alloc include/linux/kasan.h:201 [inline]
slab_post_alloc_hook mm/slab.h:737 [inline]
slab_alloc_node mm/slub.c:3398 [inline]
slab_alloc mm/slub.c:3406 [inline]
__kmem_cache_alloc_lru mm/slub.c:3413 [inline]
kmem_cache_alloc+0x2b4/0x3d0 mm/slub.c:3422
dst_alloc+0x14a/0x1f0 net/core/dst.c:92
ip6_dst_alloc+0x32/0xa0 net/ipv6/route.c:344
ip6_rt_pcpu_alloc net/ipv6/route.c:1369 [inline]
rt6_make_pcpu_route net/ipv6/route.c:1417 [inline]
ip6_pol_route+0x901/0x1190 net/ipv6/route.c:2254
pol_lookup_func include/net/ip6_fib.h:582 [inline]
fib6_rule_lookup+0x52e/0x6f0 net/ipv6/fib6_rules.c:121
ip6_route_output_flags_noref+0x2e6/0x380 net/ipv6/route.c:2625
ip6_route_output_flags+0x76/0x320 net/ipv6/route.c:2638
ip6_route_output include/net/ip6_route.h:98 [inline]
ip6_dst_lookup_tail+0x5ab/0x1620 net/ipv6/ip6_output.c:1092
ip6_dst_lookup_flow+0x90/0x1d0 net/ipv6/ip6_output.c:1222
ip6_sk_dst_lookup_flow+0x553/0x980 net/ipv6/ip6_output.c:1260
udpv6_sendmsg+0x151d/0x2c80 net/ipv6/udp.c:1554
inet6_sendmsg+0x9d/0xe0 net/ipv6/af_inet6.c:665
sock_sendmsg_nosec n
---truncated---
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
1758fd4688eb92c796e75bdb1d256dc558ef9581 , < b3d7ff8c04a83279fb7641fc4d5aa82a602df7c0
(git)
Affected: 1758fd4688eb92c796e75bdb1d256dc558ef9581 , < 7e0dcd5f3ade221a6126278aca60c8ab4cc3bce9 (git) Affected: 1758fd4688eb92c796e75bdb1d256dc558ef9581 , < 6b6d3be3661bff2746cab26147bd629aa034e094 (git) Affected: 1758fd4688eb92c796e75bdb1d256dc558ef9581 , < 8208d7e56b1e579320b9ff3712739ad2e63e1f86 (git) Affected: 1758fd4688eb92c796e75bdb1d256dc558ef9581 , < 7390c70bd431cbfa6951477e2c80a301643e284b (git) Affected: 1758fd4688eb92c796e75bdb1d256dc558ef9581 , < 9b1a468a455d8319041528778d0e684a4c062792 (git) Affected: 1758fd4688eb92c796e75bdb1d256dc558ef9581 , < 803e84867de59a1e5d126666d25eb4860cfd2ebe (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:21:00.418896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:39.848Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_output.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b3d7ff8c04a83279fb7641fc4d5aa82a602df7c0",
"status": "affected",
"version": "1758fd4688eb92c796e75bdb1d256dc558ef9581",
"versionType": "git"
},
{
"lessThan": "7e0dcd5f3ade221a6126278aca60c8ab4cc3bce9",
"status": "affected",
"version": "1758fd4688eb92c796e75bdb1d256dc558ef9581",
"versionType": "git"
},
{
"lessThan": "6b6d3be3661bff2746cab26147bd629aa034e094",
"status": "affected",
"version": "1758fd4688eb92c796e75bdb1d256dc558ef9581",
"versionType": "git"
},
{
"lessThan": "8208d7e56b1e579320b9ff3712739ad2e63e1f86",
"status": "affected",
"version": "1758fd4688eb92c796e75bdb1d256dc558ef9581",
"versionType": "git"
},
{
"lessThan": "7390c70bd431cbfa6951477e2c80a301643e284b",
"status": "affected",
"version": "1758fd4688eb92c796e75bdb1d256dc558ef9581",
"versionType": "git"
},
{
"lessThan": "9b1a468a455d8319041528778d0e684a4c062792",
"status": "affected",
"version": "1758fd4688eb92c796e75bdb1d256dc558ef9581",
"versionType": "git"
},
{
"lessThan": "803e84867de59a1e5d126666d25eb4860cfd2ebe",
"status": "affected",
"version": "1758fd4688eb92c796e75bdb1d256dc558ef9581",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_output.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.13"
},
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.302",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.269",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: avoid use-after-free in ip6_fragment()\n\nBlamed commit claimed rcu_read_lock() was held by ip6_fragment() callers.\n\nIt seems to not be always true, at least for UDP stack.\n\nsyzbot reported:\n\nBUG: KASAN: use-after-free in ip6_dst_idev include/net/ip6_fib.h:245 [inline]\nBUG: KASAN: use-after-free in ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951\nRead of size 8 at addr ffff88801d403e80 by task syz-executor.3/7618\n\nCPU: 1 PID: 7618 Comm: syz-executor.3 Not tainted 6.1.0-rc6-syzkaller-00012-g4312098baf37 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x15e/0x45d mm/kasan/report.c:395\n kasan_report+0xbf/0x1f0 mm/kasan/report.c:495\n ip6_dst_idev include/net/ip6_fib.h:245 [inline]\n ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951\n __ip6_finish_output net/ipv6/ip6_output.c:193 [inline]\n ip6_finish_output+0x9a3/0x1170 net/ipv6/ip6_output.c:206\n NF_HOOK_COND include/linux/netfilter.h:291 [inline]\n ip6_output+0x1f1/0x540 net/ipv6/ip6_output.c:227\n dst_output include/net/dst.h:445 [inline]\n ip6_local_out+0xb3/0x1a0 net/ipv6/output_core.c:161\n ip6_send_skb+0xbb/0x340 net/ipv6/ip6_output.c:1966\n udp_v6_send_skb+0x82a/0x18a0 net/ipv6/udp.c:1286\n udp_v6_push_pending_frames+0x140/0x200 net/ipv6/udp.c:1313\n udpv6_sendmsg+0x18da/0x2c80 net/ipv6/udp.c:1606\n inet6_sendmsg+0x9d/0xe0 net/ipv6/af_inet6.c:665\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg+0xd3/0x120 net/socket.c:734\n sock_write_iter+0x295/0x3d0 net/socket.c:1108\n call_write_iter include/linux/fs.h:2191 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x9ed/0xdd0 fs/read_write.c:584\n ksys_write+0x1ec/0x250 fs/read_write.c:637\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fde3588c0d9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fde365b6168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00007fde359ac050 RCX: 00007fde3588c0d9\nRDX: 000000000000ffdc RSI: 00000000200000c0 RDI: 000000000000000a\nRBP: 00007fde358e7ae9 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fde35acfb1f R14: 00007fde365b6300 R15: 0000000000022000\n \u003c/TASK\u003e\n\nAllocated by task 7618:\n kasan_save_stack+0x22/0x40 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x82/0x90 mm/kasan/common.c:325\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slab.h:737 [inline]\n slab_alloc_node mm/slub.c:3398 [inline]\n slab_alloc mm/slub.c:3406 [inline]\n __kmem_cache_alloc_lru mm/slub.c:3413 [inline]\n kmem_cache_alloc+0x2b4/0x3d0 mm/slub.c:3422\n dst_alloc+0x14a/0x1f0 net/core/dst.c:92\n ip6_dst_alloc+0x32/0xa0 net/ipv6/route.c:344\n ip6_rt_pcpu_alloc net/ipv6/route.c:1369 [inline]\n rt6_make_pcpu_route net/ipv6/route.c:1417 [inline]\n ip6_pol_route+0x901/0x1190 net/ipv6/route.c:2254\n pol_lookup_func include/net/ip6_fib.h:582 [inline]\n fib6_rule_lookup+0x52e/0x6f0 net/ipv6/fib6_rules.c:121\n ip6_route_output_flags_noref+0x2e6/0x380 net/ipv6/route.c:2625\n ip6_route_output_flags+0x76/0x320 net/ipv6/route.c:2638\n ip6_route_output include/net/ip6_route.h:98 [inline]\n ip6_dst_lookup_tail+0x5ab/0x1620 net/ipv6/ip6_output.c:1092\n ip6_dst_lookup_flow+0x90/0x1d0 net/ipv6/ip6_output.c:1222\n ip6_sk_dst_lookup_flow+0x553/0x980 net/ipv6/ip6_output.c:1260\n udpv6_sendmsg+0x151d/0x2c80 net/ipv6/udp.c:1554\n inet6_sendmsg+0x9d/0xe0 net/ipv6/af_inet6.c:665\n sock_sendmsg_nosec n\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:53.995Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b3d7ff8c04a83279fb7641fc4d5aa82a602df7c0"
},
{
"url": "https://git.kernel.org/stable/c/7e0dcd5f3ade221a6126278aca60c8ab4cc3bce9"
},
{
"url": "https://git.kernel.org/stable/c/6b6d3be3661bff2746cab26147bd629aa034e094"
},
{
"url": "https://git.kernel.org/stable/c/8208d7e56b1e579320b9ff3712739ad2e63e1f86"
},
{
"url": "https://git.kernel.org/stable/c/7390c70bd431cbfa6951477e2c80a301643e284b"
},
{
"url": "https://git.kernel.org/stable/c/9b1a468a455d8319041528778d0e684a4c062792"
},
{
"url": "https://git.kernel.org/stable/c/803e84867de59a1e5d126666d25eb4860cfd2ebe"
}
],
"title": "ipv6: avoid use-after-free in ip6_fragment()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48956",
"datePublished": "2024-10-21T20:05:42.379Z",
"dateReserved": "2024-08-22T01:27:53.627Z",
"dateUpdated": "2025-05-04T08:26:53.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46852 (GCVE-0-2024-46852)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:42 – Updated: 2025-11-03 22:19
VLAI?
EPSS
Title
dma-buf: heaps: Fix off-by-one in CMA heap fault handler
Summary
In the Linux kernel, the following vulnerability has been resolved:
dma-buf: heaps: Fix off-by-one in CMA heap fault handler
Until VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps:
Don't track CMA dma-buf pages under RssFile") it was possible to obtain
a mapping larger than the buffer size via mremap and bypass the overflow
check in dma_buf_mmap_internal. When using such a mapping to attempt to
fault past the end of the buffer, the CMA heap fault handler also checks
the fault offset against the buffer size, but gets the boundary wrong by
1. Fix the boundary check so that we don't read off the end of the pages
array and insert an arbitrary page in the mapping.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
a5d2d29e24be8967ef78a1b1fb2292413e3b3df9 , < 79cce5e81d20fa9ad553be439d665ac3302d3c95
(git)
Affected: a5d2d29e24be8967ef78a1b1fb2292413e3b3df9 , < 84175dc5b2c932266a50c04e5ce342c30f817a2f (git) Affected: a5d2d29e24be8967ef78a1b1fb2292413e3b3df9 , < eb7fc8b65cea22f9038c52398c8b22849e9620ea (git) Affected: a5d2d29e24be8967ef78a1b1fb2292413e3b3df9 , < e79050882b857c37634baedbdcf7c2047c24cbff (git) Affected: a5d2d29e24be8967ef78a1b1fb2292413e3b3df9 , < ea5ff5d351b520524019f7ff7f9ce418de2dad87 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46852",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-15T03:55:23.131Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:19:37.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma-buf/heaps/cma_heap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "79cce5e81d20fa9ad553be439d665ac3302d3c95",
"status": "affected",
"version": "a5d2d29e24be8967ef78a1b1fb2292413e3b3df9",
"versionType": "git"
},
{
"lessThan": "84175dc5b2c932266a50c04e5ce342c30f817a2f",
"status": "affected",
"version": "a5d2d29e24be8967ef78a1b1fb2292413e3b3df9",
"versionType": "git"
},
{
"lessThan": "eb7fc8b65cea22f9038c52398c8b22849e9620ea",
"status": "affected",
"version": "a5d2d29e24be8967ef78a1b1fb2292413e3b3df9",
"versionType": "git"
},
{
"lessThan": "e79050882b857c37634baedbdcf7c2047c24cbff",
"status": "affected",
"version": "a5d2d29e24be8967ef78a1b1fb2292413e3b3df9",
"versionType": "git"
},
{
"lessThan": "ea5ff5d351b520524019f7ff7f9ce418de2dad87",
"status": "affected",
"version": "a5d2d29e24be8967ef78a1b1fb2292413e3b3df9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma-buf/heaps/cma_heap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.52",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.111",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.52",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.11",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: heaps: Fix off-by-one in CMA heap fault handler\n\nUntil VM_DONTEXPAND was added in commit 1c1914d6e8c6 (\"dma-buf: heaps:\nDon\u0027t track CMA dma-buf pages under RssFile\") it was possible to obtain\na mapping larger than the buffer size via mremap and bypass the overflow\ncheck in dma_buf_mmap_internal. When using such a mapping to attempt to\nfault past the end of the buffer, the CMA heap fault handler also checks\nthe fault offset against the buffer size, but gets the boundary wrong by\n1. Fix the boundary check so that we don\u0027t read off the end of the pages\narray and insert an arbitrary page in the mapping."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T12:39:22.684Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/79cce5e81d20fa9ad553be439d665ac3302d3c95"
},
{
"url": "https://git.kernel.org/stable/c/84175dc5b2c932266a50c04e5ce342c30f817a2f"
},
{
"url": "https://git.kernel.org/stable/c/eb7fc8b65cea22f9038c52398c8b22849e9620ea"
},
{
"url": "https://git.kernel.org/stable/c/e79050882b857c37634baedbdcf7c2047c24cbff"
},
{
"url": "https://git.kernel.org/stable/c/ea5ff5d351b520524019f7ff7f9ce418de2dad87"
}
],
"title": "dma-buf: heaps: Fix off-by-one in CMA heap fault handler",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46852",
"datePublished": "2024-09-27T12:42:45.336Z",
"dateReserved": "2024-09-11T15:12:18.290Z",
"dateUpdated": "2025-11-03T22:19:37.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49864 (GCVE-0-2024-49864)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-05-04 09:39
VLAI?
EPSS
Title
rxrpc: Fix a race between socket set up and I/O thread creation
Summary
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix a race between socket set up and I/O thread creation
In rxrpc_open_socket(), it sets up the socket and then sets up the I/O
thread that will handle it. This is a problem, however, as there's a gap
between the two phases in which a packet may come into rxrpc_encap_rcv()
from the UDP packet but we oops when trying to wake the not-yet created I/O
thread.
As a quick fix, just make rxrpc_encap_rcv() discard the packet if there's
no I/O thread yet.
A better, but more intrusive fix would perhaps be to rearrange things such
that the socket creation is done by the I/O thread.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
a275da62e8c111b897b9cb73eb91df2f4e475ca5 , < cdf4bbbdb956d7426f687f38757ebca2a2759a0f
(git)
Affected: a275da62e8c111b897b9cb73eb91df2f4e475ca5 , < 56e415202b8a17de6496f4023e545fcb66f118ec (git) Affected: a275da62e8c111b897b9cb73eb91df2f4e475ca5 , < c64f5fc95e9612fdf75587c8e21e494e614c18e2 (git) Affected: a275da62e8c111b897b9cb73eb91df2f4e475ca5 , < bc212465326e8587325f520a052346f0b57360e6 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:47:53.708864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:52.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/rxrpc/ar-internal.h",
"net/rxrpc/io_thread.c",
"net/rxrpc/local_object.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cdf4bbbdb956d7426f687f38757ebca2a2759a0f",
"status": "affected",
"version": "a275da62e8c111b897b9cb73eb91df2f4e475ca5",
"versionType": "git"
},
{
"lessThan": "56e415202b8a17de6496f4023e545fcb66f118ec",
"status": "affected",
"version": "a275da62e8c111b897b9cb73eb91df2f4e475ca5",
"versionType": "git"
},
{
"lessThan": "c64f5fc95e9612fdf75587c8e21e494e614c18e2",
"status": "affected",
"version": "a275da62e8c111b897b9cb73eb91df2f4e475ca5",
"versionType": "git"
},
{
"lessThan": "bc212465326e8587325f520a052346f0b57360e6",
"status": "affected",
"version": "a275da62e8c111b897b9cb73eb91df2f4e475ca5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/rxrpc/ar-internal.h",
"net/rxrpc/io_thread.c",
"net/rxrpc/local_object.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix a race between socket set up and I/O thread creation\n\nIn rxrpc_open_socket(), it sets up the socket and then sets up the I/O\nthread that will handle it. This is a problem, however, as there\u0027s a gap\nbetween the two phases in which a packet may come into rxrpc_encap_rcv()\nfrom the UDP packet but we oops when trying to wake the not-yet created I/O\nthread.\n\nAs a quick fix, just make rxrpc_encap_rcv() discard the packet if there\u0027s\nno I/O thread yet.\n\nA better, but more intrusive fix would perhaps be to rearrange things such\nthat the socket creation is done by the I/O thread."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:39:50.456Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cdf4bbbdb956d7426f687f38757ebca2a2759a0f"
},
{
"url": "https://git.kernel.org/stable/c/56e415202b8a17de6496f4023e545fcb66f118ec"
},
{
"url": "https://git.kernel.org/stable/c/c64f5fc95e9612fdf75587c8e21e494e614c18e2"
},
{
"url": "https://git.kernel.org/stable/c/bc212465326e8587325f520a052346f0b57360e6"
}
],
"title": "rxrpc: Fix a race between socket set up and I/O thread creation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49864",
"datePublished": "2024-10-21T18:01:07.874Z",
"dateReserved": "2024-10-21T12:17:06.017Z",
"dateUpdated": "2025-05-04T09:39:50.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46797 (GCVE-0-2024-46797)
Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2025-05-04 09:34
VLAI?
EPSS
Title
powerpc/qspinlock: Fix deadlock in MCS queue
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/qspinlock: Fix deadlock in MCS queue
If an interrupt occurs in queued_spin_lock_slowpath() after we increment
qnodesp->count and before node->lock is initialized, another CPU might
see stale lock values in get_tail_qnode(). If the stale lock value happens
to match the lock on that CPU, then we write to the "next" pointer of
the wrong qnode. This causes a deadlock as the former CPU, once it becomes
the head of the MCS queue, will spin indefinitely until it's "next" pointer
is set by its successor in the queue.
Running stress-ng on a 16 core (16EC/16VP) shared LPAR, results in
occasional lockups similar to the following:
$ stress-ng --all 128 --vm-bytes 80% --aggressive \
--maximize --oomable --verify --syslog \
--metrics --times --timeout 5m
watchdog: CPU 15 Hard LOCKUP
......
NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490
LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90
Call Trace:
0xc000002cfffa3bf0 (unreliable)
_raw_spin_lock+0x6c/0x90
raw_spin_rq_lock_nested.part.135+0x4c/0xd0
sched_ttwu_pending+0x60/0x1f0
__flush_smp_call_function_queue+0x1dc/0x670
smp_ipi_demux_relaxed+0xa4/0x100
xive_muxed_ipi_action+0x20/0x40
__handle_irq_event_percpu+0x80/0x240
handle_irq_event_percpu+0x2c/0x80
handle_percpu_irq+0x84/0xd0
generic_handle_irq+0x54/0x80
__do_irq+0xac/0x210
__do_IRQ+0x74/0xd0
0x0
do_IRQ+0x8c/0x170
hardware_interrupt_common_virt+0x29c/0x2a0
--- interrupt: 500 at queued_spin_lock_slowpath+0x4b8/0x1490
......
NIP [c0000000000b6c28] queued_spin_lock_slowpath+0x4b8/0x1490
LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90
--- interrupt: 500
0xc0000029c1a41d00 (unreliable)
_raw_spin_lock+0x6c/0x90
futex_wake+0x100/0x260
do_futex+0x21c/0x2a0
sys_futex+0x98/0x270
system_call_exception+0x14c/0x2f0
system_call_vectored_common+0x15c/0x2ec
The following code flow illustrates how the deadlock occurs.
For the sake of brevity, assume that both locks (A and B) are
contended and we call the queued_spin_lock_slowpath() function.
CPU0 CPU1
---- ----
spin_lock_irqsave(A) |
spin_unlock_irqrestore(A) |
spin_lock(B) |
| |
▼ |
id = qnodesp->count++; |
(Note that nodes[0].lock == A) |
| |
▼ |
Interrupt |
(happens before "nodes[0].lock = B") |
| |
▼ |
spin_lock_irqsave(A) |
| |
▼ |
id = qnodesp->count++ |
nodes[1].lock = A |
| |
▼ |
Tail of MCS queue |
| spin_lock_irqsave(A)
▼ |
Head of MCS queue ▼
| CPU0 is previous tail
▼ |
Spin indefinitely ▼
(until "nodes[1].next != NULL") prev = get_tail_qnode(A, CPU0)
|
▼
prev == &qnodes[CPU0].nodes[0]
(as qnodes
---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
84990b169557428c318df87b7836cd15f65b62dc , < d84ab6661e8d09092de9b034b016515ef9b66085
(git)
Affected: 84990b169557428c318df87b7836cd15f65b62dc , < f06af737e4be28c0e926dc25d5f0a111da4e2987 (git) Affected: 84990b169557428c318df87b7836cd15f65b62dc , < 734ad0af3609464f8f93e00b6c0de1e112f44559 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46797",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:22:25.653688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:22:38.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/lib/qspinlock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d84ab6661e8d09092de9b034b016515ef9b66085",
"status": "affected",
"version": "84990b169557428c318df87b7836cd15f65b62dc",
"versionType": "git"
},
{
"lessThan": "f06af737e4be28c0e926dc25d5f0a111da4e2987",
"status": "affected",
"version": "84990b169557428c318df87b7836cd15f65b62dc",
"versionType": "git"
},
{
"lessThan": "734ad0af3609464f8f93e00b6c0de1e112f44559",
"status": "affected",
"version": "84990b169557428c318df87b7836cd15f65b62dc",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/lib/qspinlock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/qspinlock: Fix deadlock in MCS queue\n\nIf an interrupt occurs in queued_spin_lock_slowpath() after we increment\nqnodesp-\u003ecount and before node-\u003elock is initialized, another CPU might\nsee stale lock values in get_tail_qnode(). If the stale lock value happens\nto match the lock on that CPU, then we write to the \"next\" pointer of\nthe wrong qnode. This causes a deadlock as the former CPU, once it becomes\nthe head of the MCS queue, will spin indefinitely until it\u0027s \"next\" pointer\nis set by its successor in the queue.\n\nRunning stress-ng on a 16 core (16EC/16VP) shared LPAR, results in\noccasional lockups similar to the following:\n\n $ stress-ng --all 128 --vm-bytes 80% --aggressive \\\n --maximize --oomable --verify --syslog \\\n --metrics --times --timeout 5m\n\n watchdog: CPU 15 Hard LOCKUP\n ......\n NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490\n LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n Call Trace:\n 0xc000002cfffa3bf0 (unreliable)\n _raw_spin_lock+0x6c/0x90\n raw_spin_rq_lock_nested.part.135+0x4c/0xd0\n sched_ttwu_pending+0x60/0x1f0\n __flush_smp_call_function_queue+0x1dc/0x670\n smp_ipi_demux_relaxed+0xa4/0x100\n xive_muxed_ipi_action+0x20/0x40\n __handle_irq_event_percpu+0x80/0x240\n handle_irq_event_percpu+0x2c/0x80\n handle_percpu_irq+0x84/0xd0\n generic_handle_irq+0x54/0x80\n __do_irq+0xac/0x210\n __do_IRQ+0x74/0xd0\n 0x0\n do_IRQ+0x8c/0x170\n hardware_interrupt_common_virt+0x29c/0x2a0\n --- interrupt: 500 at queued_spin_lock_slowpath+0x4b8/0x1490\n ......\n NIP [c0000000000b6c28] queued_spin_lock_slowpath+0x4b8/0x1490\n LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n --- interrupt: 500\n 0xc0000029c1a41d00 (unreliable)\n _raw_spin_lock+0x6c/0x90\n futex_wake+0x100/0x260\n do_futex+0x21c/0x2a0\n sys_futex+0x98/0x270\n system_call_exception+0x14c/0x2f0\n system_call_vectored_common+0x15c/0x2ec\n\nThe following code flow illustrates how the deadlock occurs.\nFor the sake of brevity, assume that both locks (A and B) are\ncontended and we call the queued_spin_lock_slowpath() function.\n\n CPU0 CPU1\n ---- ----\n spin_lock_irqsave(A) |\n spin_unlock_irqrestore(A) |\n spin_lock(B) |\n | |\n \u25bc |\n id = qnodesp-\u003ecount++; |\n (Note that nodes[0].lock == A) |\n | |\n \u25bc |\n Interrupt |\n (happens before \"nodes[0].lock = B\") |\n | |\n \u25bc |\n spin_lock_irqsave(A) |\n | |\n \u25bc |\n id = qnodesp-\u003ecount++ |\n nodes[1].lock = A |\n | |\n \u25bc |\n Tail of MCS queue |\n | spin_lock_irqsave(A)\n \u25bc |\n Head of MCS queue \u25bc\n | CPU0 is previous tail\n \u25bc |\n Spin indefinitely \u25bc\n (until \"nodes[1].next != NULL\") prev = get_tail_qnode(A, CPU0)\n |\n \u25bc\n prev == \u0026qnodes[CPU0].nodes[0]\n (as qnodes\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:34:33.179Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d84ab6661e8d09092de9b034b016515ef9b66085"
},
{
"url": "https://git.kernel.org/stable/c/f06af737e4be28c0e926dc25d5f0a111da4e2987"
},
{
"url": "https://git.kernel.org/stable/c/734ad0af3609464f8f93e00b6c0de1e112f44559"
}
],
"title": "powerpc/qspinlock: Fix deadlock in MCS queue",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46797",
"datePublished": "2024-09-18T07:12:51.795Z",
"dateReserved": "2024-09-11T15:12:18.280Z",
"dateUpdated": "2025-05-04T09:34:33.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49853 (GCVE-0-2024-49853)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:18 – Updated: 2025-11-03 22:22
VLAI?
EPSS
Title
firmware: arm_scmi: Fix double free in OPTEE transport
Summary
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scmi: Fix double free in OPTEE transport
Channels can be shared between protocols, avoid freeing the same channel
descriptors twice when unloading the stack.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
5f90f189a052f6fc46048f6ce29a37b709548b81 , < d7f4fc2bc101e666da649605a9ece2bd42529c7a
(git)
Affected: 5f90f189a052f6fc46048f6ce29a37b709548b81 , < 6699567b0bbb378600a4dc0a1f929439a4e84a2c (git) Affected: 5f90f189a052f6fc46048f6ce29a37b709548b81 , < dc9543a4f2a5498a4a12d6d2427492a6f1a28056 (git) Affected: 5f90f189a052f6fc46048f6ce29a37b709548b81 , < aef6ae124bb3cc12e34430fed91fbb7efd7a444d (git) Affected: 5f90f189a052f6fc46048f6ce29a37b709548b81 , < e98dba934b2fc587eafb83f47ad64d9053b18ae0 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49853",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:56:39.770816Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:11.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:21.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/arm_scmi/optee.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d7f4fc2bc101e666da649605a9ece2bd42529c7a",
"status": "affected",
"version": "5f90f189a052f6fc46048f6ce29a37b709548b81",
"versionType": "git"
},
{
"lessThan": "6699567b0bbb378600a4dc0a1f929439a4e84a2c",
"status": "affected",
"version": "5f90f189a052f6fc46048f6ce29a37b709548b81",
"versionType": "git"
},
{
"lessThan": "dc9543a4f2a5498a4a12d6d2427492a6f1a28056",
"status": "affected",
"version": "5f90f189a052f6fc46048f6ce29a37b709548b81",
"versionType": "git"
},
{
"lessThan": "aef6ae124bb3cc12e34430fed91fbb7efd7a444d",
"status": "affected",
"version": "5f90f189a052f6fc46048f6ce29a37b709548b81",
"versionType": "git"
},
{
"lessThan": "e98dba934b2fc587eafb83f47ad64d9053b18ae0",
"status": "affected",
"version": "5f90f189a052f6fc46048f6ce29a37b709548b81",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/arm_scmi/optee.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Fix double free in OPTEE transport\n\nChannels can be shared between protocols, avoid freeing the same channel\ndescriptors twice when unloading the stack."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:39:34.709Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d7f4fc2bc101e666da649605a9ece2bd42529c7a"
},
{
"url": "https://git.kernel.org/stable/c/6699567b0bbb378600a4dc0a1f929439a4e84a2c"
},
{
"url": "https://git.kernel.org/stable/c/dc9543a4f2a5498a4a12d6d2427492a6f1a28056"
},
{
"url": "https://git.kernel.org/stable/c/aef6ae124bb3cc12e34430fed91fbb7efd7a444d"
},
{
"url": "https://git.kernel.org/stable/c/e98dba934b2fc587eafb83f47ad64d9053b18ae0"
}
],
"title": "firmware: arm_scmi: Fix double free in OPTEE transport",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49853",
"datePublished": "2024-10-21T12:18:46.093Z",
"dateReserved": "2024-10-21T12:17:06.016Z",
"dateUpdated": "2025-11-03T22:22:21.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49907 (GCVE-0-2024-49907)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
drm/amd/display: Check null pointers before using dc->clk_mgr
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check null pointers before using dc->clk_mgr
[WHY & HOW]
dc->clk_mgr is null checked previously in the same function, indicating
it might be null.
Passing "dc" to "dc->hwss.apply_idle_power_optimizations", which
dereferences null "dc->clk_mgr". (The function pointer resolves to
"dcn35_apply_idle_power_optimizations".)
This fixes 1 FORWARD_NULL issue reported by Coverity.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 8d54001f8dccd56146973f23f3ab2ba037a21251
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < a545a9403e04c6e17fdc04a26a61d9feebbba106 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < a2773e0a4b79e7a6463abdffaf8cc4f24428ba18 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 9641bc4adf8446034e490ed543ae7e9833cfbdf5 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 3f7e533c10db3d0158709a99e2129ff63add6bcd (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 5ba3fbf75b243b2863a8be9e7c393e003d3b88f3 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 95d9e0803e51d5a24276b7643b244c7477daf463 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:42:07.340526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:46.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:08.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8d54001f8dccd56146973f23f3ab2ba037a21251",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "a545a9403e04c6e17fdc04a26a61d9feebbba106",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "a2773e0a4b79e7a6463abdffaf8cc4f24428ba18",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "9641bc4adf8446034e490ed543ae7e9833cfbdf5",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "3f7e533c10db3d0158709a99e2129ff63add6bcd",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "5ba3fbf75b243b2863a8be9e7c393e003d3b88f3",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "95d9e0803e51d5a24276b7643b244c7477daf463",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before using dc-\u003eclk_mgr\n\n[WHY \u0026 HOW]\ndc-\u003eclk_mgr is null checked previously in the same function, indicating\nit might be null.\n\nPassing \"dc\" to \"dc-\u003ehwss.apply_idle_power_optimizations\", which\ndereferences null \"dc-\u003eclk_mgr\". (The function pointer resolves to\n\"dcn35_apply_idle_power_optimizations\".)\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:21:04.394Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8d54001f8dccd56146973f23f3ab2ba037a21251"
},
{
"url": "https://git.kernel.org/stable/c/a545a9403e04c6e17fdc04a26a61d9feebbba106"
},
{
"url": "https://git.kernel.org/stable/c/a2773e0a4b79e7a6463abdffaf8cc4f24428ba18"
},
{
"url": "https://git.kernel.org/stable/c/9641bc4adf8446034e490ed543ae7e9833cfbdf5"
},
{
"url": "https://git.kernel.org/stable/c/3f7e533c10db3d0158709a99e2129ff63add6bcd"
},
{
"url": "https://git.kernel.org/stable/c/5ba3fbf75b243b2863a8be9e7c393e003d3b88f3"
},
{
"url": "https://git.kernel.org/stable/c/95d9e0803e51d5a24276b7643b244c7477daf463"
}
],
"title": "drm/amd/display: Check null pointers before using dc-\u003eclk_mgr",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49907",
"datePublished": "2024-10-21T18:01:37.452Z",
"dateReserved": "2024-10-21T12:17:06.027Z",
"dateUpdated": "2025-11-03T22:23:08.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48954 (GCVE-0-2022-48954)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:26
VLAI?
EPSS
Title
s390/qeth: fix use-after-free in hsci
Summary
In the Linux kernel, the following vulnerability has been resolved:
s390/qeth: fix use-after-free in hsci
KASAN found that addr was dereferenced after br2dev_event_work was freed.
==================================================================
BUG: KASAN: use-after-free in qeth_l2_br2dev_worker+0x5ba/0x6b0
Read of size 1 at addr 00000000fdcea440 by task kworker/u760:4/540
CPU: 17 PID: 540 Comm: kworker/u760:4 Tainted: G E 6.1.0-20221128.rc7.git1.5aa3bed4ce83.300.fc36.s390x+kasan #1
Hardware name: IBM 8561 T01 703 (LPAR)
Workqueue: 0.0.8000_event qeth_l2_br2dev_worker
Call Trace:
[<000000016944d4ce>] dump_stack_lvl+0xc6/0xf8
[<000000016942cd9c>] print_address_description.constprop.0+0x34/0x2a0
[<000000016942d118>] print_report+0x110/0x1f8
[<0000000167a7bd04>] kasan_report+0xfc/0x128
[<000000016938d79a>] qeth_l2_br2dev_worker+0x5ba/0x6b0
[<00000001673edd1e>] process_one_work+0x76e/0x1128
[<00000001673ee85c>] worker_thread+0x184/0x1098
[<000000016740718a>] kthread+0x26a/0x310
[<00000001672c606a>] __ret_from_fork+0x8a/0xe8
[<00000001694711da>] ret_from_fork+0xa/0x40
Allocated by task 108338:
kasan_save_stack+0x40/0x68
kasan_set_track+0x36/0x48
__kasan_kmalloc+0xa0/0xc0
qeth_l2_switchdev_event+0x25a/0x738
atomic_notifier_call_chain+0x9c/0xf8
br_switchdev_fdb_notify+0xf4/0x110
fdb_notify+0x122/0x180
fdb_add_entry.constprop.0.isra.0+0x312/0x558
br_fdb_add+0x59e/0x858
rtnl_fdb_add+0x58a/0x928
rtnetlink_rcv_msg+0x5f8/0x8d8
netlink_rcv_skb+0x1f2/0x408
netlink_unicast+0x570/0x790
netlink_sendmsg+0x752/0xbe0
sock_sendmsg+0xca/0x110
____sys_sendmsg+0x510/0x6a8
___sys_sendmsg+0x12a/0x180
__sys_sendmsg+0xe6/0x168
__do_sys_socketcall+0x3c8/0x468
do_syscall+0x22c/0x328
__do_syscall+0x94/0xf0
system_call+0x82/0xb0
Freed by task 540:
kasan_save_stack+0x40/0x68
kasan_set_track+0x36/0x48
kasan_save_free_info+0x4c/0x68
____kasan_slab_free+0x14e/0x1a8
__kasan_slab_free+0x24/0x30
__kmem_cache_free+0x168/0x338
qeth_l2_br2dev_worker+0x154/0x6b0
process_one_work+0x76e/0x1128
worker_thread+0x184/0x1098
kthread+0x26a/0x310
__ret_from_fork+0x8a/0xe8
ret_from_fork+0xa/0x40
Last potentially related work creation:
kasan_save_stack+0x40/0x68
__kasan_record_aux_stack+0xbe/0xd0
insert_work+0x56/0x2e8
__queue_work+0x4ce/0xd10
queue_work_on+0xf4/0x100
qeth_l2_switchdev_event+0x520/0x738
atomic_notifier_call_chain+0x9c/0xf8
br_switchdev_fdb_notify+0xf4/0x110
fdb_notify+0x122/0x180
fdb_add_entry.constprop.0.isra.0+0x312/0x558
br_fdb_add+0x59e/0x858
rtnl_fdb_add+0x58a/0x928
rtnetlink_rcv_msg+0x5f8/0x8d8
netlink_rcv_skb+0x1f2/0x408
netlink_unicast+0x570/0x790
netlink_sendmsg+0x752/0xbe0
sock_sendmsg+0xca/0x110
____sys_sendmsg+0x510/0x6a8
___sys_sendmsg+0x12a/0x180
__sys_sendmsg+0xe6/0x168
__do_sys_socketcall+0x3c8/0x468
do_syscall+0x22c/0x328
__do_syscall+0x94/0xf0
system_call+0x82/0xb0
Second to last potentially related work creation:
kasan_save_stack+0x40/0x68
__kasan_record_aux_stack+0xbe/0xd0
kvfree_call_rcu+0xb2/0x760
kernfs_unlink_open_file+0x348/0x430
kernfs_fop_release+0xc2/0x320
__fput+0x1ae/0x768
task_work_run+0x1bc/0x298
exit_to_user_mode_prepare+0x1a0/0x1a8
__do_syscall+0x94/0xf0
system_call+0x82/0xb0
The buggy address belongs to the object at 00000000fdcea400
which belongs to the cache kmalloc-96 of size 96
The buggy address is located 64 bytes inside of
96-byte region [00000000fdcea400, 00000000fdcea460)
The buggy address belongs to the physical page:
page:000000005a9c26e8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xfdcea
flags: 0x3ffff00000000200(slab|node=0|zone=1|lastcpupid=0x1ffff)
raw: 3ffff00000000200 0000000000000000 0000000100000122 000000008008cc00
raw: 0000000000000000 0020004100000000 ffffffff00000001 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
00000000fdcea300: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
00000000fdcea380: fb fb fb fb fb fb f
---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
f7936b7b2663c99a096a5c432ba96ab1e91a6c0f , < db6343a5b0d9661f2dd76f653c6d274d38234d2b
(git)
Affected: f7936b7b2663c99a096a5c432ba96ab1e91a6c0f , < bde0dfc7c4569406a6ddeec363d04a1df7b3073f (git) Affected: f7936b7b2663c99a096a5c432ba96ab1e91a6c0f , < ebaaadc332cd21e9df4dcf9ce12552d9354bbbe4 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:21:15.283243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:40.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/net/qeth_l2_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "db6343a5b0d9661f2dd76f653c6d274d38234d2b",
"status": "affected",
"version": "f7936b7b2663c99a096a5c432ba96ab1e91a6c0f",
"versionType": "git"
},
{
"lessThan": "bde0dfc7c4569406a6ddeec363d04a1df7b3073f",
"status": "affected",
"version": "f7936b7b2663c99a096a5c432ba96ab1e91a6c0f",
"versionType": "git"
},
{
"lessThan": "ebaaadc332cd21e9df4dcf9ce12552d9354bbbe4",
"status": "affected",
"version": "f7936b7b2663c99a096a5c432ba96ab1e91a6c0f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/net/qeth_l2_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/qeth: fix use-after-free in hsci\n\nKASAN found that addr was dereferenced after br2dev_event_work was freed.\n\n==================================================================\nBUG: KASAN: use-after-free in qeth_l2_br2dev_worker+0x5ba/0x6b0\nRead of size 1 at addr 00000000fdcea440 by task kworker/u760:4/540\nCPU: 17 PID: 540 Comm: kworker/u760:4 Tainted: G E 6.1.0-20221128.rc7.git1.5aa3bed4ce83.300.fc36.s390x+kasan #1\nHardware name: IBM 8561 T01 703 (LPAR)\nWorkqueue: 0.0.8000_event qeth_l2_br2dev_worker\nCall Trace:\n [\u003c000000016944d4ce\u003e] dump_stack_lvl+0xc6/0xf8\n [\u003c000000016942cd9c\u003e] print_address_description.constprop.0+0x34/0x2a0\n [\u003c000000016942d118\u003e] print_report+0x110/0x1f8\n [\u003c0000000167a7bd04\u003e] kasan_report+0xfc/0x128\n [\u003c000000016938d79a\u003e] qeth_l2_br2dev_worker+0x5ba/0x6b0\n [\u003c00000001673edd1e\u003e] process_one_work+0x76e/0x1128\n [\u003c00000001673ee85c\u003e] worker_thread+0x184/0x1098\n [\u003c000000016740718a\u003e] kthread+0x26a/0x310\n [\u003c00000001672c606a\u003e] __ret_from_fork+0x8a/0xe8\n [\u003c00000001694711da\u003e] ret_from_fork+0xa/0x40\nAllocated by task 108338:\n kasan_save_stack+0x40/0x68\n kasan_set_track+0x36/0x48\n __kasan_kmalloc+0xa0/0xc0\n qeth_l2_switchdev_event+0x25a/0x738\n atomic_notifier_call_chain+0x9c/0xf8\n br_switchdev_fdb_notify+0xf4/0x110\n fdb_notify+0x122/0x180\n fdb_add_entry.constprop.0.isra.0+0x312/0x558\n br_fdb_add+0x59e/0x858\n rtnl_fdb_add+0x58a/0x928\n rtnetlink_rcv_msg+0x5f8/0x8d8\n netlink_rcv_skb+0x1f2/0x408\n netlink_unicast+0x570/0x790\n netlink_sendmsg+0x752/0xbe0\n sock_sendmsg+0xca/0x110\n ____sys_sendmsg+0x510/0x6a8\n ___sys_sendmsg+0x12a/0x180\n __sys_sendmsg+0xe6/0x168\n __do_sys_socketcall+0x3c8/0x468\n do_syscall+0x22c/0x328\n __do_syscall+0x94/0xf0\n system_call+0x82/0xb0\nFreed by task 540:\n kasan_save_stack+0x40/0x68\n kasan_set_track+0x36/0x48\n kasan_save_free_info+0x4c/0x68\n ____kasan_slab_free+0x14e/0x1a8\n __kasan_slab_free+0x24/0x30\n __kmem_cache_free+0x168/0x338\n qeth_l2_br2dev_worker+0x154/0x6b0\n process_one_work+0x76e/0x1128\n worker_thread+0x184/0x1098\n kthread+0x26a/0x310\n __ret_from_fork+0x8a/0xe8\n ret_from_fork+0xa/0x40\nLast potentially related work creation:\n kasan_save_stack+0x40/0x68\n __kasan_record_aux_stack+0xbe/0xd0\n insert_work+0x56/0x2e8\n __queue_work+0x4ce/0xd10\n queue_work_on+0xf4/0x100\n qeth_l2_switchdev_event+0x520/0x738\n atomic_notifier_call_chain+0x9c/0xf8\n br_switchdev_fdb_notify+0xf4/0x110\n fdb_notify+0x122/0x180\n fdb_add_entry.constprop.0.isra.0+0x312/0x558\n br_fdb_add+0x59e/0x858\n rtnl_fdb_add+0x58a/0x928\n rtnetlink_rcv_msg+0x5f8/0x8d8\n netlink_rcv_skb+0x1f2/0x408\n netlink_unicast+0x570/0x790\n netlink_sendmsg+0x752/0xbe0\n sock_sendmsg+0xca/0x110\n ____sys_sendmsg+0x510/0x6a8\n ___sys_sendmsg+0x12a/0x180\n __sys_sendmsg+0xe6/0x168\n __do_sys_socketcall+0x3c8/0x468\n do_syscall+0x22c/0x328\n __do_syscall+0x94/0xf0\n system_call+0x82/0xb0\nSecond to last potentially related work creation:\n kasan_save_stack+0x40/0x68\n __kasan_record_aux_stack+0xbe/0xd0\n kvfree_call_rcu+0xb2/0x760\n kernfs_unlink_open_file+0x348/0x430\n kernfs_fop_release+0xc2/0x320\n __fput+0x1ae/0x768\n task_work_run+0x1bc/0x298\n exit_to_user_mode_prepare+0x1a0/0x1a8\n __do_syscall+0x94/0xf0\n system_call+0x82/0xb0\nThe buggy address belongs to the object at 00000000fdcea400\n which belongs to the cache kmalloc-96 of size 96\nThe buggy address is located 64 bytes inside of\n 96-byte region [00000000fdcea400, 00000000fdcea460)\nThe buggy address belongs to the physical page:\npage:000000005a9c26e8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xfdcea\nflags: 0x3ffff00000000200(slab|node=0|zone=1|lastcpupid=0x1ffff)\nraw: 3ffff00000000200 0000000000000000 0000000100000122 000000008008cc00\nraw: 0000000000000000 0020004100000000 ffffffff00000001 0000000000000000\npage dumped because: kasan: bad access detected\nMemory state around the buggy address:\n 00000000fdcea300: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n 00000000fdcea380: fb fb fb fb fb fb f\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:51.141Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/db6343a5b0d9661f2dd76f653c6d274d38234d2b"
},
{
"url": "https://git.kernel.org/stable/c/bde0dfc7c4569406a6ddeec363d04a1df7b3073f"
},
{
"url": "https://git.kernel.org/stable/c/ebaaadc332cd21e9df4dcf9ce12552d9354bbbe4"
}
],
"title": "s390/qeth: fix use-after-free in hsci",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48954",
"datePublished": "2024-10-21T20:05:41.057Z",
"dateReserved": "2024-08-22T01:27:53.627Z",
"dateUpdated": "2025-05-04T08:26:51.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-44932 (GCVE-0-2024-44932)
Vulnerability from cvelistv5 – Published: 2024-08-26 10:11 – Updated: 2025-05-04 09:29
VLAI?
EPSS
Title
idpf: fix UAFs when destroying the queues
Summary
In the Linux kernel, the following vulnerability has been resolved:
idpf: fix UAFs when destroying the queues
The second tagged commit started sometimes (very rarely, but possible)
throwing WARNs from
net/core/page_pool.c:page_pool_disable_direct_recycling().
Turned out idpf frees interrupt vectors with embedded NAPIs *before*
freeing the queues making page_pools' NAPI pointers lead to freed
memory before these pools are destroyed by libeth.
It's not clear whether there are other accesses to the freed vectors
when destroying the queues, but anyway, we usually free queue/interrupt
vectors only when the queues are destroyed and the NAPIs are guaranteed
to not be referenced anywhere.
Invert the allocation and freeing logic making queue/interrupt vectors
be allocated first and freed last. Vectors don't require queues to be
present, so this is safe. Additionally, this change allows to remove
that useless queue->q_vector pointer cleanup, as vectors are still
valid when freeing the queues (+ both are freed within one function,
so it's not clear why nullify the pointers at all).
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44932",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:27:58.052745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:06.917Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/idpf/idpf_lib.c",
"drivers/net/ethernet/intel/idpf/idpf_txrx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3cde714b0e77206ed1b5cf31f28c18ba9ae946fd",
"status": "affected",
"version": "1c325aac10a82f11410da8a2bf35e3e410a42751",
"versionType": "git"
},
{
"lessThan": "290f1c033281c1a502a3cd1c53c3a549259c491f",
"status": "affected",
"version": "1c325aac10a82f11410da8a2bf35e3e410a42751",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/idpf/idpf_lib.c",
"drivers/net/ethernet/intel/idpf/idpf_txrx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix UAFs when destroying the queues\n\nThe second tagged commit started sometimes (very rarely, but possible)\nthrowing WARNs from\nnet/core/page_pool.c:page_pool_disable_direct_recycling().\nTurned out idpf frees interrupt vectors with embedded NAPIs *before*\nfreeing the queues making page_pools\u0027 NAPI pointers lead to freed\nmemory before these pools are destroyed by libeth.\nIt\u0027s not clear whether there are other accesses to the freed vectors\nwhen destroying the queues, but anyway, we usually free queue/interrupt\nvectors only when the queues are destroyed and the NAPIs are guaranteed\nto not be referenced anywhere.\n\nInvert the allocation and freeing logic making queue/interrupt vectors\nbe allocated first and freed last. Vectors don\u0027t require queues to be\npresent, so this is safe. Additionally, this change allows to remove\nthat useless queue-\u003eq_vector pointer cleanup, as vectors are still\nvalid when freeing the queues (+ both are freed within one function,\nso it\u0027s not clear why nullify the pointers at all)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:29:10.322Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3cde714b0e77206ed1b5cf31f28c18ba9ae946fd"
},
{
"url": "https://git.kernel.org/stable/c/290f1c033281c1a502a3cd1c53c3a549259c491f"
}
],
"title": "idpf: fix UAFs when destroying the queues",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-44932",
"datePublished": "2024-08-26T10:11:23.115Z",
"dateReserved": "2024-08-21T05:34:56.664Z",
"dateUpdated": "2025-05-04T09:29:10.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46775 (GCVE-0-2024-46775)
Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2025-07-11 17:20
VLAI?
EPSS
Title
drm/amd/display: Validate function returns
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Validate function returns
[WHAT & HOW]
Function return values must be checked before data can be used
in subsequent functions.
This fixes 4 CHECKED_RETURN issues reported by Coverity.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:39:36.551208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:39:51.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c",
"drivers/gpu/drm/amd/display/dc/hubbub/dcn20/dcn20_hubbub.c",
"drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5639a3048c7079803256374204ad55ec52cd0b49",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c",
"drivers/gpu/drm/amd/display/dc/hubbub/dcn20/dcn20_hubbub.c",
"drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Validate function returns\n\n[WHAT \u0026 HOW]\nFunction return values must be checked before data can be used\nin subsequent functions.\n\nThis fixes 4 CHECKED_RETURN issues reported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:20:29.645Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5639a3048c7079803256374204ad55ec52cd0b49"
},
{
"url": "https://git.kernel.org/stable/c/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c"
}
],
"title": "drm/amd/display: Validate function returns",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46775",
"datePublished": "2024-09-18T07:12:32.506Z",
"dateReserved": "2024-09-11T15:12:18.275Z",
"dateUpdated": "2025-07-11T17:20:29.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47684 (GCVE-0-2024-47684)
Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-11-03 22:20
VLAI?
EPSS
Title
tcp: check skb is non-NULL in tcp_rto_delta_us()
Summary
In the Linux kernel, the following vulnerability has been resolved:
tcp: check skb is non-NULL in tcp_rto_delta_us()
We have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic
kernel that are running ceph and recently hit a null ptr dereference in
tcp_rearm_rto(). Initially hitting it from the TLP path, but then later we also
saw it getting hit from the RACK case as well. Here are examples of the oops
messages we saw in each of those cases:
Jul 26 15:05:02 rx [11061395.780353] BUG: kernel NULL pointer dereference, address: 0000000000000020
Jul 26 15:05:02 rx [11061395.787572] #PF: supervisor read access in kernel mode
Jul 26 15:05:02 rx [11061395.792971] #PF: error_code(0x0000) - not-present page
Jul 26 15:05:02 rx [11061395.798362] PGD 0 P4D 0
Jul 26 15:05:02 rx [11061395.801164] Oops: 0000 [#1] SMP NOPTI
Jul 26 15:05:02 rx [11061395.805091] CPU: 0 PID: 9180 Comm: msgr-worker-1 Tainted: G W 5.4.0-174-generic #193-Ubuntu
Jul 26 15:05:02 rx [11061395.814996] Hardware name: Supermicro SMC 2x26 os-gen8 64C NVME-Y 256G/H12SSW-NTR, BIOS 2.5.V1.2U.NVMe.UEFI 05/09/2023
Jul 26 15:05:02 rx [11061395.825952] RIP: 0010:tcp_rearm_rto+0xe4/0x160
Jul 26 15:05:02 rx [11061395.830656] Code: 87 ca 04 00 00 00 5b 41 5c 41 5d 5d c3 c3 49 8b bc 24 40 06 00 00 eb 8d 48 bb cf f7 53 e3 a5 9b c4 20 4c 89 ef e8 0c fe 0e 00 <48> 8b 78 20 48 c1 ef 03 48 89 f8 41 8b bc 24 80 04 00 00 48 f7 e3
Jul 26 15:05:02 rx [11061395.849665] RSP: 0018:ffffb75d40003e08 EFLAGS: 00010246
Jul 26 15:05:02 rx [11061395.855149] RAX: 0000000000000000 RBX: 20c49ba5e353f7cf RCX: 0000000000000000
Jul 26 15:05:02 rx [11061395.862542] RDX: 0000000062177c30 RSI: 000000000000231c RDI: ffff9874ad283a60
Jul 26 15:05:02 rx [11061395.869933] RBP: ffffb75d40003e20 R08: 0000000000000000 R09: ffff987605e20aa8
Jul 26 15:05:02 rx [11061395.877318] R10: ffffb75d40003f00 R11: ffffb75d4460f740 R12: ffff9874ad283900
Jul 26 15:05:02 rx [11061395.884710] R13: ffff9874ad283a60 R14: ffff9874ad283980 R15: ffff9874ad283d30
Jul 26 15:05:02 rx [11061395.892095] FS: 00007f1ef4a2e700(0000) GS:ffff987605e00000(0000) knlGS:0000000000000000
Jul 26 15:05:02 rx [11061395.900438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jul 26 15:05:02 rx [11061395.906435] CR2: 0000000000000020 CR3: 0000003e450ba003 CR4: 0000000000760ef0
Jul 26 15:05:02 rx [11061395.913822] PKRU: 55555554
Jul 26 15:05:02 rx [11061395.916786] Call Trace:
Jul 26 15:05:02 rx [11061395.919488]
Jul 26 15:05:02 rx [11061395.921765] ? show_regs.cold+0x1a/0x1f
Jul 26 15:05:02 rx [11061395.925859] ? __die+0x90/0xd9
Jul 26 15:05:02 rx [11061395.929169] ? no_context+0x196/0x380
Jul 26 15:05:02 rx [11061395.933088] ? ip6_protocol_deliver_rcu+0x4e0/0x4e0
Jul 26 15:05:02 rx [11061395.938216] ? ip6_sublist_rcv_finish+0x3d/0x50
Jul 26 15:05:02 rx [11061395.943000] ? __bad_area_nosemaphore+0x50/0x1a0
Jul 26 15:05:02 rx [11061395.947873] ? bad_area_nosemaphore+0x16/0x20
Jul 26 15:05:02 rx [11061395.952486] ? do_user_addr_fault+0x267/0x450
Jul 26 15:05:02 rx [11061395.957104] ? ipv6_list_rcv+0x112/0x140
Jul 26 15:05:02 rx [11061395.961279] ? __do_page_fault+0x58/0x90
Jul 26 15:05:02 rx [11061395.965458] ? do_page_fault+0x2c/0xe0
Jul 26 15:05:02 rx [11061395.969465] ? page_fault+0x34/0x40
Jul 26 15:05:02 rx [11061395.973217] ? tcp_rearm_rto+0xe4/0x160
Jul 26 15:05:02 rx [11061395.977313] ? tcp_rearm_rto+0xe4/0x160
Jul 26 15:05:02 rx [11061395.981408] tcp_send_loss_probe+0x10b/0x220
Jul 26 15:05:02 rx [11061395.985937] tcp_write_timer_handler+0x1b4/0x240
Jul 26 15:05:02 rx [11061395.990809] tcp_write_timer+0x9e/0xe0
Jul 26 15:05:02 rx [11061395.994814] ? tcp_write_timer_handler+0x240/0x240
Jul 26 15:05:02 rx [11061395.999866] call_timer_fn+0x32/0x130
Jul 26 15:05:02 rx [11061396.003782] __run_timers.part.0+0x180/0x280
Jul 26 15:05:02 rx [11061396.008309] ? recalibrate_cpu_khz+0x10/0x10
Jul 26 15:05:02 rx [11061396.012841] ? native_x2apic_icr_write+0x30/0x30
Jul 26 15:05:02 rx [11061396.017718] ? lapic_next_even
---truncated---
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
e1a10ef7fa876f8510aaec36ea5c0cf34baba410 , < ad4f0a14d6856e68f023fc4e5017cfd881a3dfbc
(git)
Affected: e1a10ef7fa876f8510aaec36ea5c0cf34baba410 , < 16e0387d87fc858e34449fdf2b14ed5837f761db (git) Affected: e1a10ef7fa876f8510aaec36ea5c0cf34baba410 , < ec31cf42fc4e35bb1248ce6eb1de6de9f851ac86 (git) Affected: e1a10ef7fa876f8510aaec36ea5c0cf34baba410 , < 5c4c03288a4aea705e36aa44119c13d7ee4dce99 (git) Affected: e1a10ef7fa876f8510aaec36ea5c0cf34baba410 , < 96c4983eab2a5da235f7fff90beaf17b008ba029 (git) Affected: e1a10ef7fa876f8510aaec36ea5c0cf34baba410 , < 570f7d8c9bf14f041152ba8353d4330ef7575915 (git) Affected: e1a10ef7fa876f8510aaec36ea5c0cf34baba410 , < 81d18c152e3f82bacadf83bc0a471b2363b9cc18 (git) Affected: e1a10ef7fa876f8510aaec36ea5c0cf34baba410 , < 09aea49fbc7e755a915c405644f347137cdb62b0 (git) Affected: e1a10ef7fa876f8510aaec36ea5c0cf34baba410 , < c8770db2d54437a5f49417ae7b46f7de23d14db6 (git) Affected: 42a858e036bb26cb559157393b7890cabe70bfc2 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:06:54.270421Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:14:16.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:20:50.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/tcp.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ad4f0a14d6856e68f023fc4e5017cfd881a3dfbc",
"status": "affected",
"version": "e1a10ef7fa876f8510aaec36ea5c0cf34baba410",
"versionType": "git"
},
{
"lessThan": "16e0387d87fc858e34449fdf2b14ed5837f761db",
"status": "affected",
"version": "e1a10ef7fa876f8510aaec36ea5c0cf34baba410",
"versionType": "git"
},
{
"lessThan": "ec31cf42fc4e35bb1248ce6eb1de6de9f851ac86",
"status": "affected",
"version": "e1a10ef7fa876f8510aaec36ea5c0cf34baba410",
"versionType": "git"
},
{
"lessThan": "5c4c03288a4aea705e36aa44119c13d7ee4dce99",
"status": "affected",
"version": "e1a10ef7fa876f8510aaec36ea5c0cf34baba410",
"versionType": "git"
},
{
"lessThan": "96c4983eab2a5da235f7fff90beaf17b008ba029",
"status": "affected",
"version": "e1a10ef7fa876f8510aaec36ea5c0cf34baba410",
"versionType": "git"
},
{
"lessThan": "570f7d8c9bf14f041152ba8353d4330ef7575915",
"status": "affected",
"version": "e1a10ef7fa876f8510aaec36ea5c0cf34baba410",
"versionType": "git"
},
{
"lessThan": "81d18c152e3f82bacadf83bc0a471b2363b9cc18",
"status": "affected",
"version": "e1a10ef7fa876f8510aaec36ea5c0cf34baba410",
"versionType": "git"
},
{
"lessThan": "09aea49fbc7e755a915c405644f347137cdb62b0",
"status": "affected",
"version": "e1a10ef7fa876f8510aaec36ea5c0cf34baba410",
"versionType": "git"
},
{
"lessThan": "c8770db2d54437a5f49417ae7b46f7de23d14db6",
"status": "affected",
"version": "e1a10ef7fa876f8510aaec36ea5c0cf34baba410",
"versionType": "git"
},
{
"status": "affected",
"version": "42a858e036bb26cb559157393b7890cabe70bfc2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/tcp.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.13"
},
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10.108",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: check skb is non-NULL in tcp_rto_delta_us()\n\nWe have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic\nkernel that are running ceph and recently hit a null ptr dereference in\ntcp_rearm_rto(). Initially hitting it from the TLP path, but then later we also\nsaw it getting hit from the RACK case as well. Here are examples of the oops\nmessages we saw in each of those cases:\n\nJul 26 15:05:02 rx [11061395.780353] BUG: kernel NULL pointer dereference, address: 0000000000000020\nJul 26 15:05:02 rx [11061395.787572] #PF: supervisor read access in kernel mode\nJul 26 15:05:02 rx [11061395.792971] #PF: error_code(0x0000) - not-present page\nJul 26 15:05:02 rx [11061395.798362] PGD 0 P4D 0\nJul 26 15:05:02 rx [11061395.801164] Oops: 0000 [#1] SMP NOPTI\nJul 26 15:05:02 rx [11061395.805091] CPU: 0 PID: 9180 Comm: msgr-worker-1 Tainted: G W 5.4.0-174-generic #193-Ubuntu\nJul 26 15:05:02 rx [11061395.814996] Hardware name: Supermicro SMC 2x26 os-gen8 64C NVME-Y 256G/H12SSW-NTR, BIOS 2.5.V1.2U.NVMe.UEFI 05/09/2023\nJul 26 15:05:02 rx [11061395.825952] RIP: 0010:tcp_rearm_rto+0xe4/0x160\nJul 26 15:05:02 rx [11061395.830656] Code: 87 ca 04 00 00 00 5b 41 5c 41 5d 5d c3 c3 49 8b bc 24 40 06 00 00 eb 8d 48 bb cf f7 53 e3 a5 9b c4 20 4c 89 ef e8 0c fe 0e 00 \u003c48\u003e 8b 78 20 48 c1 ef 03 48 89 f8 41 8b bc 24 80 04 00 00 48 f7 e3\nJul 26 15:05:02 rx [11061395.849665] RSP: 0018:ffffb75d40003e08 EFLAGS: 00010246\nJul 26 15:05:02 rx [11061395.855149] RAX: 0000000000000000 RBX: 20c49ba5e353f7cf RCX: 0000000000000000\nJul 26 15:05:02 rx [11061395.862542] RDX: 0000000062177c30 RSI: 000000000000231c RDI: ffff9874ad283a60\nJul 26 15:05:02 rx [11061395.869933] RBP: ffffb75d40003e20 R08: 0000000000000000 R09: ffff987605e20aa8\nJul 26 15:05:02 rx [11061395.877318] R10: ffffb75d40003f00 R11: ffffb75d4460f740 R12: ffff9874ad283900\nJul 26 15:05:02 rx [11061395.884710] R13: ffff9874ad283a60 R14: ffff9874ad283980 R15: ffff9874ad283d30\nJul 26 15:05:02 rx [11061395.892095] FS: 00007f1ef4a2e700(0000) GS:ffff987605e00000(0000) knlGS:0000000000000000\nJul 26 15:05:02 rx [11061395.900438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nJul 26 15:05:02 rx [11061395.906435] CR2: 0000000000000020 CR3: 0000003e450ba003 CR4: 0000000000760ef0\nJul 26 15:05:02 rx [11061395.913822] PKRU: 55555554\nJul 26 15:05:02 rx [11061395.916786] Call Trace:\nJul 26 15:05:02 rx [11061395.919488]\nJul 26 15:05:02 rx [11061395.921765] ? show_regs.cold+0x1a/0x1f\nJul 26 15:05:02 rx [11061395.925859] ? __die+0x90/0xd9\nJul 26 15:05:02 rx [11061395.929169] ? no_context+0x196/0x380\nJul 26 15:05:02 rx [11061395.933088] ? ip6_protocol_deliver_rcu+0x4e0/0x4e0\nJul 26 15:05:02 rx [11061395.938216] ? ip6_sublist_rcv_finish+0x3d/0x50\nJul 26 15:05:02 rx [11061395.943000] ? __bad_area_nosemaphore+0x50/0x1a0\nJul 26 15:05:02 rx [11061395.947873] ? bad_area_nosemaphore+0x16/0x20\nJul 26 15:05:02 rx [11061395.952486] ? do_user_addr_fault+0x267/0x450\nJul 26 15:05:02 rx [11061395.957104] ? ipv6_list_rcv+0x112/0x140\nJul 26 15:05:02 rx [11061395.961279] ? __do_page_fault+0x58/0x90\nJul 26 15:05:02 rx [11061395.965458] ? do_page_fault+0x2c/0xe0\nJul 26 15:05:02 rx [11061395.969465] ? page_fault+0x34/0x40\nJul 26 15:05:02 rx [11061395.973217] ? tcp_rearm_rto+0xe4/0x160\nJul 26 15:05:02 rx [11061395.977313] ? tcp_rearm_rto+0xe4/0x160\nJul 26 15:05:02 rx [11061395.981408] tcp_send_loss_probe+0x10b/0x220\nJul 26 15:05:02 rx [11061395.985937] tcp_write_timer_handler+0x1b4/0x240\nJul 26 15:05:02 rx [11061395.990809] tcp_write_timer+0x9e/0xe0\nJul 26 15:05:02 rx [11061395.994814] ? tcp_write_timer_handler+0x240/0x240\nJul 26 15:05:02 rx [11061395.999866] call_timer_fn+0x32/0x130\nJul 26 15:05:02 rx [11061396.003782] __run_timers.part.0+0x180/0x280\nJul 26 15:05:02 rx [11061396.008309] ? recalibrate_cpu_khz+0x10/0x10\nJul 26 15:05:02 rx [11061396.012841] ? native_x2apic_icr_write+0x30/0x30\nJul 26 15:05:02 rx [11061396.017718] ? lapic_next_even\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:58:53.361Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ad4f0a14d6856e68f023fc4e5017cfd881a3dfbc"
},
{
"url": "https://git.kernel.org/stable/c/16e0387d87fc858e34449fdf2b14ed5837f761db"
},
{
"url": "https://git.kernel.org/stable/c/ec31cf42fc4e35bb1248ce6eb1de6de9f851ac86"
},
{
"url": "https://git.kernel.org/stable/c/5c4c03288a4aea705e36aa44119c13d7ee4dce99"
},
{
"url": "https://git.kernel.org/stable/c/96c4983eab2a5da235f7fff90beaf17b008ba029"
},
{
"url": "https://git.kernel.org/stable/c/570f7d8c9bf14f041152ba8353d4330ef7575915"
},
{
"url": "https://git.kernel.org/stable/c/81d18c152e3f82bacadf83bc0a471b2363b9cc18"
},
{
"url": "https://git.kernel.org/stable/c/09aea49fbc7e755a915c405644f347137cdb62b0"
},
{
"url": "https://git.kernel.org/stable/c/c8770db2d54437a5f49417ae7b46f7de23d14db6"
}
],
"title": "tcp: check skb is non-NULL in tcp_rto_delta_us()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47684",
"datePublished": "2024-10-21T11:53:25.787Z",
"dateReserved": "2024-09-30T16:00:12.941Z",
"dateUpdated": "2025-11-03T22:20:50.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49894 (GCVE-0-2024-49894)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 22:22
VLAI?
EPSS
Title
drm/amd/display: Fix index out of bounds in degamma hardware format translation
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix index out of bounds in degamma hardware format translation
Fixes index out of bounds issue in
`cm_helper_translate_curve_to_degamma_hw_format` function. The issue
could occur when the index 'i' exceeds the number of transfer function
points (TRANSFER_FUNC_POINTS).
The fix adds a check to ensure 'i' is within bounds before accessing the
transfer function points. If 'i' is out of bounds the function returns
false to indicate an error.
Reported by smatch:
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:594 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:595 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:596 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < b3dfa878257a7e98830b3009ca5831a01d8f85fc
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < f5f6d90087131812c1e4b9d3103f400f1624396d (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < c130a3c09e3746c1a09ce26c20d21d449d039b1d (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < c6979719012a90e5b8e3bc31725fbfdd0b9b2b79 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 2495c8e272d84685403506833a664fad932e453a (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 122e3a7a8c7bcbe3aacddd6103f67f9f36bed473 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 2f5da549535be8ccd2ab7c9abac8562ad370b181 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 07078fa5d589a7fbce8f81ea8acf7aa0021ab38e (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < b7e99058eb2e86aabd7a10761e76cae33d22b49f (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:43:53.969023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:48.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:58.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b3dfa878257a7e98830b3009ca5831a01d8f85fc",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "f5f6d90087131812c1e4b9d3103f400f1624396d",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "c130a3c09e3746c1a09ce26c20d21d449d039b1d",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "c6979719012a90e5b8e3bc31725fbfdd0b9b2b79",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "2495c8e272d84685403506833a664fad932e453a",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "122e3a7a8c7bcbe3aacddd6103f67f9f36bed473",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "2f5da549535be8ccd2ab7c9abac8562ad370b181",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "07078fa5d589a7fbce8f81ea8acf7aa0021ab38e",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "b7e99058eb2e86aabd7a10761e76cae33d22b49f",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in degamma hardware format translation\n\nFixes index out of bounds issue in\n`cm_helper_translate_curve_to_degamma_hw_format` function. The issue\ncould occur when the index \u0027i\u0027 exceeds the number of transfer function\npoints (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\ntransfer function points. If \u0027i\u0027 is out of bounds the function returns\nfalse to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:594 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:595 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:596 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max"
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:20:55.732Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b3dfa878257a7e98830b3009ca5831a01d8f85fc"
},
{
"url": "https://git.kernel.org/stable/c/f5f6d90087131812c1e4b9d3103f400f1624396d"
},
{
"url": "https://git.kernel.org/stable/c/c130a3c09e3746c1a09ce26c20d21d449d039b1d"
},
{
"url": "https://git.kernel.org/stable/c/c6979719012a90e5b8e3bc31725fbfdd0b9b2b79"
},
{
"url": "https://git.kernel.org/stable/c/2495c8e272d84685403506833a664fad932e453a"
},
{
"url": "https://git.kernel.org/stable/c/122e3a7a8c7bcbe3aacddd6103f67f9f36bed473"
},
{
"url": "https://git.kernel.org/stable/c/2f5da549535be8ccd2ab7c9abac8562ad370b181"
},
{
"url": "https://git.kernel.org/stable/c/07078fa5d589a7fbce8f81ea8acf7aa0021ab38e"
},
{
"url": "https://git.kernel.org/stable/c/b7e99058eb2e86aabd7a10761e76cae33d22b49f"
}
],
"title": "drm/amd/display: Fix index out of bounds in degamma hardware format translation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49894",
"datePublished": "2024-10-21T18:01:28.360Z",
"dateReserved": "2024-10-21T12:17:06.025Z",
"dateUpdated": "2025-11-03T22:22:58.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48966 (GCVE-0-2022-48966)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
net: mvneta: Prevent out of bounds read in mvneta_config_rss()
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: mvneta: Prevent out of bounds read in mvneta_config_rss()
The pp->indir[0] value comes from the user. It is passed to:
if (cpu_online(pp->rxq_def))
inside the mvneta_percpu_elect() function. It needs bounds checkeding
to ensure that it is not beyond the end of the cpu bitmap.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
cad5d847a093077b499a8b0bbfe6804b9226c03e , < 3ceffb8f410b93553fb16fe7e84aa0d35b3ba79b
(git)
Affected: cad5d847a093077b499a8b0bbfe6804b9226c03e , < 47a1a2f6cd5ec3a4f8a2d9bfa1e0605347cdb92c (git) Affected: cad5d847a093077b499a8b0bbfe6804b9226c03e , < 5a142486a0db6b0b85031f22d69acd0cdcf8f72b (git) Affected: cad5d847a093077b499a8b0bbfe6804b9226c03e , < eec1fc21edc2bb99c9e66cf66f0b5d4d643fbb50 (git) Affected: cad5d847a093077b499a8b0bbfe6804b9226c03e , < 146ebee8fcdb349d7ec0e49915e6cdafb92544ae (git) Affected: cad5d847a093077b499a8b0bbfe6804b9226c03e , < a6b30598fec84f8809f5417cde73071ca43e8471 (git) Affected: cad5d847a093077b499a8b0bbfe6804b9226c03e , < 6ca0a506dddc3e1d636935eef339576b263bf3d8 (git) Affected: cad5d847a093077b499a8b0bbfe6804b9226c03e , < e8b4fc13900b8e8be48debffd0dfd391772501f7 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:19:44.933611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:38.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/mvneta.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3ceffb8f410b93553fb16fe7e84aa0d35b3ba79b",
"status": "affected",
"version": "cad5d847a093077b499a8b0bbfe6804b9226c03e",
"versionType": "git"
},
{
"lessThan": "47a1a2f6cd5ec3a4f8a2d9bfa1e0605347cdb92c",
"status": "affected",
"version": "cad5d847a093077b499a8b0bbfe6804b9226c03e",
"versionType": "git"
},
{
"lessThan": "5a142486a0db6b0b85031f22d69acd0cdcf8f72b",
"status": "affected",
"version": "cad5d847a093077b499a8b0bbfe6804b9226c03e",
"versionType": "git"
},
{
"lessThan": "eec1fc21edc2bb99c9e66cf66f0b5d4d643fbb50",
"status": "affected",
"version": "cad5d847a093077b499a8b0bbfe6804b9226c03e",
"versionType": "git"
},
{
"lessThan": "146ebee8fcdb349d7ec0e49915e6cdafb92544ae",
"status": "affected",
"version": "cad5d847a093077b499a8b0bbfe6804b9226c03e",
"versionType": "git"
},
{
"lessThan": "a6b30598fec84f8809f5417cde73071ca43e8471",
"status": "affected",
"version": "cad5d847a093077b499a8b0bbfe6804b9226c03e",
"versionType": "git"
},
{
"lessThan": "6ca0a506dddc3e1d636935eef339576b263bf3d8",
"status": "affected",
"version": "cad5d847a093077b499a8b0bbfe6804b9226c03e",
"versionType": "git"
},
{
"lessThan": "e8b4fc13900b8e8be48debffd0dfd391772501f7",
"status": "affected",
"version": "cad5d847a093077b499a8b0bbfe6804b9226c03e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/mvneta.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.5"
},
{
"lessThan": "4.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.336",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.336",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.302",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.269",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvneta: Prevent out of bounds read in mvneta_config_rss()\n\nThe pp-\u003eindir[0] value comes from the user. It is passed to:\n\n\tif (cpu_online(pp-\u003erxq_def))\n\ninside the mvneta_percpu_elect() function. It needs bounds checkeding\nto ensure that it is not beyond the end of the cpu bitmap."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:05.157Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3ceffb8f410b93553fb16fe7e84aa0d35b3ba79b"
},
{
"url": "https://git.kernel.org/stable/c/47a1a2f6cd5ec3a4f8a2d9bfa1e0605347cdb92c"
},
{
"url": "https://git.kernel.org/stable/c/5a142486a0db6b0b85031f22d69acd0cdcf8f72b"
},
{
"url": "https://git.kernel.org/stable/c/eec1fc21edc2bb99c9e66cf66f0b5d4d643fbb50"
},
{
"url": "https://git.kernel.org/stable/c/146ebee8fcdb349d7ec0e49915e6cdafb92544ae"
},
{
"url": "https://git.kernel.org/stable/c/a6b30598fec84f8809f5417cde73071ca43e8471"
},
{
"url": "https://git.kernel.org/stable/c/6ca0a506dddc3e1d636935eef339576b263bf3d8"
},
{
"url": "https://git.kernel.org/stable/c/e8b4fc13900b8e8be48debffd0dfd391772501f7"
}
],
"title": "net: mvneta: Prevent out of bounds read in mvneta_config_rss()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48966",
"datePublished": "2024-10-21T20:05:49.126Z",
"dateReserved": "2024-08-22T01:27:53.628Z",
"dateUpdated": "2025-05-04T08:27:05.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47674 (GCVE-0-2024-47674)
Vulnerability from cvelistv5 – Published: 2024-10-15 10:48 – Updated: 2026-01-05 10:54
VLAI?
EPSS
Title
mm: avoid leaving partial pfn mappings around in error case
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm: avoid leaving partial pfn mappings around in error case
As Jann points out, PFN mappings are special, because unlike normal
memory mappings, there is no lifetime information associated with the
mapping - it is just a raw mapping of PFNs with no reference counting of
a 'struct page'.
That's all very much intentional, but it does mean that it's easy to
mess up the cleanup in case of errors. Yes, a failed mmap() will always
eventually clean up any partial mappings, but without any explicit
lifetime in the page table mapping itself, it's very easy to do the
error handling in the wrong order.
In particular, it's easy to mistakenly free the physical backing store
before the page tables are actually cleaned up and (temporarily) have
stale dangling PTE entries.
To make this situation less error-prone, just make sure that any partial
pfn mapping is torn down early, before any other error handling.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
b97a50adb37e98b940a30c4656565ff609aa8f94 , < 3213fdcab961026203dd587a4533600c70b3336b
(git)
Affected: 69d4e1ce9087c8767f2fe9b9426fa2755c8e9072 , < 35770ca6180caa24a2b258c99a87bd437a1ee10f (git) Affected: 74ffa5a3e68504dd289135b1cf0422c19ffb3f2e , < 5b2c8b34f6d76bfbd1dd4936eb8a0fbfb9af3959 (git) Affected: 74ffa5a3e68504dd289135b1cf0422c19ffb3f2e , < 65d0db500d7c07f0f76fc24a4d837791c4862cd2 (git) Affected: 74ffa5a3e68504dd289135b1cf0422c19ffb3f2e , < a95a24fcaee1b892e47d5e6dcc403f713874ee80 (git) Affected: 74ffa5a3e68504dd289135b1cf0422c19ffb3f2e , < 954fd4c81f22c4b6ba65379a81fd252971bf4ef3 (git) Affected: 74ffa5a3e68504dd289135b1cf0422c19ffb3f2e , < 79a61cc3fc0466ad2b7b89618a6157785f0293b3 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T12:44:14.464782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T12:44:33.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:20:42.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/memory.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3213fdcab961026203dd587a4533600c70b3336b",
"status": "affected",
"version": "b97a50adb37e98b940a30c4656565ff609aa8f94",
"versionType": "git"
},
{
"lessThan": "35770ca6180caa24a2b258c99a87bd437a1ee10f",
"status": "affected",
"version": "69d4e1ce9087c8767f2fe9b9426fa2755c8e9072",
"versionType": "git"
},
{
"lessThan": "5b2c8b34f6d76bfbd1dd4936eb8a0fbfb9af3959",
"status": "affected",
"version": "74ffa5a3e68504dd289135b1cf0422c19ffb3f2e",
"versionType": "git"
},
{
"lessThan": "65d0db500d7c07f0f76fc24a4d837791c4862cd2",
"status": "affected",
"version": "74ffa5a3e68504dd289135b1cf0422c19ffb3f2e",
"versionType": "git"
},
{
"lessThan": "a95a24fcaee1b892e47d5e6dcc403f713874ee80",
"status": "affected",
"version": "74ffa5a3e68504dd289135b1cf0422c19ffb3f2e",
"versionType": "git"
},
{
"lessThan": "954fd4c81f22c4b6ba65379a81fd252971bf4ef3",
"status": "affected",
"version": "74ffa5a3e68504dd289135b1cf0422c19ffb3f2e",
"versionType": "git"
},
{
"lessThan": "79a61cc3fc0466ad2b7b89618a6157785f0293b3",
"status": "affected",
"version": "74ffa5a3e68504dd289135b1cf0422c19ffb3f2e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/memory.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.52",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.111",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.52",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.11",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid leaving partial pfn mappings around in error case\n\nAs Jann points out, PFN mappings are special, because unlike normal\nmemory mappings, there is no lifetime information associated with the\nmapping - it is just a raw mapping of PFNs with no reference counting of\na \u0027struct page\u0027.\n\nThat\u0027s all very much intentional, but it does mean that it\u0027s easy to\nmess up the cleanup in case of errors. Yes, a failed mmap() will always\neventually clean up any partial mappings, but without any explicit\nlifetime in the page table mapping itself, it\u0027s very easy to do the\nerror handling in the wrong order.\n\nIn particular, it\u0027s easy to mistakenly free the physical backing store\nbefore the page tables are actually cleaned up and (temporarily) have\nstale dangling PTE entries.\n\nTo make this situation less error-prone, just make sure that any partial\npfn mapping is torn down early, before any other error handling."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:54:01.506Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3213fdcab961026203dd587a4533600c70b3336b"
},
{
"url": "https://git.kernel.org/stable/c/35770ca6180caa24a2b258c99a87bd437a1ee10f"
},
{
"url": "https://git.kernel.org/stable/c/5b2c8b34f6d76bfbd1dd4936eb8a0fbfb9af3959"
},
{
"url": "https://git.kernel.org/stable/c/65d0db500d7c07f0f76fc24a4d837791c4862cd2"
},
{
"url": "https://git.kernel.org/stable/c/a95a24fcaee1b892e47d5e6dcc403f713874ee80"
},
{
"url": "https://git.kernel.org/stable/c/954fd4c81f22c4b6ba65379a81fd252971bf4ef3"
},
{
"url": "https://git.kernel.org/stable/c/79a61cc3fc0466ad2b7b89618a6157785f0293b3"
},
{
"url": "https://project-zero.issues.chromium.org/issues/366053091"
}
],
"title": "mm: avoid leaving partial pfn mappings around in error case",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47674",
"datePublished": "2024-10-15T10:48:33.481Z",
"dateReserved": "2024-09-30T16:00:12.937Z",
"dateUpdated": "2026-01-05T10:54:01.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47714 (GCVE-0-2024-47714)
Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-05-04 09:38
VLAI?
EPSS
Title
wifi: mt76: mt7996: use hweight16 to get correct tx antenna
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7996: use hweight16 to get correct tx antenna
The chainmask is u16 so using hweight8 cannot get correct tx_ant.
Without this patch, the tx_ant of band 2 would be -1 and lead to the
following issue:
BUG: KASAN: stack-out-of-bounds in mt7996_mcu_add_sta+0x12e0/0x16e0 [mt7996e]
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
98686cd21624c75a043e96812beadddf4f6f48e5 , < 50d87e3b70980abc090676b6b4703fcbd96221f9
(git)
Affected: 98686cd21624c75a043e96812beadddf4f6f48e5 , < 8f51fc8a9e2fd96363d8ec3f4ee4b78dd64754e3 (git) Affected: 98686cd21624c75a043e96812beadddf4f6f48e5 , < 33954930870c18ec549e4bca0eeff43e252cb740 (git) Affected: 98686cd21624c75a043e96812beadddf4f6f48e5 , < f98c3de92bb05dac4a4969df8a4595ed380b4604 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:02:52.416293Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:18.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/mediatek/mt76/mt7996/mcu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "50d87e3b70980abc090676b6b4703fcbd96221f9",
"status": "affected",
"version": "98686cd21624c75a043e96812beadddf4f6f48e5",
"versionType": "git"
},
{
"lessThan": "8f51fc8a9e2fd96363d8ec3f4ee4b78dd64754e3",
"status": "affected",
"version": "98686cd21624c75a043e96812beadddf4f6f48e5",
"versionType": "git"
},
{
"lessThan": "33954930870c18ec549e4bca0eeff43e252cb740",
"status": "affected",
"version": "98686cd21624c75a043e96812beadddf4f6f48e5",
"versionType": "git"
},
{
"lessThan": "f98c3de92bb05dac4a4969df8a4595ed380b4604",
"status": "affected",
"version": "98686cd21624c75a043e96812beadddf4f6f48e5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/mediatek/mt76/mt7996/mcu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: use hweight16 to get correct tx antenna\n\nThe chainmask is u16 so using hweight8 cannot get correct tx_ant.\nWithout this patch, the tx_ant of band 2 would be -1 and lead to the\nfollowing issue:\nBUG: KASAN: stack-out-of-bounds in mt7996_mcu_add_sta+0x12e0/0x16e0 [mt7996e]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:38:07.410Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/50d87e3b70980abc090676b6b4703fcbd96221f9"
},
{
"url": "https://git.kernel.org/stable/c/8f51fc8a9e2fd96363d8ec3f4ee4b78dd64754e3"
},
{
"url": "https://git.kernel.org/stable/c/33954930870c18ec549e4bca0eeff43e252cb740"
},
{
"url": "https://git.kernel.org/stable/c/f98c3de92bb05dac4a4969df8a4595ed380b4604"
}
],
"title": "wifi: mt76: mt7996: use hweight16 to get correct tx antenna",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47714",
"datePublished": "2024-10-21T11:53:46.090Z",
"dateReserved": "2024-09-30T16:00:12.948Z",
"dateUpdated": "2025-05-04T09:38:07.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46803 (GCVE-0-2024-46803)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-05-21 09:13
VLAI?
EPSS
Title
drm/amdkfd: Check debug trap enable before write dbg_ev_file
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Check debug trap enable before write dbg_ev_file
In interrupt context, write dbg_ev_file will be run by work queue. It
will cause write dbg_ev_file execution after debug_trap_disable, which
will cause NULL pointer access.
v2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
0ab2d7532b05a3e7c06fd3b0c8bd6b46c1dfb508 , < e6ea3b8fe398915338147fe54dd2db8155fdafd8
(git)
Affected: 0ab2d7532b05a3e7c06fd3b0c8bd6b46c1dfb508 , < 820dcbd38a77bd5fdc4236d521c1c122841227d0 (git) Affected: 0ab2d7532b05a3e7c06fd3b0c8bd6b46c1dfb508 , < 547033b593063eb85bfdf9b25a5f1b8fd1911be2 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:20:52.974033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:21:05.556Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdkfd/kfd_debug.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e6ea3b8fe398915338147fe54dd2db8155fdafd8",
"status": "affected",
"version": "0ab2d7532b05a3e7c06fd3b0c8bd6b46c1dfb508",
"versionType": "git"
},
{
"lessThan": "820dcbd38a77bd5fdc4236d521c1c122841227d0",
"status": "affected",
"version": "0ab2d7532b05a3e7c06fd3b0c8bd6b46c1dfb508",
"versionType": "git"
},
{
"lessThan": "547033b593063eb85bfdf9b25a5f1b8fd1911be2",
"status": "affected",
"version": "0ab2d7532b05a3e7c06fd3b0c8bd6b46c1dfb508",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdkfd/kfd_debug.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.50",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.50",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Check debug trap enable before write dbg_ev_file\n\nIn interrupt context, write dbg_ev_file will be run by work queue. It\nwill cause write dbg_ev_file execution after debug_trap_disable, which\nwill cause NULL pointer access.\nv2: cancel work \"debug_event_workarea\" before set dbg_ev_file as NULL."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:13.986Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e6ea3b8fe398915338147fe54dd2db8155fdafd8"
},
{
"url": "https://git.kernel.org/stable/c/820dcbd38a77bd5fdc4236d521c1c122841227d0"
},
{
"url": "https://git.kernel.org/stable/c/547033b593063eb85bfdf9b25a5f1b8fd1911be2"
}
],
"title": "drm/amdkfd: Check debug trap enable before write dbg_ev_file",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46803",
"datePublished": "2024-09-27T12:35:49.185Z",
"dateReserved": "2024-09-11T15:12:18.281Z",
"dateUpdated": "2025-05-21T09:13:13.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47732 (GCVE-0-2024-47732)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2025-05-04 09:38
VLAI?
EPSS
Title
crypto: iaa - Fix potential use after free bug
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: iaa - Fix potential use after free bug
The free_device_compression_mode(iaa_device, device_mode) function frees
"device_mode" but it iss passed to iaa_compression_modes[i]->free() a few
lines later resulting in a use after free.
The good news is that, so far as I can tell, nothing implements the
->free() function and the use after free happens in dead code. But, with
this fix, when something does implement it, we'll be ready. :)
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
b190447e0fa3ef7355480d641d078962e03768b4 , < b5d534b473e2c8d3e4560be2dd6c12a8eb9d61e9
(git)
Affected: b190447e0fa3ef7355480d641d078962e03768b4 , < c66f0be993ba52410edab06124c54ecf143b05c1 (git) Affected: b190447e0fa3ef7355480d641d078962e03768b4 , < e0d3b845a1b10b7b5abdad7ecc69d45b2aab3209 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47732",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:00:23.321924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:15.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/intel/iaa/iaa_crypto_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b5d534b473e2c8d3e4560be2dd6c12a8eb9d61e9",
"status": "affected",
"version": "b190447e0fa3ef7355480d641d078962e03768b4",
"versionType": "git"
},
{
"lessThan": "c66f0be993ba52410edab06124c54ecf143b05c1",
"status": "affected",
"version": "b190447e0fa3ef7355480d641d078962e03768b4",
"versionType": "git"
},
{
"lessThan": "e0d3b845a1b10b7b5abdad7ecc69d45b2aab3209",
"status": "affected",
"version": "b190447e0fa3ef7355480d641d078962e03768b4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/intel/iaa/iaa_crypto_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix potential use after free bug\n\nThe free_device_compression_mode(iaa_device, device_mode) function frees\n\"device_mode\" but it iss passed to iaa_compression_modes[i]-\u003efree() a few\nlines later resulting in a use after free.\n\nThe good news is that, so far as I can tell, nothing implements the\n-\u003efree() function and the use after free happens in dead code. But, with\nthis fix, when something does implement it, we\u0027ll be ready. :)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:38:29.225Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b5d534b473e2c8d3e4560be2dd6c12a8eb9d61e9"
},
{
"url": "https://git.kernel.org/stable/c/c66f0be993ba52410edab06124c54ecf143b05c1"
},
{
"url": "https://git.kernel.org/stable/c/e0d3b845a1b10b7b5abdad7ecc69d45b2aab3209"
}
],
"title": "crypto: iaa - Fix potential use after free bug",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47732",
"datePublished": "2024-10-21T12:14:03.863Z",
"dateReserved": "2024-09-30T16:00:12.958Z",
"dateUpdated": "2025-05-04T09:38:29.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48985 (GCVE-0-2022-48985)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
net: mana: Fix race on per-CQ variable napi work_done
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Fix race on per-CQ variable napi work_done
After calling napi_complete_done(), the NAPIF_STATE_SCHED bit may be
cleared, and another CPU can start napi thread and access per-CQ variable,
cq->work_done. If the other thread (for example, from busy_poll) sets
it to a value >= budget, this thread will continue to run when it should
stop, and cause memory corruption and panic.
To fix this issue, save the per-CQ work_done variable in a local variable
before napi_complete_done(), so it won't be corrupted by a possible
concurrent thread after napi_complete_done().
Also, add a flag bit to advertise to the NIC firmware: the NAPI work_done
variable race is fixed, so the driver is able to reliably support features
like busy_poll.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
e1b5683ff62e7b328317aec08869495992053e9d , < fe50a9bbeb1f042e756c5cfa7708112c944368de
(git)
Affected: e1b5683ff62e7b328317aec08869495992053e9d , < 6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3 (git) Affected: e1b5683ff62e7b328317aec08869495992053e9d , < 18010ff776fa42340efc428b3ea6d19b3e7c7b21 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48985",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:17:20.394145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:43.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/microsoft/mana/gdma.h",
"drivers/net/ethernet/microsoft/mana/mana_en.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fe50a9bbeb1f042e756c5cfa7708112c944368de",
"status": "affected",
"version": "e1b5683ff62e7b328317aec08869495992053e9d",
"versionType": "git"
},
{
"lessThan": "6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3",
"status": "affected",
"version": "e1b5683ff62e7b328317aec08869495992053e9d",
"versionType": "git"
},
{
"lessThan": "18010ff776fa42340efc428b3ea6d19b3e7c7b21",
"status": "affected",
"version": "e1b5683ff62e7b328317aec08869495992053e9d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/microsoft/mana/gdma.h",
"drivers/net/ethernet/microsoft/mana/mana_en.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix race on per-CQ variable napi work_done\n\nAfter calling napi_complete_done(), the NAPIF_STATE_SCHED bit may be\ncleared, and another CPU can start napi thread and access per-CQ variable,\ncq-\u003ework_done. If the other thread (for example, from busy_poll) sets\nit to a value \u003e= budget, this thread will continue to run when it should\nstop, and cause memory corruption and panic.\n\nTo fix this issue, save the per-CQ work_done variable in a local variable\nbefore napi_complete_done(), so it won\u0027t be corrupted by a possible\nconcurrent thread after napi_complete_done().\n\nAlso, add a flag bit to advertise to the NIC firmware: the NAPI work_done\nvariable race is fixed, so the driver is able to reliably support features\nlike busy_poll."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:31.814Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fe50a9bbeb1f042e756c5cfa7708112c944368de"
},
{
"url": "https://git.kernel.org/stable/c/6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3"
},
{
"url": "https://git.kernel.org/stable/c/18010ff776fa42340efc428b3ea6d19b3e7c7b21"
}
],
"title": "net: mana: Fix race on per-CQ variable napi work_done",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48985",
"datePublished": "2024-10-21T20:06:01.802Z",
"dateReserved": "2024-08-22T01:27:53.633Z",
"dateUpdated": "2025-05-04T08:27:31.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47660 (GCVE-0-2024-47660)
Vulnerability from cvelistv5 – Published: 2024-10-09 14:02 – Updated: 2026-01-05 10:53
VLAI?
EPSS
Title
fsnotify: clear PARENT_WATCHED flags lazily
Summary
In the Linux kernel, the following vulnerability has been resolved:
fsnotify: clear PARENT_WATCHED flags lazily
In some setups directories can have many (usually negative) dentries.
Hence __fsnotify_update_child_dentry_flags() function can take a
significant amount of time. Since the bulk of this function happens
under inode->i_lock this causes a significant contention on the lock
when we remove the watch from the directory as the
__fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask()
races with __fsnotify_update_child_dentry_flags() calls from
__fsnotify_parent() happening on children. This can lead upto softlockup
reports reported by users.
Fix the problem by calling fsnotify_update_children_dentry_flags() to
set PARENT_WATCHED flags only when parent starts watching children.
When parent stops watching children, clear false positive PARENT_WATCHED
flags lazily in __fsnotify_parent() for each accessed child.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
873feea09ebc980cbd3631b767356ce1eee65ec1 , < 3f3ef1d9f66b93913ce2171120d9226b55acd41d
(git)
Affected: 873feea09ebc980cbd3631b767356ce1eee65ec1 , < f9a48bc3dd9099935751458a5bbbea4b7c28abc8 (git) Affected: 873feea09ebc980cbd3631b767356ce1eee65ec1 , < d8c42405fc3507cc43ba7e4986a773c3fc633f6e (git) Affected: 873feea09ebc980cbd3631b767356ce1eee65ec1 , < fc1b1e135c3f72382f792e6c319fc088d5523ad5 (git) Affected: 873feea09ebc980cbd3631b767356ce1eee65ec1 , < 7ef1d2e240c32b1f337a37232d037b07e3919e1a (git) Affected: 873feea09ebc980cbd3631b767356ce1eee65ec1 , < 172e422ffea20a89bfdc672741c1aad6fbb5044e (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T13:23:14.677657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T13:23:29.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:20:24.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/notify/fsnotify.c",
"fs/notify/fsnotify.h",
"fs/notify/mark.c",
"include/linux/fsnotify_backend.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3f3ef1d9f66b93913ce2171120d9226b55acd41d",
"status": "affected",
"version": "873feea09ebc980cbd3631b767356ce1eee65ec1",
"versionType": "git"
},
{
"lessThan": "f9a48bc3dd9099935751458a5bbbea4b7c28abc8",
"status": "affected",
"version": "873feea09ebc980cbd3631b767356ce1eee65ec1",
"versionType": "git"
},
{
"lessThan": "d8c42405fc3507cc43ba7e4986a773c3fc633f6e",
"status": "affected",
"version": "873feea09ebc980cbd3631b767356ce1eee65ec1",
"versionType": "git"
},
{
"lessThan": "fc1b1e135c3f72382f792e6c319fc088d5523ad5",
"status": "affected",
"version": "873feea09ebc980cbd3631b767356ce1eee65ec1",
"versionType": "git"
},
{
"lessThan": "7ef1d2e240c32b1f337a37232d037b07e3919e1a",
"status": "affected",
"version": "873feea09ebc980cbd3631b767356ce1eee65ec1",
"versionType": "git"
},
{
"lessThan": "172e422ffea20a89bfdc672741c1aad6fbb5044e",
"status": "affected",
"version": "873feea09ebc980cbd3631b767356ce1eee65ec1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/notify/fsnotify.c",
"fs/notify/fsnotify.h",
"fs/notify/mark.c",
"include/linux/fsnotify_backend.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.38"
},
{
"lessThan": "2.6.38",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.50",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.109",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.50",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfsnotify: clear PARENT_WATCHED flags lazily\n\nIn some setups directories can have many (usually negative) dentries.\nHence __fsnotify_update_child_dentry_flags() function can take a\nsignificant amount of time. Since the bulk of this function happens\nunder inode-\u003ei_lock this causes a significant contention on the lock\nwhen we remove the watch from the directory as the\n__fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask()\nraces with __fsnotify_update_child_dentry_flags() calls from\n__fsnotify_parent() happening on children. This can lead upto softlockup\nreports reported by users.\n\nFix the problem by calling fsnotify_update_children_dentry_flags() to\nset PARENT_WATCHED flags only when parent starts watching children.\n\nWhen parent stops watching children, clear false positive PARENT_WATCHED\nflags lazily in __fsnotify_parent() for each accessed child."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:53:47.652Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3f3ef1d9f66b93913ce2171120d9226b55acd41d"
},
{
"url": "https://git.kernel.org/stable/c/f9a48bc3dd9099935751458a5bbbea4b7c28abc8"
},
{
"url": "https://git.kernel.org/stable/c/d8c42405fc3507cc43ba7e4986a773c3fc633f6e"
},
{
"url": "https://git.kernel.org/stable/c/fc1b1e135c3f72382f792e6c319fc088d5523ad5"
},
{
"url": "https://git.kernel.org/stable/c/7ef1d2e240c32b1f337a37232d037b07e3919e1a"
},
{
"url": "https://git.kernel.org/stable/c/172e422ffea20a89bfdc672741c1aad6fbb5044e"
}
],
"title": "fsnotify: clear PARENT_WATCHED flags lazily",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47660",
"datePublished": "2024-10-09T14:02:54.884Z",
"dateReserved": "2024-09-30T16:00:12.935Z",
"dateUpdated": "2026-01-05T10:53:47.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46766 (GCVE-0-2024-46766)
Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2025-05-04 09:33
VLAI?
EPSS
Title
ice: move netif_queue_set_napi to rtnl-protected sections
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: move netif_queue_set_napi to rtnl-protected sections
Currently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is
not rtnl-locked when called from the reset. This creates the need to take
the rtnl_lock just for a single function and complicates the
synchronization with .ndo_bpf. At the same time, there no actual need to
fill napi-to-queue information at this exact point.
Fill napi-to-queue information when opening the VSI and clear it when the
VSI is being closed. Those routines are already rtnl-locked.
Also, rewrite napi-to-queue assignment in a way that prevents inclusion of
XDP queues, as this leads to out-of-bounds writes, such as one below.
[ +0.000004] BUG: KASAN: slab-out-of-bounds in netif_queue_set_napi+0x1c2/0x1e0
[ +0.000012] Write of size 8 at addr ffff889881727c80 by task bash/7047
[ +0.000006] CPU: 24 PID: 7047 Comm: bash Not tainted 6.10.0-rc2+ #2
[ +0.000004] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021
[ +0.000003] Call Trace:
[ +0.000003] <TASK>
[ +0.000002] dump_stack_lvl+0x60/0x80
[ +0.000007] print_report+0xce/0x630
[ +0.000007] ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ +0.000007] ? __virt_addr_valid+0x1c9/0x2c0
[ +0.000005] ? netif_queue_set_napi+0x1c2/0x1e0
[ +0.000003] kasan_report+0xe9/0x120
[ +0.000004] ? netif_queue_set_napi+0x1c2/0x1e0
[ +0.000004] netif_queue_set_napi+0x1c2/0x1e0
[ +0.000005] ice_vsi_close+0x161/0x670 [ice]
[ +0.000114] ice_dis_vsi+0x22f/0x270 [ice]
[ +0.000095] ice_pf_dis_all_vsi.constprop.0+0xae/0x1c0 [ice]
[ +0.000086] ice_prepare_for_reset+0x299/0x750 [ice]
[ +0.000087] pci_dev_save_and_disable+0x82/0xd0
[ +0.000006] pci_reset_function+0x12d/0x230
[ +0.000004] reset_store+0xa0/0x100
[ +0.000006] ? __pfx_reset_store+0x10/0x10
[ +0.000002] ? __pfx_mutex_lock+0x10/0x10
[ +0.000004] ? __check_object_size+0x4c1/0x640
[ +0.000007] kernfs_fop_write_iter+0x30b/0x4a0
[ +0.000006] vfs_write+0x5d6/0xdf0
[ +0.000005] ? fd_install+0x180/0x350
[ +0.000005] ? __pfx_vfs_write+0x10/0xA10
[ +0.000004] ? do_fcntl+0x52c/0xcd0
[ +0.000004] ? kasan_save_track+0x13/0x60
[ +0.000003] ? kasan_save_free_info+0x37/0x60
[ +0.000006] ksys_write+0xfa/0x1d0
[ +0.000003] ? __pfx_ksys_write+0x10/0x10
[ +0.000002] ? __x64_sys_fcntl+0x121/0x180
[ +0.000004] ? _raw_spin_lock+0x87/0xe0
[ +0.000005] do_syscall_64+0x80/0x170
[ +0.000007] ? _raw_spin_lock+0x87/0xe0
[ +0.000004] ? __pfx__raw_spin_lock+0x10/0x10
[ +0.000003] ? file_close_fd_locked+0x167/0x230
[ +0.000005] ? syscall_exit_to_user_mode+0x7d/0x220
[ +0.000005] ? do_syscall_64+0x8c/0x170
[ +0.000004] ? do_syscall_64+0x8c/0x170
[ +0.000003] ? do_syscall_64+0x8c/0x170
[ +0.000003] ? fput+0x1a/0x2c0
[ +0.000004] ? filp_close+0x19/0x30
[ +0.000004] ? do_dup2+0x25a/0x4c0
[ +0.000004] ? __x64_sys_dup2+0x6e/0x2e0
[ +0.000002] ? syscall_exit_to_user_mode+0x7d/0x220
[ +0.000004] ? do_syscall_64+0x8c/0x170
[ +0.000003] ? __count_memcg_events+0x113/0x380
[ +0.000005] ? handle_mm_fault+0x136/0x820
[ +0.000005] ? do_user_addr_fault+0x444/0xa80
[ +0.000004] ? clear_bhb_loop+0x25/0x80
[ +0.000004] ? clear_bhb_loop+0x25/0x80
[ +0.000002] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ +0.000005] RIP: 0033:0x7f2033593154
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:42:30.909081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:42:45.913Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_base.c",
"drivers/net/ethernet/intel/ice/ice_lib.c",
"drivers/net/ethernet/intel/ice/ice_lib.h",
"drivers/net/ethernet/intel/ice/ice_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2285c2faef19ee08a6bd6754f4c3ec07dceb2889",
"status": "affected",
"version": "91fdbce7e8d69be255b45bfeb52092629a50e267",
"versionType": "git"
},
{
"lessThan": "2a5dc090b92cfa5270e20056074241c6db5c9cdd",
"status": "affected",
"version": "91fdbce7e8d69be255b45bfeb52092629a50e267",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_base.c",
"drivers/net/ethernet/intel/ice/ice_lib.c",
"drivers/net/ethernet/intel/ice/ice_lib.h",
"drivers/net/ethernet/intel/ice/ice_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: move netif_queue_set_napi to rtnl-protected sections\n\nCurrently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is\nnot rtnl-locked when called from the reset. This creates the need to take\nthe rtnl_lock just for a single function and complicates the\nsynchronization with .ndo_bpf. At the same time, there no actual need to\nfill napi-to-queue information at this exact point.\n\nFill napi-to-queue information when opening the VSI and clear it when the\nVSI is being closed. Those routines are already rtnl-locked.\n\nAlso, rewrite napi-to-queue assignment in a way that prevents inclusion of\nXDP queues, as this leads to out-of-bounds writes, such as one below.\n\n[ +0.000004] BUG: KASAN: slab-out-of-bounds in netif_queue_set_napi+0x1c2/0x1e0\n[ +0.000012] Write of size 8 at addr ffff889881727c80 by task bash/7047\n[ +0.000006] CPU: 24 PID: 7047 Comm: bash Not tainted 6.10.0-rc2+ #2\n[ +0.000004] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000003] Call Trace:\n[ +0.000003] \u003cTASK\u003e\n[ +0.000002] dump_stack_lvl+0x60/0x80\n[ +0.000007] print_report+0xce/0x630\n[ +0.000007] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[ +0.000007] ? __virt_addr_valid+0x1c9/0x2c0\n[ +0.000005] ? netif_queue_set_napi+0x1c2/0x1e0\n[ +0.000003] kasan_report+0xe9/0x120\n[ +0.000004] ? netif_queue_set_napi+0x1c2/0x1e0\n[ +0.000004] netif_queue_set_napi+0x1c2/0x1e0\n[ +0.000005] ice_vsi_close+0x161/0x670 [ice]\n[ +0.000114] ice_dis_vsi+0x22f/0x270 [ice]\n[ +0.000095] ice_pf_dis_all_vsi.constprop.0+0xae/0x1c0 [ice]\n[ +0.000086] ice_prepare_for_reset+0x299/0x750 [ice]\n[ +0.000087] pci_dev_save_and_disable+0x82/0xd0\n[ +0.000006] pci_reset_function+0x12d/0x230\n[ +0.000004] reset_store+0xa0/0x100\n[ +0.000006] ? __pfx_reset_store+0x10/0x10\n[ +0.000002] ? __pfx_mutex_lock+0x10/0x10\n[ +0.000004] ? __check_object_size+0x4c1/0x640\n[ +0.000007] kernfs_fop_write_iter+0x30b/0x4a0\n[ +0.000006] vfs_write+0x5d6/0xdf0\n[ +0.000005] ? fd_install+0x180/0x350\n[ +0.000005] ? __pfx_vfs_write+0x10/0xA10\n[ +0.000004] ? do_fcntl+0x52c/0xcd0\n[ +0.000004] ? kasan_save_track+0x13/0x60\n[ +0.000003] ? kasan_save_free_info+0x37/0x60\n[ +0.000006] ksys_write+0xfa/0x1d0\n[ +0.000003] ? __pfx_ksys_write+0x10/0x10\n[ +0.000002] ? __x64_sys_fcntl+0x121/0x180\n[ +0.000004] ? _raw_spin_lock+0x87/0xe0\n[ +0.000005] do_syscall_64+0x80/0x170\n[ +0.000007] ? _raw_spin_lock+0x87/0xe0\n[ +0.000004] ? __pfx__raw_spin_lock+0x10/0x10\n[ +0.000003] ? file_close_fd_locked+0x167/0x230\n[ +0.000005] ? syscall_exit_to_user_mode+0x7d/0x220\n[ +0.000005] ? do_syscall_64+0x8c/0x170\n[ +0.000004] ? do_syscall_64+0x8c/0x170\n[ +0.000003] ? do_syscall_64+0x8c/0x170\n[ +0.000003] ? fput+0x1a/0x2c0\n[ +0.000004] ? filp_close+0x19/0x30\n[ +0.000004] ? do_dup2+0x25a/0x4c0\n[ +0.000004] ? __x64_sys_dup2+0x6e/0x2e0\n[ +0.000002] ? syscall_exit_to_user_mode+0x7d/0x220\n[ +0.000004] ? do_syscall_64+0x8c/0x170\n[ +0.000003] ? __count_memcg_events+0x113/0x380\n[ +0.000005] ? handle_mm_fault+0x136/0x820\n[ +0.000005] ? do_user_addr_fault+0x444/0xa80\n[ +0.000004] ? clear_bhb_loop+0x25/0x80\n[ +0.000004] ? clear_bhb_loop+0x25/0x80\n[ +0.000002] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ +0.000005] RIP: 0033:0x7f2033593154"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:33:46.984Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2285c2faef19ee08a6bd6754f4c3ec07dceb2889"
},
{
"url": "https://git.kernel.org/stable/c/2a5dc090b92cfa5270e20056074241c6db5c9cdd"
}
],
"title": "ice: move netif_queue_set_napi to rtnl-protected sections",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46766",
"datePublished": "2024-09-18T07:12:25.353Z",
"dateReserved": "2024-09-11T15:12:18.273Z",
"dateUpdated": "2025-05-04T09:33:46.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46851 (GCVE-0-2024-46851)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:42 – Updated: 2025-05-04 09:35
VLAI?
EPSS
Title
drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()
dc_state_destruct() nulls the resource context of the DC state. The pipe
context passed to dcn10_set_drr() is a member of this resource context.
If dc_state_destruct() is called parallel to the IRQ processing (which
calls dcn10_set_drr() at some point), we can end up using already nulled
function callback fields of struct stream_resource.
The logic in dcn10_set_drr() already tries to avoid this, by checking tg
against NULL. But if the nulling happens exactly after the NULL check and
before the next access, then we get a race.
Avoid this by copying tg first to a local variable, and then use this
variable for all the operations. This should work, as long as nobody
frees the resource pool where the timing generators live.
(cherry picked from commit a3cc326a43bdc48fbdf53443e1027a03e309b643)
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T13:58:30.543165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T13:58:34.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b6ce047a81f508f5c60756db8dfb5ff486e4dad0",
"status": "affected",
"version": "06ad7e16425619a4a77154c2e85bededb3e04a4f",
"versionType": "git"
},
{
"lessThan": "a7aeb03888b92304e2fc7d4d1c242f54a312561b",
"status": "affected",
"version": "06ad7e16425619a4a77154c2e85bededb3e04a4f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.11",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn10_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn10_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn10_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit a3cc326a43bdc48fbdf53443e1027a03e309b643)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:35:56.411Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b6ce047a81f508f5c60756db8dfb5ff486e4dad0"
},
{
"url": "https://git.kernel.org/stable/c/a7aeb03888b92304e2fc7d4d1c242f54a312561b"
}
],
"title": "drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46851",
"datePublished": "2024-09-27T12:42:44.619Z",
"dateReserved": "2024-09-11T15:12:18.290Z",
"dateUpdated": "2025-05-04T09:35:56.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49913 (GCVE-0-2024-49913)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream
This commit addresses a null pointer dereference issue in the
`commit_planes_for_stream` function at line 4140. The issue could occur
when `top_pipe_to_program` is null.
The fix adds a check to ensure `top_pipe_to_program` is not null before
accessing its stream_res. This prevents a null pointer dereference.
Reported by smatch:
drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:4140 commit_planes_for_stream() error: we previously assumed 'top_pipe_to_program' could be null (see line 3906)
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 1ebfa6663807c144be8c8b6727375012409d2356
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 8ab59527852a6f7780aad6185729550ca0569122 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 40193ff73630adf76bc0d82398f7d90fb576dba4 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < e47e563c6f0db7d792a559301862c19ead0dfc2f (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 3929e382e4758aff42da0102a60d13337c99d3b8 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 73efd2a611b62fee71a7b7f27d9d08bb60da8a72 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 66d71a72539e173a9b00ca0b1852cbaa5f5bf1ad (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:41:22.307822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:45.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:11.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1ebfa6663807c144be8c8b6727375012409d2356",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "8ab59527852a6f7780aad6185729550ca0569122",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "40193ff73630adf76bc0d82398f7d90fb576dba4",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "e47e563c6f0db7d792a559301862c19ead0dfc2f",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "3929e382e4758aff42da0102a60d13337c99d3b8",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "73efd2a611b62fee71a7b7f27d9d08bb60da8a72",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "66d71a72539e173a9b00ca0b1852cbaa5f5bf1ad",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream\n\nThis commit addresses a null pointer dereference issue in the\n`commit_planes_for_stream` function at line 4140. The issue could occur\nwhen `top_pipe_to_program` is null.\n\nThe fix adds a check to ensure `top_pipe_to_program` is not null before\naccessing its stream_res. This prevents a null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:4140 commit_planes_for_stream() error: we previously assumed \u0027top_pipe_to_program\u0027 could be null (see line 3906)"
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:21:10.378Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1ebfa6663807c144be8c8b6727375012409d2356"
},
{
"url": "https://git.kernel.org/stable/c/8ab59527852a6f7780aad6185729550ca0569122"
},
{
"url": "https://git.kernel.org/stable/c/40193ff73630adf76bc0d82398f7d90fb576dba4"
},
{
"url": "https://git.kernel.org/stable/c/e47e563c6f0db7d792a559301862c19ead0dfc2f"
},
{
"url": "https://git.kernel.org/stable/c/3929e382e4758aff42da0102a60d13337c99d3b8"
},
{
"url": "https://git.kernel.org/stable/c/73efd2a611b62fee71a7b7f27d9d08bb60da8a72"
},
{
"url": "https://git.kernel.org/stable/c/66d71a72539e173a9b00ca0b1852cbaa5f5bf1ad"
}
],
"title": "drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49913",
"datePublished": "2024-10-21T18:01:41.551Z",
"dateReserved": "2024-10-21T12:17:06.028Z",
"dateUpdated": "2025-11-03T22:23:11.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46754 (GCVE-0-2024-46754)
Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2025-05-04 09:33
VLAI?
EPSS
Title
bpf: Remove tst_run from lwt_seg6local_prog_ops.
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Remove tst_run from lwt_seg6local_prog_ops.
The syzbot reported that the lwt_seg6 related BPF ops can be invoked
via bpf_test_run() without without entering input_action_end_bpf()
first.
Martin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL
probably didn't work since it was introduced in commit 04d4b274e2a
("ipv6: sr: Add seg6local action End.BPF"). The reason is that the
per-CPU variable seg6_bpf_srh_states::srh is never assigned in the self
test case but each BPF function expects it.
Remove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:46:48.262114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:47:03.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9cd15511de7c619bbd0f54bb3f28e6e720ded5d6",
"status": "affected",
"version": "004d4b274e2a1a895a0e5dc66158b90a7d463d44",
"versionType": "git"
},
{
"lessThan": "c13fda93aca118b8e5cd202e339046728ee7dddb",
"status": "affected",
"version": "004d4b274e2a1a895a0e5dc66158b90a7d463d44",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Remove tst_run from lwt_seg6local_prog_ops.\n\nThe syzbot reported that the lwt_seg6 related BPF ops can be invoked\nvia bpf_test_run() without without entering input_action_end_bpf()\nfirst.\n\nMartin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL\nprobably didn\u0027t work since it was introduced in commit 04d4b274e2a\n(\"ipv6: sr: Add seg6local action End.BPF\"). The reason is that the\nper-CPU variable seg6_bpf_srh_states::srh is never assigned in the self\ntest case but each BPF function expects it.\n\nRemove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:33:28.844Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9cd15511de7c619bbd0f54bb3f28e6e720ded5d6"
},
{
"url": "https://git.kernel.org/stable/c/c13fda93aca118b8e5cd202e339046728ee7dddb"
}
],
"title": "bpf: Remove tst_run from lwt_seg6local_prog_ops.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46754",
"datePublished": "2024-09-18T07:12:13.780Z",
"dateReserved": "2024-09-11T15:12:18.270Z",
"dateUpdated": "2025-05-04T09:33:28.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49985 (GCVE-0-2024-49985)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:24
VLAI?
EPSS
Title
i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
Summary
In the Linux kernel, the following vulnerability has been resolved:
i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
In case there is any sort of clock controller attached to this I2C bus
controller, for example Versaclock or even an AIC32x4 I2C codec, then
an I2C transfer triggered from the clock controller clk_ops .prepare
callback may trigger a deadlock on drivers/clk/clk.c prepare_lock mutex.
This is because the clock controller first grabs the prepare_lock mutex
and then performs the prepare operation, including its I2C access. The
I2C access resumes this I2C bus controller via .runtime_resume callback,
which calls clk_prepare_enable(), which attempts to grab the prepare_lock
mutex again and deadlocks.
Since the clock are already prepared since probe() and unprepared in
remove(), use simple clk_enable()/clk_disable() calls to enable and
disable the clock on runtime suspend and resume, to avoid hitting the
prepare_lock mutex.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
4e7bca6fc07bf9526d797b9787dcb21e40cd10cf , < d6f1250a4d5773f447740b9fe37b8692105796d4
(git)
Affected: 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf , < 9b8bc33ad64192f54142396470cc34ce539a8940 (git) Affected: 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf , < 1883cad2cc629ded4a3556c0bbb8b42533ad8764 (git) Affected: 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf , < c2024b1a583ab9176c797ea1e5f57baf8d5e2682 (git) Affected: 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf , < 22a1f8a5b56ba93d3e8b7a1dafa24e01c8bb48ba (git) Affected: 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf , < fac3c9f7784e8184c0338e9f0877b81e55d3ef1c (git) Affected: 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf , < 894cd5f5fd9061983445bbd1fa3d81be43095344 (git) Affected: 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf , < 048bbbdbf85e5e00258dfb12f5e368f908801d7b (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49985",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:31:59.737497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:43.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:24:06.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-stm32f7.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d6f1250a4d5773f447740b9fe37b8692105796d4",
"status": "affected",
"version": "4e7bca6fc07bf9526d797b9787dcb21e40cd10cf",
"versionType": "git"
},
{
"lessThan": "9b8bc33ad64192f54142396470cc34ce539a8940",
"status": "affected",
"version": "4e7bca6fc07bf9526d797b9787dcb21e40cd10cf",
"versionType": "git"
},
{
"lessThan": "1883cad2cc629ded4a3556c0bbb8b42533ad8764",
"status": "affected",
"version": "4e7bca6fc07bf9526d797b9787dcb21e40cd10cf",
"versionType": "git"
},
{
"lessThan": "c2024b1a583ab9176c797ea1e5f57baf8d5e2682",
"status": "affected",
"version": "4e7bca6fc07bf9526d797b9787dcb21e40cd10cf",
"versionType": "git"
},
{
"lessThan": "22a1f8a5b56ba93d3e8b7a1dafa24e01c8bb48ba",
"status": "affected",
"version": "4e7bca6fc07bf9526d797b9787dcb21e40cd10cf",
"versionType": "git"
},
{
"lessThan": "fac3c9f7784e8184c0338e9f0877b81e55d3ef1c",
"status": "affected",
"version": "4e7bca6fc07bf9526d797b9787dcb21e40cd10cf",
"versionType": "git"
},
{
"lessThan": "894cd5f5fd9061983445bbd1fa3d81be43095344",
"status": "affected",
"version": "4e7bca6fc07bf9526d797b9787dcb21e40cd10cf",
"versionType": "git"
},
{
"lessThan": "048bbbdbf85e5e00258dfb12f5e368f908801d7b",
"status": "affected",
"version": "4e7bca6fc07bf9526d797b9787dcb21e40cd10cf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-stm32f7.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume\n\nIn case there is any sort of clock controller attached to this I2C bus\ncontroller, for example Versaclock or even an AIC32x4 I2C codec, then\nan I2C transfer triggered from the clock controller clk_ops .prepare\ncallback may trigger a deadlock on drivers/clk/clk.c prepare_lock mutex.\n\nThis is because the clock controller first grabs the prepare_lock mutex\nand then performs the prepare operation, including its I2C access. The\nI2C access resumes this I2C bus controller via .runtime_resume callback,\nwhich calls clk_prepare_enable(), which attempts to grab the prepare_lock\nmutex again and deadlocks.\n\nSince the clock are already prepared since probe() and unprepared in\nremove(), use simple clk_enable()/clk_disable() calls to enable and\ndisable the clock on runtime suspend and resume, to avoid hitting the\nprepare_lock mutex."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:43:03.456Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d6f1250a4d5773f447740b9fe37b8692105796d4"
},
{
"url": "https://git.kernel.org/stable/c/9b8bc33ad64192f54142396470cc34ce539a8940"
},
{
"url": "https://git.kernel.org/stable/c/1883cad2cc629ded4a3556c0bbb8b42533ad8764"
},
{
"url": "https://git.kernel.org/stable/c/c2024b1a583ab9176c797ea1e5f57baf8d5e2682"
},
{
"url": "https://git.kernel.org/stable/c/22a1f8a5b56ba93d3e8b7a1dafa24e01c8bb48ba"
},
{
"url": "https://git.kernel.org/stable/c/fac3c9f7784e8184c0338e9f0877b81e55d3ef1c"
},
{
"url": "https://git.kernel.org/stable/c/894cd5f5fd9061983445bbd1fa3d81be43095344"
},
{
"url": "https://git.kernel.org/stable/c/048bbbdbf85e5e00258dfb12f5e368f908801d7b"
}
],
"title": "i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49985",
"datePublished": "2024-10-21T18:02:29.827Z",
"dateReserved": "2024-10-21T12:17:06.054Z",
"dateUpdated": "2025-11-03T22:24:06.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47747 (GCVE-0-2024-47747)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition
In the ether3_probe function, a timer is initialized with a callback
function ether3_ledoff, bound to &prev(dev)->timer. Once the timer is
started, there is a risk of a race condition if the module or device
is removed, triggering the ether3_remove function to perform cleanup.
The sequence of operations that may lead to a UAF bug is as follows:
CPU0 CPU1
| ether3_ledoff
ether3_remove |
free_netdev(dev); |
put_devic |
kfree(dev); |
| ether3_outw(priv(dev)->regs.config2 |= CFG2_CTRLO, REG_CONFIG2);
| // use dev
Fix it by ensuring that the timer is canceled before proceeding with
the cleanup in ether3_remove.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < 25d559ed2beec9b34045886100dac46d1ad92eba
(git)
Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < b5a84b6c772564c8359a9a0fbaeb2a2944aa1ee9 (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < 338a0582b28e69460df03af50e938b86b4206353 (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < 822c7bb1f6f8b0331e8d1927151faf8db3b33afd (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < 1c57d61a43293252ad732007c7070fdb112545fd (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < d2abc379071881798d20e2ac1d332ad855ae22f3 (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < 516dbc6d16637430808c39568cbb6b841d32b55b (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < 77a77331cef0a219b8dd91361435eeef04cb741c (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < b5109b60ee4fcb2f2bb24f589575e10cc5283ad4 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47747",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:58:25.330423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:13.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:41.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/seeq/ether3.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "25d559ed2beec9b34045886100dac46d1ad92eba",
"status": "affected",
"version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
"versionType": "git"
},
{
"lessThan": "b5a84b6c772564c8359a9a0fbaeb2a2944aa1ee9",
"status": "affected",
"version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
"versionType": "git"
},
{
"lessThan": "338a0582b28e69460df03af50e938b86b4206353",
"status": "affected",
"version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
"versionType": "git"
},
{
"lessThan": "822c7bb1f6f8b0331e8d1927151faf8db3b33afd",
"status": "affected",
"version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
"versionType": "git"
},
{
"lessThan": "1c57d61a43293252ad732007c7070fdb112545fd",
"status": "affected",
"version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
"versionType": "git"
},
{
"lessThan": "d2abc379071881798d20e2ac1d332ad855ae22f3",
"status": "affected",
"version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
"versionType": "git"
},
{
"lessThan": "516dbc6d16637430808c39568cbb6b841d32b55b",
"status": "affected",
"version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
"versionType": "git"
},
{
"lessThan": "77a77331cef0a219b8dd91361435eeef04cb741c",
"status": "affected",
"version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
"versionType": "git"
},
{
"lessThan": "b5109b60ee4fcb2f2bb24f589575e10cc5283ad4",
"status": "affected",
"version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/seeq/ether3.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition\n\nIn the ether3_probe function, a timer is initialized with a callback\nfunction ether3_ledoff, bound to \u0026prev(dev)-\u003etimer. Once the timer is\nstarted, there is a risk of a race condition if the module or device\nis removed, triggering the ether3_remove function to perform cleanup.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | ether3_ledoff\nether3_remove |\n free_netdev(dev); |\n put_devic |\n kfree(dev); |\n | ether3_outw(priv(dev)-\u003eregs.config2 |= CFG2_CTRLO, REG_CONFIG2);\n | // use dev\n\nFix it by ensuring that the timer is canceled before proceeding with\nthe cleanup in ether3_remove."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:38:59.872Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/25d559ed2beec9b34045886100dac46d1ad92eba"
},
{
"url": "https://git.kernel.org/stable/c/b5a84b6c772564c8359a9a0fbaeb2a2944aa1ee9"
},
{
"url": "https://git.kernel.org/stable/c/338a0582b28e69460df03af50e938b86b4206353"
},
{
"url": "https://git.kernel.org/stable/c/822c7bb1f6f8b0331e8d1927151faf8db3b33afd"
},
{
"url": "https://git.kernel.org/stable/c/1c57d61a43293252ad732007c7070fdb112545fd"
},
{
"url": "https://git.kernel.org/stable/c/d2abc379071881798d20e2ac1d332ad855ae22f3"
},
{
"url": "https://git.kernel.org/stable/c/516dbc6d16637430808c39568cbb6b841d32b55b"
},
{
"url": "https://git.kernel.org/stable/c/77a77331cef0a219b8dd91361435eeef04cb741c"
},
{
"url": "https://git.kernel.org/stable/c/b5109b60ee4fcb2f2bb24f589575e10cc5283ad4"
}
],
"title": "net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47747",
"datePublished": "2024-10-21T12:14:13.783Z",
"dateReserved": "2024-09-30T16:00:12.960Z",
"dateUpdated": "2025-11-03T22:21:41.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46841 (GCVE-0-2024-46841)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:39 – Updated: 2026-01-05 10:53
VLAI?
EPSS
Title
btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()
We handle errors here properly, ENOMEM isn't fatal, return the error.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
2c47e605a91dde6b0514f689645e7ab336c8592a , < c1406d8329f500e4594cd9730cd313aebc3a4333
(git)
Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 6a0648f96c3ca647c71c6c1ddbc7c353bab79f64 (git) Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 44a2c518ab221c0cadcb8c45ca86f83a52dd4da6 (git) Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 135b4819f6fba87fd5a2693023133e78ac73f1d3 (git) Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 704c359b4093a2af650a20eaa030c435d7c30f91 (git) Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < a580fb2c3479d993556e1c31b237c9e5be4944a3 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T13:59:30.938920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T13:59:35.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:39:20.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/extent-tree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c1406d8329f500e4594cd9730cd313aebc3a4333",
"status": "affected",
"version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
"versionType": "git"
},
{
"lessThan": "6a0648f96c3ca647c71c6c1ddbc7c353bab79f64",
"status": "affected",
"version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
"versionType": "git"
},
{
"lessThan": "44a2c518ab221c0cadcb8c45ca86f83a52dd4da6",
"status": "affected",
"version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
"versionType": "git"
},
{
"lessThan": "135b4819f6fba87fd5a2693023133e78ac73f1d3",
"status": "affected",
"version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
"versionType": "git"
},
{
"lessThan": "704c359b4093a2af650a20eaa030c435d7c30f91",
"status": "affected",
"version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
"versionType": "git"
},
{
"lessThan": "a580fb2c3479d993556e1c31b237c9e5be4944a3",
"status": "affected",
"version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/extent-tree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.31"
},
{
"lessThan": "2.6.31",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.231",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don\u0027t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()\n\nWe handle errors here properly, ENOMEM isn\u0027t fatal, return the error."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:53:36.779Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c1406d8329f500e4594cd9730cd313aebc3a4333"
},
{
"url": "https://git.kernel.org/stable/c/6a0648f96c3ca647c71c6c1ddbc7c353bab79f64"
},
{
"url": "https://git.kernel.org/stable/c/44a2c518ab221c0cadcb8c45ca86f83a52dd4da6"
},
{
"url": "https://git.kernel.org/stable/c/135b4819f6fba87fd5a2693023133e78ac73f1d3"
},
{
"url": "https://git.kernel.org/stable/c/704c359b4093a2af650a20eaa030c435d7c30f91"
},
{
"url": "https://git.kernel.org/stable/c/a580fb2c3479d993556e1c31b237c9e5be4944a3"
}
],
"title": "btrfs: don\u0027t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46841",
"datePublished": "2024-09-27T12:39:35.633Z",
"dateReserved": "2024-09-11T15:12:18.288Z",
"dateUpdated": "2026-01-05T10:53:36.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50075 (GCVE-0-2024-50075)
Vulnerability from cvelistv5 – Published: 2024-10-29 00:50 – Updated: 2025-10-01 20:27
VLAI?
EPSS
Title
xhci: tegra: fix checked USB2 port number
Summary
In the Linux kernel, the following vulnerability has been resolved:
xhci: tegra: fix checked USB2 port number
If USB virtualizatoin is enabled, USB2 ports are shared between all
Virtual Functions. The USB2 port number owned by an USB2 root hub in
a Virtual Function may be less than total USB2 phy number supported
by the Tegra XUSB controller.
Using total USB2 phy number as port number to check all PORTSC values
would cause invalid memory access.
[ 116.923438] Unable to handle kernel paging request at virtual address 006c622f7665642f
...
[ 117.213640] Call trace:
[ 117.216783] tegra_xusb_enter_elpg+0x23c/0x658
[ 117.222021] tegra_xusb_runtime_suspend+0x40/0x68
[ 117.227260] pm_generic_runtime_suspend+0x30/0x50
[ 117.232847] __rpm_callback+0x84/0x3c0
[ 117.237038] rpm_suspend+0x2dc/0x740
[ 117.241229] pm_runtime_work+0xa0/0xb8
[ 117.245769] process_scheduled_works+0x24c/0x478
[ 117.251007] worker_thread+0x23c/0x328
[ 117.255547] kthread+0x104/0x1b0
[ 117.259389] ret_from_fork+0x10/0x20
[ 117.263582] Code: 54000222 f9461ae8 f8747908 b4ffff48 (f9400100)
Severity ?
5.5 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
a30951d31b250bf3479c00e93646b6cc6fb42a56 , < 9c696bf4ab54c7cec81221887564305f0ceeac0a
(git)
Affected: a30951d31b250bf3479c00e93646b6cc6fb42a56 , < c46555f14b71f95a447f5d49fc3f1f80a1472da2 (git) Affected: a30951d31b250bf3479c00e93646b6cc6fb42a56 , < 7d381137cb6ecf558ef6698c7730ddd482d4c8f2 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50075",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:23:31.784076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:27:21.340Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/host/xhci-tegra.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9c696bf4ab54c7cec81221887564305f0ceeac0a",
"status": "affected",
"version": "a30951d31b250bf3479c00e93646b6cc6fb42a56",
"versionType": "git"
},
{
"lessThan": "c46555f14b71f95a447f5d49fc3f1f80a1472da2",
"status": "affected",
"version": "a30951d31b250bf3479c00e93646b6cc6fb42a56",
"versionType": "git"
},
{
"lessThan": "7d381137cb6ecf558ef6698c7730ddd482d4c8f2",
"status": "affected",
"version": "a30951d31b250bf3479c00e93646b6cc6fb42a56",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/host/xhci-tegra.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.58",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.5",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: tegra: fix checked USB2 port number\n\nIf USB virtualizatoin is enabled, USB2 ports are shared between all\nVirtual Functions. The USB2 port number owned by an USB2 root hub in\na Virtual Function may be less than total USB2 phy number supported\nby the Tegra XUSB controller.\n\nUsing total USB2 phy number as port number to check all PORTSC values\nwould cause invalid memory access.\n\n[ 116.923438] Unable to handle kernel paging request at virtual address 006c622f7665642f\n...\n[ 117.213640] Call trace:\n[ 117.216783] tegra_xusb_enter_elpg+0x23c/0x658\n[ 117.222021] tegra_xusb_runtime_suspend+0x40/0x68\n[ 117.227260] pm_generic_runtime_suspend+0x30/0x50\n[ 117.232847] __rpm_callback+0x84/0x3c0\n[ 117.237038] rpm_suspend+0x2dc/0x740\n[ 117.241229] pm_runtime_work+0xa0/0xb8\n[ 117.245769] process_scheduled_works+0x24c/0x478\n[ 117.251007] worker_thread+0x23c/0x328\n[ 117.255547] kthread+0x104/0x1b0\n[ 117.259389] ret_from_fork+0x10/0x20\n[ 117.263582] Code: 54000222 f9461ae8 f8747908 b4ffff48 (f9400100)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:45:21.588Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9c696bf4ab54c7cec81221887564305f0ceeac0a"
},
{
"url": "https://git.kernel.org/stable/c/c46555f14b71f95a447f5d49fc3f1f80a1472da2"
},
{
"url": "https://git.kernel.org/stable/c/7d381137cb6ecf558ef6698c7730ddd482d4c8f2"
}
],
"title": "xhci: tegra: fix checked USB2 port number",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50075",
"datePublished": "2024-10-29T00:50:17.304Z",
"dateReserved": "2024-10-21T19:36:19.940Z",
"dateUpdated": "2025-10-01T20:27:21.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48971 (GCVE-0-2022-48971)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
Bluetooth: Fix not cleanup led when bt_init fails
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Fix not cleanup led when bt_init fails
bt_init() calls bt_leds_init() to register led, but if it fails later,
bt_leds_cleanup() is not called to unregister it.
This can cause panic if the argument "bluetooth-power" in text is freed
and then another led_trigger_register() tries to access it:
BUG: unable to handle page fault for address: ffffffffc06d3bc0
RIP: 0010:strcmp+0xc/0x30
Call Trace:
<TASK>
led_trigger_register+0x10d/0x4f0
led_trigger_register_simple+0x7d/0x100
bt_init+0x39/0xf7 [bluetooth]
do_one_initcall+0xd0/0x4e0
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
e64c97b53bc6727aa4385535166aaa047281e02d , < 8a66c3a94285552f6a8e45d73b34ebbad11d388b
(git)
Affected: e64c97b53bc6727aa4385535166aaa047281e02d , < 2c6cf0afc3856359e620e96edd952457d258e16c (git) Affected: e64c97b53bc6727aa4385535166aaa047281e02d , < e7b950458156d410509a08c41930b75e72985938 (git) Affected: e64c97b53bc6727aa4385535166aaa047281e02d , < edf7284a98296369dd0891a0457eec37df244873 (git) Affected: e64c97b53bc6727aa4385535166aaa047281e02d , < 5ecf7cd6fde5e72c87122084cf00d63e35d8dd9f (git) Affected: e64c97b53bc6727aa4385535166aaa047281e02d , < 2f3957c7eb4e07df944169a3e50a4d6790e1c744 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:19:08.445851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:37.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/af_bluetooth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8a66c3a94285552f6a8e45d73b34ebbad11d388b",
"status": "affected",
"version": "e64c97b53bc6727aa4385535166aaa047281e02d",
"versionType": "git"
},
{
"lessThan": "2c6cf0afc3856359e620e96edd952457d258e16c",
"status": "affected",
"version": "e64c97b53bc6727aa4385535166aaa047281e02d",
"versionType": "git"
},
{
"lessThan": "e7b950458156d410509a08c41930b75e72985938",
"status": "affected",
"version": "e64c97b53bc6727aa4385535166aaa047281e02d",
"versionType": "git"
},
{
"lessThan": "edf7284a98296369dd0891a0457eec37df244873",
"status": "affected",
"version": "e64c97b53bc6727aa4385535166aaa047281e02d",
"versionType": "git"
},
{
"lessThan": "5ecf7cd6fde5e72c87122084cf00d63e35d8dd9f",
"status": "affected",
"version": "e64c97b53bc6727aa4385535166aaa047281e02d",
"versionType": "git"
},
{
"lessThan": "2f3957c7eb4e07df944169a3e50a4d6790e1c744",
"status": "affected",
"version": "e64c97b53bc6727aa4385535166aaa047281e02d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/af_bluetooth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.269",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix not cleanup led when bt_init fails\n\nbt_init() calls bt_leds_init() to register led, but if it fails later,\nbt_leds_cleanup() is not called to unregister it.\n\nThis can cause panic if the argument \"bluetooth-power\" in text is freed\nand then another led_trigger_register() tries to access it:\n\nBUG: unable to handle page fault for address: ffffffffc06d3bc0\nRIP: 0010:strcmp+0xc/0x30\n Call Trace:\n \u003cTASK\u003e\n led_trigger_register+0x10d/0x4f0\n led_trigger_register_simple+0x7d/0x100\n bt_init+0x39/0xf7 [bluetooth]\n do_one_initcall+0xd0/0x4e0"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:10.417Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8a66c3a94285552f6a8e45d73b34ebbad11d388b"
},
{
"url": "https://git.kernel.org/stable/c/2c6cf0afc3856359e620e96edd952457d258e16c"
},
{
"url": "https://git.kernel.org/stable/c/e7b950458156d410509a08c41930b75e72985938"
},
{
"url": "https://git.kernel.org/stable/c/edf7284a98296369dd0891a0457eec37df244873"
},
{
"url": "https://git.kernel.org/stable/c/5ecf7cd6fde5e72c87122084cf00d63e35d8dd9f"
},
{
"url": "https://git.kernel.org/stable/c/2f3957c7eb4e07df944169a3e50a4d6790e1c744"
}
],
"title": "Bluetooth: Fix not cleanup led when bt_init fails",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48971",
"datePublished": "2024-10-21T20:05:52.363Z",
"dateReserved": "2024-08-22T01:27:53.629Z",
"dateUpdated": "2025-05-04T08:27:10.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42226 (GCVE-0-2024-42226)
Vulnerability from cvelistv5 – Published: 2024-07-30 07:47 – Updated: 2024-08-11 15:33
VLAI?
EPSS
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-08-11T15:33:01.397Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42226",
"datePublished": "2024-07-30T07:47:07.319Z",
"dateRejected": "2024-08-11T15:33:01.397Z",
"dateReserved": "2024-07-30T07:40:12.250Z",
"dateUpdated": "2024-08-11T15:33:01.397Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47669 (GCVE-0-2024-47669)
Vulnerability from cvelistv5 – Published: 2024-10-09 14:14 – Updated: 2025-11-03 22:20
VLAI?
EPSS
Title
nilfs2: fix state management in error path of log writing function
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix state management in error path of log writing function
After commit a694291a6211 ("nilfs2: separate wait function from
nilfs_segctor_write") was applied, the log writing function
nilfs_segctor_do_construct() was able to issue I/O requests continuously
even if user data blocks were split into multiple logs across segments,
but two potential flaws were introduced in its error handling.
First, if nilfs_segctor_begin_construction() fails while creating the
second or subsequent logs, the log writing function returns without
calling nilfs_segctor_abort_construction(), so the writeback flag set on
pages/folios will remain uncleared. This causes page cache operations to
hang waiting for the writeback flag. For example,
truncate_inode_pages_final(), which is called via nilfs_evict_inode() when
an inode is evicted from memory, will hang.
Second, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared.
As a result, if the next log write involves checkpoint creation, that's
fine, but if a partial log write is performed that does not, inodes with
NILFS_I_COLLECTED set are erroneously removed from the "sc_dirty_files"
list, and their data and b-tree blocks may not be written to the device,
corrupting the block mapping.
Fix these issues by uniformly calling nilfs_segctor_abort_construction()
on failure of each step in the loop in nilfs_segctor_do_construct(),
having it clean up logs and segment usages according to progress, and
correcting the conditions for calling nilfs_redirty_inodes() to ensure
that the NILFS_I_COLLECTED flag is cleared.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
a694291a6211537189c6080f77f63cdabfc9b63e , < 40a2757de2c376ef8a08d9ee9c81e77f3c750adf
(git)
Affected: a694291a6211537189c6080f77f63cdabfc9b63e , < 036441e8438b29111fa75008f0ce305fb4e83c0a (git) Affected: a694291a6211537189c6080f77f63cdabfc9b63e , < efdde00d4a1ef10bb71e09ebc67823a3d3ad725b (git) Affected: a694291a6211537189c6080f77f63cdabfc9b63e , < 3e349d7191f0688fc9808ef24fd4e4b4ef5ca876 (git) Affected: a694291a6211537189c6080f77f63cdabfc9b63e , < 30562eff4a6dd35c4b5be9699ef61ad9f5f20a06 (git) Affected: a694291a6211537189c6080f77f63cdabfc9b63e , < 0a1a961bde4351dc047ffdeb2f1311ca16a700cc (git) Affected: a694291a6211537189c6080f77f63cdabfc9b63e , < 74866c16ea2183f52925fa5d76061a1fe7f7737b (git) Affected: a694291a6211537189c6080f77f63cdabfc9b63e , < 6576dd6695f2afca3f4954029ac4a64f82ba60ab (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47669",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T13:20:56.031948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T13:21:10.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:20:34.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/segment.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "40a2757de2c376ef8a08d9ee9c81e77f3c750adf",
"status": "affected",
"version": "a694291a6211537189c6080f77f63cdabfc9b63e",
"versionType": "git"
},
{
"lessThan": "036441e8438b29111fa75008f0ce305fb4e83c0a",
"status": "affected",
"version": "a694291a6211537189c6080f77f63cdabfc9b63e",
"versionType": "git"
},
{
"lessThan": "efdde00d4a1ef10bb71e09ebc67823a3d3ad725b",
"status": "affected",
"version": "a694291a6211537189c6080f77f63cdabfc9b63e",
"versionType": "git"
},
{
"lessThan": "3e349d7191f0688fc9808ef24fd4e4b4ef5ca876",
"status": "affected",
"version": "a694291a6211537189c6080f77f63cdabfc9b63e",
"versionType": "git"
},
{
"lessThan": "30562eff4a6dd35c4b5be9699ef61ad9f5f20a06",
"status": "affected",
"version": "a694291a6211537189c6080f77f63cdabfc9b63e",
"versionType": "git"
},
{
"lessThan": "0a1a961bde4351dc047ffdeb2f1311ca16a700cc",
"status": "affected",
"version": "a694291a6211537189c6080f77f63cdabfc9b63e",
"versionType": "git"
},
{
"lessThan": "74866c16ea2183f52925fa5d76061a1fe7f7737b",
"status": "affected",
"version": "a694291a6211537189c6080f77f63cdabfc9b63e",
"versionType": "git"
},
{
"lessThan": "6576dd6695f2afca3f4954029ac4a64f82ba60ab",
"status": "affected",
"version": "a694291a6211537189c6080f77f63cdabfc9b63e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/segment.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.33"
},
{
"lessThan": "2.6.33",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.322",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.322",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.110",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix state management in error path of log writing function\n\nAfter commit a694291a6211 (\"nilfs2: separate wait function from\nnilfs_segctor_write\") was applied, the log writing function\nnilfs_segctor_do_construct() was able to issue I/O requests continuously\neven if user data blocks were split into multiple logs across segments,\nbut two potential flaws were introduced in its error handling.\n\nFirst, if nilfs_segctor_begin_construction() fails while creating the\nsecond or subsequent logs, the log writing function returns without\ncalling nilfs_segctor_abort_construction(), so the writeback flag set on\npages/folios will remain uncleared. This causes page cache operations to\nhang waiting for the writeback flag. For example,\ntruncate_inode_pages_final(), which is called via nilfs_evict_inode() when\nan inode is evicted from memory, will hang.\n\nSecond, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. \nAs a result, if the next log write involves checkpoint creation, that\u0027s\nfine, but if a partial log write is performed that does not, inodes with\nNILFS_I_COLLECTED set are erroneously removed from the \"sc_dirty_files\"\nlist, and their data and b-tree blocks may not be written to the device,\ncorrupting the block mapping.\n\nFix these issues by uniformly calling nilfs_segctor_abort_construction()\non failure of each step in the loop in nilfs_segctor_do_construct(),\nhaving it clean up logs and segment usages according to progress, and\ncorrecting the conditions for calling nilfs_redirty_inodes() to ensure\nthat the NILFS_I_COLLECTED flag is cleared."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:36:50.353Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/40a2757de2c376ef8a08d9ee9c81e77f3c750adf"
},
{
"url": "https://git.kernel.org/stable/c/036441e8438b29111fa75008f0ce305fb4e83c0a"
},
{
"url": "https://git.kernel.org/stable/c/efdde00d4a1ef10bb71e09ebc67823a3d3ad725b"
},
{
"url": "https://git.kernel.org/stable/c/3e349d7191f0688fc9808ef24fd4e4b4ef5ca876"
},
{
"url": "https://git.kernel.org/stable/c/30562eff4a6dd35c4b5be9699ef61ad9f5f20a06"
},
{
"url": "https://git.kernel.org/stable/c/0a1a961bde4351dc047ffdeb2f1311ca16a700cc"
},
{
"url": "https://git.kernel.org/stable/c/74866c16ea2183f52925fa5d76061a1fe7f7737b"
},
{
"url": "https://git.kernel.org/stable/c/6576dd6695f2afca3f4954029ac4a64f82ba60ab"
}
],
"title": "nilfs2: fix state management in error path of log writing function",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47669",
"datePublished": "2024-10-09T14:14:01.139Z",
"dateReserved": "2024-09-30T16:00:12.936Z",
"dateUpdated": "2025-11-03T22:20:34.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50006 (GCVE-0-2024-50006)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:53 – Updated: 2026-01-05 10:54
VLAI?
EPSS
Title
ext4: fix i_data_sem unlock order in ext4_ind_migrate()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix i_data_sem unlock order in ext4_ind_migrate()
Fuzzing reports a possible deadlock in jbd2_log_wait_commit.
This issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to require
synchronous updates because the file descriptor is opened with O_SYNC.
This can lead to the jbd2_journal_stop() function calling
jbd2_might_wait_for_commit(), potentially causing a deadlock if the
EXT4_IOC_MIGRATE call races with a write(2) system call.
This problem only arises when CONFIG_PROVE_LOCKING is enabled. In this
case, the jbd2_might_wait_for_commit macro locks jbd2_handle in the
jbd2_journal_stop function while i_data_sem is locked. This triggers
lockdep because the jbd2_journal_start function might also lock the same
jbd2_handle simultaneously.
Found by Linux Verification Center (linuxtesting.org) with syzkaller.
Rule: add
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
e8238f9a8339b3578c85e4192a7a23bc2bdc0333 , < 4192adefc9c570698821c5eb9873320eac2fcbf1
(git)
Affected: e8238f9a8339b3578c85e4192a7a23bc2bdc0333 , < 3c46d6060d3e38de22196c1fe7706c5a3c696285 (git) Affected: e8238f9a8339b3578c85e4192a7a23bc2bdc0333 , < 53b1999cfd2c7addf2e581a32865fe8835467b44 (git) Affected: e8238f9a8339b3578c85e4192a7a23bc2bdc0333 , < ef05572da0c0eb89614ed01cc17d3c882bdbd1ff (git) Affected: e8238f9a8339b3578c85e4192a7a23bc2bdc0333 , < 9fedf51ab8cf7b69bff08f37fe0989fec7f5d870 (git) Affected: e8238f9a8339b3578c85e4192a7a23bc2bdc0333 , < d43776b907659affef1de888525847d64b244194 (git) Affected: e8238f9a8339b3578c85e4192a7a23bc2bdc0333 , < 6252cb6bde7fc76cb8dcb49d1def7c326b190820 (git) Affected: e8238f9a8339b3578c85e4192a7a23bc2bdc0333 , < d58a00e981d3118b91d503da263e640b7cde6729 (git) Affected: e8238f9a8339b3578c85e4192a7a23bc2bdc0333 , < cc749e61c011c255d81b192a822db650c68b313f (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50006",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:29:18.943550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:40.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:24:21.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/migrate.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4192adefc9c570698821c5eb9873320eac2fcbf1",
"status": "affected",
"version": "e8238f9a8339b3578c85e4192a7a23bc2bdc0333",
"versionType": "git"
},
{
"lessThan": "3c46d6060d3e38de22196c1fe7706c5a3c696285",
"status": "affected",
"version": "e8238f9a8339b3578c85e4192a7a23bc2bdc0333",
"versionType": "git"
},
{
"lessThan": "53b1999cfd2c7addf2e581a32865fe8835467b44",
"status": "affected",
"version": "e8238f9a8339b3578c85e4192a7a23bc2bdc0333",
"versionType": "git"
},
{
"lessThan": "ef05572da0c0eb89614ed01cc17d3c882bdbd1ff",
"status": "affected",
"version": "e8238f9a8339b3578c85e4192a7a23bc2bdc0333",
"versionType": "git"
},
{
"lessThan": "9fedf51ab8cf7b69bff08f37fe0989fec7f5d870",
"status": "affected",
"version": "e8238f9a8339b3578c85e4192a7a23bc2bdc0333",
"versionType": "git"
},
{
"lessThan": "d43776b907659affef1de888525847d64b244194",
"status": "affected",
"version": "e8238f9a8339b3578c85e4192a7a23bc2bdc0333",
"versionType": "git"
},
{
"lessThan": "6252cb6bde7fc76cb8dcb49d1def7c326b190820",
"status": "affected",
"version": "e8238f9a8339b3578c85e4192a7a23bc2bdc0333",
"versionType": "git"
},
{
"lessThan": "d58a00e981d3118b91d503da263e640b7cde6729",
"status": "affected",
"version": "e8238f9a8339b3578c85e4192a7a23bc2bdc0333",
"versionType": "git"
},
{
"lessThan": "cc749e61c011c255d81b192a822db650c68b313f",
"status": "affected",
"version": "e8238f9a8339b3578c85e4192a7a23bc2bdc0333",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/migrate.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix i_data_sem unlock order in ext4_ind_migrate()\n\nFuzzing reports a possible deadlock in jbd2_log_wait_commit.\n\nThis issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to require\nsynchronous updates because the file descriptor is opened with O_SYNC.\nThis can lead to the jbd2_journal_stop() function calling\njbd2_might_wait_for_commit(), potentially causing a deadlock if the\nEXT4_IOC_MIGRATE call races with a write(2) system call.\n\nThis problem only arises when CONFIG_PROVE_LOCKING is enabled. In this\ncase, the jbd2_might_wait_for_commit macro locks jbd2_handle in the\njbd2_journal_stop function while i_data_sem is locked. This triggers\nlockdep because the jbd2_journal_start function might also lock the same\njbd2_handle simultaneously.\n\nFound by Linux Verification Center (linuxtesting.org) with syzkaller.\n\nRule: add"
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:54:38.417Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4192adefc9c570698821c5eb9873320eac2fcbf1"
},
{
"url": "https://git.kernel.org/stable/c/3c46d6060d3e38de22196c1fe7706c5a3c696285"
},
{
"url": "https://git.kernel.org/stable/c/53b1999cfd2c7addf2e581a32865fe8835467b44"
},
{
"url": "https://git.kernel.org/stable/c/ef05572da0c0eb89614ed01cc17d3c882bdbd1ff"
},
{
"url": "https://git.kernel.org/stable/c/9fedf51ab8cf7b69bff08f37fe0989fec7f5d870"
},
{
"url": "https://git.kernel.org/stable/c/d43776b907659affef1de888525847d64b244194"
},
{
"url": "https://git.kernel.org/stable/c/6252cb6bde7fc76cb8dcb49d1def7c326b190820"
},
{
"url": "https://git.kernel.org/stable/c/d58a00e981d3118b91d503da263e640b7cde6729"
},
{
"url": "https://git.kernel.org/stable/c/cc749e61c011c255d81b192a822db650c68b313f"
}
],
"title": "ext4: fix i_data_sem unlock order in ext4_ind_migrate()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50006",
"datePublished": "2024-10-21T18:53:59.938Z",
"dateReserved": "2024-10-21T12:17:06.060Z",
"dateUpdated": "2026-01-05T10:54:38.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46825 (GCVE-0-2024-46825)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:39 – Updated: 2026-01-05 10:53
VLAI?
EPSS
Title
wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check
The lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is
normally called with input from the firmware, so it should use
IWL_FW_CHECK() instead of WARN_ON().
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
d464550bb2e9cce2c377ed39c7e327e7db6e2be9 , < 415f3634d53c7fb4cf07d2f5a0be7f2e15e6da33
(git)
Affected: d464550bb2e9cce2c377ed39c7e327e7db6e2be9 , < 3cca098c91391b3fa48142bfda57048b985c87f6 (git) Affected: d464550bb2e9cce2c377ed39c7e327e7db6e2be9 , < 9215152677d4b321801a92b06f6d5248b2b4465f (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:13:05.803293Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:13:15.493Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/mvm/mvm.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "415f3634d53c7fb4cf07d2f5a0be7f2e15e6da33",
"status": "affected",
"version": "d464550bb2e9cce2c377ed39c7e327e7db6e2be9",
"versionType": "git"
},
{
"lessThan": "3cca098c91391b3fa48142bfda57048b985c87f6",
"status": "affected",
"version": "d464550bb2e9cce2c377ed39c7e327e7db6e2be9",
"versionType": "git"
},
{
"lessThan": "9215152677d4b321801a92b06f6d5248b2b4465f",
"status": "affected",
"version": "d464550bb2e9cce2c377ed39c7e327e7db6e2be9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/mvm/mvm.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check\n\nThe lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is\nnormally called with input from the firmware, so it should use\nIWL_FW_CHECK() instead of WARN_ON()."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:53:24.061Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/415f3634d53c7fb4cf07d2f5a0be7f2e15e6da33"
},
{
"url": "https://git.kernel.org/stable/c/3cca098c91391b3fa48142bfda57048b985c87f6"
},
{
"url": "https://git.kernel.org/stable/c/9215152677d4b321801a92b06f6d5248b2b4465f"
}
],
"title": "wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46825",
"datePublished": "2024-09-27T12:39:25.218Z",
"dateReserved": "2024-09-11T15:12:18.285Z",
"dateUpdated": "2026-01-05T10:53:24.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48995 (GCVE-0-2022-48995)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send()
Summary
In the Linux kernel, the following vulnerability has been resolved:
Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send()
There is a kmemleak when test the raydium_i2c_ts with bpf mock device:
unreferenced object 0xffff88812d3675a0 (size 8):
comm "python3", pid 349, jiffies 4294741067 (age 95.695s)
hex dump (first 8 bytes):
11 0e 10 c0 01 00 04 00 ........
backtrace:
[<0000000068427125>] __kmalloc+0x46/0x1b0
[<0000000090180f91>] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts]
[<000000006e631aee>] raydium_i2c_initialize.cold+0xbc/0x3e4 [raydium_i2c_ts]
[<00000000dc6fcf38>] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts]
[<00000000a310de16>] i2c_device_probe+0x651/0x680
[<00000000f5a96bf3>] really_probe+0x17c/0x3f0
[<00000000096ba499>] __driver_probe_device+0xe3/0x170
[<00000000c5acb4d9>] driver_probe_device+0x49/0x120
[<00000000264fe082>] __device_attach_driver+0xf7/0x150
[<00000000f919423c>] bus_for_each_drv+0x114/0x180
[<00000000e067feca>] __device_attach+0x1e5/0x2d0
[<0000000054301fc2>] bus_probe_device+0x126/0x140
[<00000000aad93b22>] device_add+0x810/0x1130
[<00000000c086a53f>] i2c_new_client_device+0x352/0x4e0
[<000000003c2c248c>] of_i2c_register_device+0xf1/0x110
[<00000000ffec4177>] of_i2c_notify+0x100/0x160
unreferenced object 0xffff88812d3675c8 (size 8):
comm "python3", pid 349, jiffies 4294741070 (age 95.692s)
hex dump (first 8 bytes):
22 00 36 2d 81 88 ff ff ".6-....
backtrace:
[<0000000068427125>] __kmalloc+0x46/0x1b0
[<0000000090180f91>] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts]
[<000000001d5c9620>] raydium_i2c_initialize.cold+0x223/0x3e4 [raydium_i2c_ts]
[<00000000dc6fcf38>] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts]
[<00000000a310de16>] i2c_device_probe+0x651/0x680
[<00000000f5a96bf3>] really_probe+0x17c/0x3f0
[<00000000096ba499>] __driver_probe_device+0xe3/0x170
[<00000000c5acb4d9>] driver_probe_device+0x49/0x120
[<00000000264fe082>] __device_attach_driver+0xf7/0x150
[<00000000f919423c>] bus_for_each_drv+0x114/0x180
[<00000000e067feca>] __device_attach+0x1e5/0x2d0
[<0000000054301fc2>] bus_probe_device+0x126/0x140
[<00000000aad93b22>] device_add+0x810/0x1130
[<00000000c086a53f>] i2c_new_client_device+0x352/0x4e0
[<000000003c2c248c>] of_i2c_register_device+0xf1/0x110
[<00000000ffec4177>] of_i2c_notify+0x100/0x160
After BANK_SWITCH command from i2c BUS, no matter success or error
happened, the tx_buf should be freed.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2a , < a82869ac52f3d9db4b2cf8fd41edc2dee7a75a61
(git)
Affected: 3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2a , < 53b9b1201e34ccc895971218559123625c56fbcd (git) Affected: 3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2a , < 097c1c7a28e3da8f2811ba532be6e81faab15aab (git) Affected: 3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2a , < 8c9a59939deb4bfafdc451100c03d1e848b4169b (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:15:57.179359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:41.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/input/touchscreen/raydium_i2c_ts.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a82869ac52f3d9db4b2cf8fd41edc2dee7a75a61",
"status": "affected",
"version": "3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2a",
"versionType": "git"
},
{
"lessThan": "53b9b1201e34ccc895971218559123625c56fbcd",
"status": "affected",
"version": "3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2a",
"versionType": "git"
},
{
"lessThan": "097c1c7a28e3da8f2811ba532be6e81faab15aab",
"status": "affected",
"version": "3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2a",
"versionType": "git"
},
{
"lessThan": "8c9a59939deb4bfafdc451100c03d1e848b4169b",
"status": "affected",
"version": "3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/input/touchscreen/raydium_i2c_ts.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: raydium_ts_i2c - fix memory leak in raydium_i2c_send()\n\nThere is a kmemleak when test the raydium_i2c_ts with bpf mock device:\n\n unreferenced object 0xffff88812d3675a0 (size 8):\n comm \"python3\", pid 349, jiffies 4294741067 (age 95.695s)\n hex dump (first 8 bytes):\n 11 0e 10 c0 01 00 04 00 ........\n backtrace:\n [\u003c0000000068427125\u003e] __kmalloc+0x46/0x1b0\n [\u003c0000000090180f91\u003e] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts]\n [\u003c000000006e631aee\u003e] raydium_i2c_initialize.cold+0xbc/0x3e4 [raydium_i2c_ts]\n [\u003c00000000dc6fcf38\u003e] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts]\n [\u003c00000000a310de16\u003e] i2c_device_probe+0x651/0x680\n [\u003c00000000f5a96bf3\u003e] really_probe+0x17c/0x3f0\n [\u003c00000000096ba499\u003e] __driver_probe_device+0xe3/0x170\n [\u003c00000000c5acb4d9\u003e] driver_probe_device+0x49/0x120\n [\u003c00000000264fe082\u003e] __device_attach_driver+0xf7/0x150\n [\u003c00000000f919423c\u003e] bus_for_each_drv+0x114/0x180\n [\u003c00000000e067feca\u003e] __device_attach+0x1e5/0x2d0\n [\u003c0000000054301fc2\u003e] bus_probe_device+0x126/0x140\n [\u003c00000000aad93b22\u003e] device_add+0x810/0x1130\n [\u003c00000000c086a53f\u003e] i2c_new_client_device+0x352/0x4e0\n [\u003c000000003c2c248c\u003e] of_i2c_register_device+0xf1/0x110\n [\u003c00000000ffec4177\u003e] of_i2c_notify+0x100/0x160\n unreferenced object 0xffff88812d3675c8 (size 8):\n comm \"python3\", pid 349, jiffies 4294741070 (age 95.692s)\n hex dump (first 8 bytes):\n 22 00 36 2d 81 88 ff ff \".6-....\n backtrace:\n [\u003c0000000068427125\u003e] __kmalloc+0x46/0x1b0\n [\u003c0000000090180f91\u003e] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts]\n [\u003c000000001d5c9620\u003e] raydium_i2c_initialize.cold+0x223/0x3e4 [raydium_i2c_ts]\n [\u003c00000000dc6fcf38\u003e] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts]\n [\u003c00000000a310de16\u003e] i2c_device_probe+0x651/0x680\n [\u003c00000000f5a96bf3\u003e] really_probe+0x17c/0x3f0\n [\u003c00000000096ba499\u003e] __driver_probe_device+0xe3/0x170\n [\u003c00000000c5acb4d9\u003e] driver_probe_device+0x49/0x120\n [\u003c00000000264fe082\u003e] __device_attach_driver+0xf7/0x150\n [\u003c00000000f919423c\u003e] bus_for_each_drv+0x114/0x180\n [\u003c00000000e067feca\u003e] __device_attach+0x1e5/0x2d0\n [\u003c0000000054301fc2\u003e] bus_probe_device+0x126/0x140\n [\u003c00000000aad93b22\u003e] device_add+0x810/0x1130\n [\u003c00000000c086a53f\u003e] i2c_new_client_device+0x352/0x4e0\n [\u003c000000003c2c248c\u003e] of_i2c_register_device+0xf1/0x110\n [\u003c00000000ffec4177\u003e] of_i2c_notify+0x100/0x160\n\nAfter BANK_SWITCH command from i2c BUS, no matter success or error\nhappened, the tx_buf should be freed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:42.251Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a82869ac52f3d9db4b2cf8fd41edc2dee7a75a61"
},
{
"url": "https://git.kernel.org/stable/c/53b9b1201e34ccc895971218559123625c56fbcd"
},
{
"url": "https://git.kernel.org/stable/c/097c1c7a28e3da8f2811ba532be6e81faab15aab"
},
{
"url": "https://git.kernel.org/stable/c/8c9a59939deb4bfafdc451100c03d1e848b4169b"
}
],
"title": "Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48995",
"datePublished": "2024-10-21T20:06:11.482Z",
"dateReserved": "2024-08-22T01:27:53.637Z",
"dateUpdated": "2025-05-04T08:27:42.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48879 (GCVE-0-2022-48879)
Vulnerability from cvelistv5 – Published: 2024-08-21 06:10 – Updated: 2025-05-04 12:43
VLAI?
EPSS
Title
efi: fix NULL-deref in init error path
Summary
In the Linux kernel, the following vulnerability has been resolved:
efi: fix NULL-deref in init error path
In cases where runtime services are not supported or have been disabled,
the runtime services workqueue will never have been allocated.
Do not try to destroy the workqueue unconditionally in the unlikely
event that EFI initialisation fails to avoid dereferencing a NULL
pointer.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
2ff3c97b47521d6700cc6485c7935908dcd2c27c , < 585a0b2b3ae7903c6abee3087d09c69e955a7794
(git)
Affected: 5167f194da6947e19a3e970485ee3ccb44f7958d , < 5fcf75a8a4c3e7ee9122d143684083c9faf20452 (git) Affected: 98086df8b70c06234a8f4290c46064e44dafa0ed , < 4ca71bc0e1995d15486cd7b60845602a28399cb5 (git) Affected: 98086df8b70c06234a8f4290c46064e44dafa0ed , < e2ea55564229e4bea1474af15b111b3a3043b76f (git) Affected: 98086df8b70c06234a8f4290c46064e44dafa0ed , < adc96d30f6503d30dc68670c013716f1d9fcc747 (git) Affected: 98086df8b70c06234a8f4290c46064e44dafa0ed , < 703c13fe3c9af557d312f5895ed6a5fda2711104 (git) Affected: f591a42b8f9a9d20e01d0462f4f55d2176ac52ec (git) Affected: e6584124b9823151ef586d10dedf565ade50cea6 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:05:03.005794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:51.607Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/efi/efi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "585a0b2b3ae7903c6abee3087d09c69e955a7794",
"status": "affected",
"version": "2ff3c97b47521d6700cc6485c7935908dcd2c27c",
"versionType": "git"
},
{
"lessThan": "5fcf75a8a4c3e7ee9122d143684083c9faf20452",
"status": "affected",
"version": "5167f194da6947e19a3e970485ee3ccb44f7958d",
"versionType": "git"
},
{
"lessThan": "4ca71bc0e1995d15486cd7b60845602a28399cb5",
"status": "affected",
"version": "98086df8b70c06234a8f4290c46064e44dafa0ed",
"versionType": "git"
},
{
"lessThan": "e2ea55564229e4bea1474af15b111b3a3043b76f",
"status": "affected",
"version": "98086df8b70c06234a8f4290c46064e44dafa0ed",
"versionType": "git"
},
{
"lessThan": "adc96d30f6503d30dc68670c013716f1d9fcc747",
"status": "affected",
"version": "98086df8b70c06234a8f4290c46064e44dafa0ed",
"versionType": "git"
},
{
"lessThan": "703c13fe3c9af557d312f5895ed6a5fda2711104",
"status": "affected",
"version": "98086df8b70c06234a8f4290c46064e44dafa0ed",
"versionType": "git"
},
{
"status": "affected",
"version": "f591a42b8f9a9d20e01d0462f4f55d2176ac52ec",
"versionType": "git"
},
{
"status": "affected",
"version": "e6584124b9823151ef586d10dedf565ade50cea6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/efi/efi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.89",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"versionStartIncluding": "4.19.142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"versionStartIncluding": "5.4.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.164",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.89",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.7.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: fix NULL-deref in init error path\n\nIn cases where runtime services are not supported or have been disabled,\nthe runtime services workqueue will never have been allocated.\n\nDo not try to destroy the workqueue unconditionally in the unlikely\nevent that EFI initialisation fails to avoid dereferencing a NULL\npointer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:43:57.666Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/585a0b2b3ae7903c6abee3087d09c69e955a7794"
},
{
"url": "https://git.kernel.org/stable/c/5fcf75a8a4c3e7ee9122d143684083c9faf20452"
},
{
"url": "https://git.kernel.org/stable/c/4ca71bc0e1995d15486cd7b60845602a28399cb5"
},
{
"url": "https://git.kernel.org/stable/c/e2ea55564229e4bea1474af15b111b3a3043b76f"
},
{
"url": "https://git.kernel.org/stable/c/adc96d30f6503d30dc68670c013716f1d9fcc747"
},
{
"url": "https://git.kernel.org/stable/c/703c13fe3c9af557d312f5895ed6a5fda2711104"
}
],
"title": "efi: fix NULL-deref in init error path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48879",
"datePublished": "2024-08-21T06:10:10.454Z",
"dateReserved": "2024-07-16T11:38:08.923Z",
"dateUpdated": "2025-05-04T12:43:57.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50042 (GCVE-0-2024-50042)
Vulnerability from cvelistv5 – Published: 2024-10-21 19:39 – Updated: 2025-05-04 12:59
VLAI?
EPSS
Title
ice: Fix increasing MSI-X on VF
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix increasing MSI-X on VF
Increasing MSI-X value on a VF leads to invalid memory operations. This
is caused by not reallocating some arrays.
Reproducer:
modprobe ice
echo 0 > /sys/bus/pci/devices/$PF_PCI/sriov_drivers_autoprobe
echo 1 > /sys/bus/pci/devices/$PF_PCI/sriov_numvfs
echo 17 > /sys/bus/pci/devices/$VF0_PCI/sriov_vf_msix_count
Default MSI-X is 16, so 17 and above triggers this issue.
KASAN reports:
BUG: KASAN: slab-out-of-bounds in ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]
Read of size 8 at addr ffff8888b937d180 by task bash/28433
(...)
Call Trace:
(...)
? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]
kasan_report+0xed/0x120
? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]
ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]
ice_vsi_cfg_def+0x3360/0x4770 [ice]
? mutex_unlock+0x83/0xd0
? __pfx_ice_vsi_cfg_def+0x10/0x10 [ice]
? __pfx_ice_remove_vsi_lkup_fltr+0x10/0x10 [ice]
ice_vsi_cfg+0x7f/0x3b0 [ice]
ice_vf_reconfig_vsi+0x114/0x210 [ice]
ice_sriov_set_msix_vec_count+0x3d0/0x960 [ice]
sriov_vf_msix_count_store+0x21c/0x300
(...)
Allocated by task 28201:
(...)
ice_vsi_cfg_def+0x1c8e/0x4770 [ice]
ice_vsi_cfg+0x7f/0x3b0 [ice]
ice_vsi_setup+0x179/0xa30 [ice]
ice_sriov_configure+0xcaa/0x1520 [ice]
sriov_numvfs_store+0x212/0x390
(...)
To fix it, use ice_vsi_rebuild() instead of ice_vf_reconfig_vsi(). This
causes the required arrays to be reallocated taking the new queue count
into account (ice_vsi_realloc_stat_arrays()). Set req_txq and req_rxq
before ice_vsi_rebuild(), so that realloc uses the newly set queue
count.
Additionally, ice_vsi_rebuild() does not remove VSI filters
(ice_fltr_remove_all()), so ice_vf_init_host_cfg() is no longer
necessary.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:24:38.498470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:44.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_sriov.c",
"drivers/net/ethernet/intel/ice/ice_vf_lib.c",
"drivers/net/ethernet/intel/ice/ice_vf_lib_private.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cbda6197929418fabf0e45ecf9b7a76360944c70",
"status": "affected",
"version": "2a2cb4c6c18130e9f14d2e39deb75590744d98ef",
"versionType": "git"
},
{
"lessThan": "bce9af1b030bf59d51bbabf909a3ef164787e44e",
"status": "affected",
"version": "2a2cb4c6c18130e9f14d2e39deb75590744d98ef",
"versionType": "git"
},
{
"status": "affected",
"version": "8910b1cef190545085e9bb486f35dd30ad928a05",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_sriov.c",
"drivers/net/ethernet/intel/ice/ice_vf_lib.c",
"drivers/net/ethernet/intel/ice/ice_vf_lib_private.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.4",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix increasing MSI-X on VF\n\nIncreasing MSI-X value on a VF leads to invalid memory operations. This\nis caused by not reallocating some arrays.\n\nReproducer:\n modprobe ice\n echo 0 \u003e /sys/bus/pci/devices/$PF_PCI/sriov_drivers_autoprobe\n echo 1 \u003e /sys/bus/pci/devices/$PF_PCI/sriov_numvfs\n echo 17 \u003e /sys/bus/pci/devices/$VF0_PCI/sriov_vf_msix_count\n\nDefault MSI-X is 16, so 17 and above triggers this issue.\n\nKASAN reports:\n\n BUG: KASAN: slab-out-of-bounds in ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n Read of size 8 at addr ffff8888b937d180 by task bash/28433\n (...)\n\n Call Trace:\n (...)\n ? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n kasan_report+0xed/0x120\n ? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n ice_vsi_cfg_def+0x3360/0x4770 [ice]\n ? mutex_unlock+0x83/0xd0\n ? __pfx_ice_vsi_cfg_def+0x10/0x10 [ice]\n ? __pfx_ice_remove_vsi_lkup_fltr+0x10/0x10 [ice]\n ice_vsi_cfg+0x7f/0x3b0 [ice]\n ice_vf_reconfig_vsi+0x114/0x210 [ice]\n ice_sriov_set_msix_vec_count+0x3d0/0x960 [ice]\n sriov_vf_msix_count_store+0x21c/0x300\n (...)\n\n Allocated by task 28201:\n (...)\n ice_vsi_cfg_def+0x1c8e/0x4770 [ice]\n ice_vsi_cfg+0x7f/0x3b0 [ice]\n ice_vsi_setup+0x179/0xa30 [ice]\n ice_sriov_configure+0xcaa/0x1520 [ice]\n sriov_numvfs_store+0x212/0x390\n (...)\n\nTo fix it, use ice_vsi_rebuild() instead of ice_vf_reconfig_vsi(). This\ncauses the required arrays to be reallocated taking the new queue count\ninto account (ice_vsi_realloc_stat_arrays()). Set req_txq and req_rxq\nbefore ice_vsi_rebuild(), so that realloc uses the newly set queue\ncount.\n\nAdditionally, ice_vsi_rebuild() does not remove VSI filters\n(ice_fltr_remove_all()), so ice_vf_init_host_cfg() is no longer\nnecessary."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:59:25.767Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cbda6197929418fabf0e45ecf9b7a76360944c70"
},
{
"url": "https://git.kernel.org/stable/c/bce9af1b030bf59d51bbabf909a3ef164787e44e"
}
],
"title": "ice: Fix increasing MSI-X on VF",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50042",
"datePublished": "2024-10-21T19:39:41.084Z",
"dateReserved": "2024-10-21T12:17:06.071Z",
"dateUpdated": "2025-05-04T12:59:25.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49929 (GCVE-0-2024-49929)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 20:42
VLAI?
EPSS
Title
wifi: iwlwifi: mvm: avoid NULL pointer dereference
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: avoid NULL pointer dereference
iwl_mvm_tx_skb_sta() and iwl_mvm_tx_mpdu() verify that the mvmvsta
pointer is not NULL.
It retrieves this pointer using iwl_mvm_sta_from_mac80211, which is
dereferencing the ieee80211_sta pointer.
If sta is NULL, iwl_mvm_sta_from_mac80211 will dereference a NULL
pointer.
Fix this by checking the sta pointer before retrieving the mvmsta
from it. If sta is not NULL, then mvmsta isn't either.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
5b577a90fb3d86447ee86f8e0c6ddbd5da2ef8c9 , < cbc6fc9cfcde151ff5eadaefdc6155f99579384f
(git)
Affected: 5b577a90fb3d86447ee86f8e0c6ddbd5da2ef8c9 , < 6dcadb2ed3b76623ab96e3e7fbeda1a374d01c28 (git) Affected: 5b577a90fb3d86447ee86f8e0c6ddbd5da2ef8c9 , < cdbf51bfa4b0411820806777da36d93d49bc49a1 (git) Affected: 5b577a90fb3d86447ee86f8e0c6ddbd5da2ef8c9 , < c0b4f5d94934c290479180868a32c15ba36a6d9e (git) Affected: 5b577a90fb3d86447ee86f8e0c6ddbd5da2ef8c9 , < 557a6cd847645e667f3b362560bd7e7c09aac284 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:39:18.933944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:43.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:42:04.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/mvm/tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cbc6fc9cfcde151ff5eadaefdc6155f99579384f",
"status": "affected",
"version": "5b577a90fb3d86447ee86f8e0c6ddbd5da2ef8c9",
"versionType": "git"
},
{
"lessThan": "6dcadb2ed3b76623ab96e3e7fbeda1a374d01c28",
"status": "affected",
"version": "5b577a90fb3d86447ee86f8e0c6ddbd5da2ef8c9",
"versionType": "git"
},
{
"lessThan": "cdbf51bfa4b0411820806777da36d93d49bc49a1",
"status": "affected",
"version": "5b577a90fb3d86447ee86f8e0c6ddbd5da2ef8c9",
"versionType": "git"
},
{
"lessThan": "c0b4f5d94934c290479180868a32c15ba36a6d9e",
"status": "affected",
"version": "5b577a90fb3d86447ee86f8e0c6ddbd5da2ef8c9",
"versionType": "git"
},
{
"lessThan": "557a6cd847645e667f3b362560bd7e7c09aac284",
"status": "affected",
"version": "5b577a90fb3d86447ee86f8e0c6ddbd5da2ef8c9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/mvm/tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.14"
},
{
"lessThan": "3.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: avoid NULL pointer dereference\n\niwl_mvm_tx_skb_sta() and iwl_mvm_tx_mpdu() verify that the mvmvsta\npointer is not NULL.\nIt retrieves this pointer using iwl_mvm_sta_from_mac80211, which is\ndereferencing the ieee80211_sta pointer.\nIf sta is NULL, iwl_mvm_sta_from_mac80211 will dereference a NULL\npointer.\nFix this by checking the sta pointer before retrieving the mvmsta\nfrom it. If sta is not NULL, then mvmsta isn\u0027t either."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:23.151Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cbc6fc9cfcde151ff5eadaefdc6155f99579384f"
},
{
"url": "https://git.kernel.org/stable/c/6dcadb2ed3b76623ab96e3e7fbeda1a374d01c28"
},
{
"url": "https://git.kernel.org/stable/c/cdbf51bfa4b0411820806777da36d93d49bc49a1"
},
{
"url": "https://git.kernel.org/stable/c/c0b4f5d94934c290479180868a32c15ba36a6d9e"
},
{
"url": "https://git.kernel.org/stable/c/557a6cd847645e667f3b362560bd7e7c09aac284"
}
],
"title": "wifi: iwlwifi: mvm: avoid NULL pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49929",
"datePublished": "2024-10-21T18:01:52.450Z",
"dateReserved": "2024-10-21T12:17:06.039Z",
"dateUpdated": "2025-11-03T20:42:04.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49972 (GCVE-0-2024-49972)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-09-03 13:06
VLAI?
EPSS
Title
drm/amd/display: Deallocate DML memory if allocation fails
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Deallocate DML memory if allocation fails
[Why]
When DC state create DML memory allocation fails, memory is not
deallocated subsequently, resulting in uninitialized structure
that is not NULL.
[How]
Deallocate memory if DML memory allocation fails.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:33:39.314434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:46.024Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc_state.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "80345daa5746184195f2d383a2f1bad058f0f94c",
"status": "affected",
"version": "7966f319c66d9468623c6a6a017ecbc0dd79be75",
"versionType": "git"
},
{
"lessThan": "892abca6877a96c9123bb1c010cafccdf8ca1b75",
"status": "affected",
"version": "7966f319c66d9468623c6a6a017ecbc0dd79be75",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc_state.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Deallocate DML memory if allocation fails\n\n[Why]\nWhen DC state create DML memory allocation fails, memory is not\ndeallocated subsequently, resulting in uninitialized structure\nthat is not NULL.\n\n[How]\nDeallocate memory if DML memory allocation fails."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T13:06:42.389Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/80345daa5746184195f2d383a2f1bad058f0f94c"
},
{
"url": "https://git.kernel.org/stable/c/892abca6877a96c9123bb1c010cafccdf8ca1b75"
}
],
"title": "drm/amd/display: Deallocate DML memory if allocation fails",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49972",
"datePublished": "2024-10-21T18:02:21.014Z",
"dateReserved": "2024-10-21T12:17:06.051Z",
"dateUpdated": "2025-09-03T13:06:42.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47737 (GCVE-0-2024-47737)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
nfsd: call cache_put if xdr_reserve_space returns NULL
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfsd: call cache_put if xdr_reserve_space returns NULL
If not enough buffer space available, but idmap_lookup has triggered
lookup_fn which calls cache_get and returns successfully. Then we
missed to call cache_put here which pairs with cache_get.
Reviwed-by: Jeff Layton <jlayton@kernel.org>
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
ddd1ea56367202f6c99135cd59de7a97af4c4ffd , < 3e8081ebff12bec1347deaceb6bce0765cce54df
(git)
Affected: ddd1ea56367202f6c99135cd59de7a97af4c4ffd , < c6b16e700cf4d959af524bd9d3978407ff7ce462 (git) Affected: ddd1ea56367202f6c99135cd59de7a97af4c4ffd , < 9f03f0016ff797932551881c7e06ae50e9c39134 (git) Affected: ddd1ea56367202f6c99135cd59de7a97af4c4ffd , < 9803ab882d565a8fb2dde5999d98866d1c499dfd (git) Affected: ddd1ea56367202f6c99135cd59de7a97af4c4ffd , < 81821617312988096f5deccf0f7da6f888e98056 (git) Affected: ddd1ea56367202f6c99135cd59de7a97af4c4ffd , < a1afbbb5276f943ad7173d0b4c626b8c75a260da (git) Affected: ddd1ea56367202f6c99135cd59de7a97af4c4ffd , < e32ee6a61041925d1a05c14d10352dcfce9ef029 (git) Affected: ddd1ea56367202f6c99135cd59de7a97af4c4ffd , < 8d0765f86135e27f0bb5c950c136495719b4c834 (git) Affected: ddd1ea56367202f6c99135cd59de7a97af4c4ffd , < d078cbf5c38de83bc31f83c47dcd2184c04a50c7 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47737",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:59:42.866272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:14.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:32.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfsd/nfs4idmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3e8081ebff12bec1347deaceb6bce0765cce54df",
"status": "affected",
"version": "ddd1ea56367202f6c99135cd59de7a97af4c4ffd",
"versionType": "git"
},
{
"lessThan": "c6b16e700cf4d959af524bd9d3978407ff7ce462",
"status": "affected",
"version": "ddd1ea56367202f6c99135cd59de7a97af4c4ffd",
"versionType": "git"
},
{
"lessThan": "9f03f0016ff797932551881c7e06ae50e9c39134",
"status": "affected",
"version": "ddd1ea56367202f6c99135cd59de7a97af4c4ffd",
"versionType": "git"
},
{
"lessThan": "9803ab882d565a8fb2dde5999d98866d1c499dfd",
"status": "affected",
"version": "ddd1ea56367202f6c99135cd59de7a97af4c4ffd",
"versionType": "git"
},
{
"lessThan": "81821617312988096f5deccf0f7da6f888e98056",
"status": "affected",
"version": "ddd1ea56367202f6c99135cd59de7a97af4c4ffd",
"versionType": "git"
},
{
"lessThan": "a1afbbb5276f943ad7173d0b4c626b8c75a260da",
"status": "affected",
"version": "ddd1ea56367202f6c99135cd59de7a97af4c4ffd",
"versionType": "git"
},
{
"lessThan": "e32ee6a61041925d1a05c14d10352dcfce9ef029",
"status": "affected",
"version": "ddd1ea56367202f6c99135cd59de7a97af4c4ffd",
"versionType": "git"
},
{
"lessThan": "8d0765f86135e27f0bb5c950c136495719b4c834",
"status": "affected",
"version": "ddd1ea56367202f6c99135cd59de7a97af4c4ffd",
"versionType": "git"
},
{
"lessThan": "d078cbf5c38de83bc31f83c47dcd2184c04a50c7",
"status": "affected",
"version": "ddd1ea56367202f6c99135cd59de7a97af4c4ffd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfsd/nfs4idmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.16"
},
{
"lessThan": "3.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: call cache_put if xdr_reserve_space returns NULL\n\nIf not enough buffer space available, but idmap_lookup has triggered\nlookup_fn which calls cache_get and returns successfully. Then we\nmissed to call cache_put here which pairs with cache_get.\n\nReviwed-by: Jeff Layton \u003cjlayton@kernel.org\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:38:41.389Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3e8081ebff12bec1347deaceb6bce0765cce54df"
},
{
"url": "https://git.kernel.org/stable/c/c6b16e700cf4d959af524bd9d3978407ff7ce462"
},
{
"url": "https://git.kernel.org/stable/c/9f03f0016ff797932551881c7e06ae50e9c39134"
},
{
"url": "https://git.kernel.org/stable/c/9803ab882d565a8fb2dde5999d98866d1c499dfd"
},
{
"url": "https://git.kernel.org/stable/c/81821617312988096f5deccf0f7da6f888e98056"
},
{
"url": "https://git.kernel.org/stable/c/a1afbbb5276f943ad7173d0b4c626b8c75a260da"
},
{
"url": "https://git.kernel.org/stable/c/e32ee6a61041925d1a05c14d10352dcfce9ef029"
},
{
"url": "https://git.kernel.org/stable/c/8d0765f86135e27f0bb5c950c136495719b4c834"
},
{
"url": "https://git.kernel.org/stable/c/d078cbf5c38de83bc31f83c47dcd2184c04a50c7"
}
],
"title": "nfsd: call cache_put if xdr_reserve_space returns NULL",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47737",
"datePublished": "2024-10-21T12:14:07.168Z",
"dateReserved": "2024-09-30T16:00:12.959Z",
"dateUpdated": "2025-11-03T22:21:32.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47749 (GCVE-0-2024-47749)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
RDMA/cxgb4: Added NULL check for lookup_atid
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cxgb4: Added NULL check for lookup_atid
The lookup_atid() function can return NULL if the ATID is
invalid or does not exist in the identifier table, which
could lead to dereferencing a null pointer without a
check in the `act_establish()` and `act_open_rpl()` functions.
Add a NULL check to prevent null pointer dereferencing.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
cfdda9d764362ab77b11a410bb928400e6520d57 , < b12e25d91c7f97958341538c7dc63ee49d01548f
(git)
Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < 4e1fe68d695af367506ea3c794c5969630f21697 (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < dd598ac57dcae796cb58551074660c39b43fb155 (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < b11318dc8a1ec565300bb1a9073095af817cc508 (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < 39cb9f39913566ec5865581135f3e8123ad1aee1 (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < 0d50ae281a1712b9b2ca72830a96b8f11882358d (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < 54aaa3ed40972511e423b604324b881425b9ff1e (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < b9c94c8ba5a713817cffd74c4bacc05187469624 (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < e766e6a92410ca269161de059fff0843b8ddd65f (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:58:09.975914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:13.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:44.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/cxgb4/cm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b12e25d91c7f97958341538c7dc63ee49d01548f",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "4e1fe68d695af367506ea3c794c5969630f21697",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "dd598ac57dcae796cb58551074660c39b43fb155",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "b11318dc8a1ec565300bb1a9073095af817cc508",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "39cb9f39913566ec5865581135f3e8123ad1aee1",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "0d50ae281a1712b9b2ca72830a96b8f11882358d",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "54aaa3ed40972511e423b604324b881425b9ff1e",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "b9c94c8ba5a713817cffd74c4bacc05187469624",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "e766e6a92410ca269161de059fff0843b8ddd65f",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/cxgb4/cm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cxgb4: Added NULL check for lookup_atid\n\nThe lookup_atid() function can return NULL if the ATID is\ninvalid or does not exist in the identifier table, which\ncould lead to dereferencing a null pointer without a\ncheck in the `act_establish()` and `act_open_rpl()` functions.\nAdd a NULL check to prevent null pointer dereferencing.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:39:03.439Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b12e25d91c7f97958341538c7dc63ee49d01548f"
},
{
"url": "https://git.kernel.org/stable/c/4e1fe68d695af367506ea3c794c5969630f21697"
},
{
"url": "https://git.kernel.org/stable/c/dd598ac57dcae796cb58551074660c39b43fb155"
},
{
"url": "https://git.kernel.org/stable/c/b11318dc8a1ec565300bb1a9073095af817cc508"
},
{
"url": "https://git.kernel.org/stable/c/39cb9f39913566ec5865581135f3e8123ad1aee1"
},
{
"url": "https://git.kernel.org/stable/c/0d50ae281a1712b9b2ca72830a96b8f11882358d"
},
{
"url": "https://git.kernel.org/stable/c/54aaa3ed40972511e423b604324b881425b9ff1e"
},
{
"url": "https://git.kernel.org/stable/c/b9c94c8ba5a713817cffd74c4bacc05187469624"
},
{
"url": "https://git.kernel.org/stable/c/e766e6a92410ca269161de059fff0843b8ddd65f"
}
],
"title": "RDMA/cxgb4: Added NULL check for lookup_atid",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47749",
"datePublished": "2024-10-21T12:14:15.126Z",
"dateReserved": "2024-09-30T16:00:12.961Z",
"dateUpdated": "2025-11-03T22:21:44.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35980 (GCVE-0-2024-35980)
Vulnerability from cvelistv5 – Published: 2024-05-20 09:42 – Updated: 2025-05-04 09:09
VLAI?
EPSS
Title
arm64: tlb: Fix TLBI RANGE operand
Summary
In the Linux kernel, the following vulnerability has been resolved:
arm64: tlb: Fix TLBI RANGE operand
KVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty
pages are collected by VMM and the page table entries become write
protected during live migration. Unfortunately, the operand passed
to the TLBI RANGE instruction isn't correctly sorted out due to the
commit 117940aa6e5f ("KVM: arm64: Define kvm_tlb_flush_vmid_range()").
It leads to crash on the destination VM after live migration because
TLBs aren't flushed completely and some of the dirty pages are missed.
For example, I have a VM where 8GB memory is assigned, starting from
0x40000000 (1GB). Note that the host has 4KB as the base page size.
In the middile of migration, kvm_tlb_flush_vmid_range() is executed
to flush TLBs. It passes MAX_TLBI_RANGE_PAGES as the argument to
__kvm_tlb_flush_vmid_range() and __flush_s2_tlb_range_op(). SCALE#3
and NUM#31, corresponding to MAX_TLBI_RANGE_PAGES, isn't supported
by __TLBI_RANGE_NUM(). In this specific case, -1 has been returned
from __TLBI_RANGE_NUM() for SCALE#3/2/1/0 and rejected by the loop
in the __flush_tlb_range_op() until the variable @scale underflows
and becomes -9, 0xffff708000040000 is set as the operand. The operand
is wrong since it's sorted out by __TLBI_VADDR_RANGE() according to
invalid @scale and @num.
Fix it by extending __TLBI_RANGE_NUM() to support the combination of
SCALE#3 and NUM#31. With the changes, [-1 31] instead of [-1 30] can
be returned from the macro, meaning the TLBs for 0x200000 pages in the
above example can be flushed in one shoot with SCALE#3 and NUM#31. The
macro TLBI_RANGE_MASK is dropped since no one uses it any more. The
comments are also adjusted accordingly.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
117940aa6e5f8308f1529e1313660980f1dae771 , < ac4ad513de4fba18b4ac0ace132777d0910e8cfa
(git)
Affected: 117940aa6e5f8308f1529e1313660980f1dae771 , < 944db7b536baaf49d7e576af36a94f4719552b07 (git) Affected: 117940aa6e5f8308f1529e1313660980f1dae771 , < e3ba51ab24fddef79fc212f9840de54db8fd1685 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T17:01:18.086941Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:21.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac4ad513de4fba18b4ac0ace132777d0910e8cfa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/944db7b536baaf49d7e576af36a94f4719552b07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3ba51ab24fddef79fc212f9840de54db8fd1685"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm64/include/asm/tlbflush.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ac4ad513de4fba18b4ac0ace132777d0910e8cfa",
"status": "affected",
"version": "117940aa6e5f8308f1529e1313660980f1dae771",
"versionType": "git"
},
{
"lessThan": "944db7b536baaf49d7e576af36a94f4719552b07",
"status": "affected",
"version": "117940aa6e5f8308f1529e1313660980f1dae771",
"versionType": "git"
},
{
"lessThan": "e3ba51ab24fddef79fc212f9840de54db8fd1685",
"status": "affected",
"version": "117940aa6e5f8308f1529e1313660980f1dae771",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm64/include/asm/tlbflush.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: tlb: Fix TLBI RANGE operand\n\nKVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty\npages are collected by VMM and the page table entries become write\nprotected during live migration. Unfortunately, the operand passed\nto the TLBI RANGE instruction isn\u0027t correctly sorted out due to the\ncommit 117940aa6e5f (\"KVM: arm64: Define kvm_tlb_flush_vmid_range()\").\nIt leads to crash on the destination VM after live migration because\nTLBs aren\u0027t flushed completely and some of the dirty pages are missed.\n\nFor example, I have a VM where 8GB memory is assigned, starting from\n0x40000000 (1GB). Note that the host has 4KB as the base page size.\nIn the middile of migration, kvm_tlb_flush_vmid_range() is executed\nto flush TLBs. It passes MAX_TLBI_RANGE_PAGES as the argument to\n__kvm_tlb_flush_vmid_range() and __flush_s2_tlb_range_op(). SCALE#3\nand NUM#31, corresponding to MAX_TLBI_RANGE_PAGES, isn\u0027t supported\nby __TLBI_RANGE_NUM(). In this specific case, -1 has been returned\nfrom __TLBI_RANGE_NUM() for SCALE#3/2/1/0 and rejected by the loop\nin the __flush_tlb_range_op() until the variable @scale underflows\nand becomes -9, 0xffff708000040000 is set as the operand. The operand\nis wrong since it\u0027s sorted out by __TLBI_VADDR_RANGE() according to\ninvalid @scale and @num.\n\nFix it by extending __TLBI_RANGE_NUM() to support the combination of\nSCALE#3 and NUM#31. With the changes, [-1 31] instead of [-1 30] can\nbe returned from the macro, meaning the TLBs for 0x200000 pages in the\nabove example can be flushed in one shoot with SCALE#3 and NUM#31. The\nmacro TLBI_RANGE_MASK is dropped since no one uses it any more. The\ncomments are also adjusted accordingly."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:09:46.451Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ac4ad513de4fba18b4ac0ace132777d0910e8cfa"
},
{
"url": "https://git.kernel.org/stable/c/944db7b536baaf49d7e576af36a94f4719552b07"
},
{
"url": "https://git.kernel.org/stable/c/e3ba51ab24fddef79fc212f9840de54db8fd1685"
}
],
"title": "arm64: tlb: Fix TLBI RANGE operand",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35980",
"datePublished": "2024-05-20T09:42:05.085Z",
"dateReserved": "2024-05-17T13:50:33.144Z",
"dateUpdated": "2025-05-04T09:09:46.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47750 (GCVE-0-2024-47750)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08
Currently rsv_qp is freed before ib_unregister_device() is called
on HIP08. During the time interval, users can still dereg MR and
rsv_qp will be used in this process, leading to a UAF. Move the
release of rsv_qp after calling ib_unregister_device() to fix it.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
70f92521584f1d1e8268311ee84413307b0fdea8 , < 2ccf1c75d39949d8ea043d04a2e92d7100ea723d
(git)
Affected: 70f92521584f1d1e8268311ee84413307b0fdea8 , < d2d9c5127122745da6e887f451dd248cfeffca33 (git) Affected: 70f92521584f1d1e8268311ee84413307b0fdea8 , < dac2723d8bfa9cf5333f477741e6e5fa1ed34645 (git) Affected: 70f92521584f1d1e8268311ee84413307b0fdea8 , < 60595923371c2ebe7faf82536c47eb0c967e3425 (git) Affected: 70f92521584f1d1e8268311ee84413307b0fdea8 , < fd8489294dd2beefb70f12ec4f6132aeec61a4d0 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:58:02.690049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:13.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:45.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hns/hns_roce_hw_v2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2ccf1c75d39949d8ea043d04a2e92d7100ea723d",
"status": "affected",
"version": "70f92521584f1d1e8268311ee84413307b0fdea8",
"versionType": "git"
},
{
"lessThan": "d2d9c5127122745da6e887f451dd248cfeffca33",
"status": "affected",
"version": "70f92521584f1d1e8268311ee84413307b0fdea8",
"versionType": "git"
},
{
"lessThan": "dac2723d8bfa9cf5333f477741e6e5fa1ed34645",
"status": "affected",
"version": "70f92521584f1d1e8268311ee84413307b0fdea8",
"versionType": "git"
},
{
"lessThan": "60595923371c2ebe7faf82536c47eb0c967e3425",
"status": "affected",
"version": "70f92521584f1d1e8268311ee84413307b0fdea8",
"versionType": "git"
},
{
"lessThan": "fd8489294dd2beefb70f12ec4f6132aeec61a4d0",
"status": "affected",
"version": "70f92521584f1d1e8268311ee84413307b0fdea8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hns/hns_roce_hw_v2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix Use-After-Free of rsv_qp on HIP08\n\nCurrently rsv_qp is freed before ib_unregister_device() is called\non HIP08. During the time interval, users can still dereg MR and\nrsv_qp will be used in this process, leading to a UAF. Move the\nrelease of rsv_qp after calling ib_unregister_device() to fix it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:39:04.929Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2ccf1c75d39949d8ea043d04a2e92d7100ea723d"
},
{
"url": "https://git.kernel.org/stable/c/d2d9c5127122745da6e887f451dd248cfeffca33"
},
{
"url": "https://git.kernel.org/stable/c/dac2723d8bfa9cf5333f477741e6e5fa1ed34645"
},
{
"url": "https://git.kernel.org/stable/c/60595923371c2ebe7faf82536c47eb0c967e3425"
},
{
"url": "https://git.kernel.org/stable/c/fd8489294dd2beefb70f12ec4f6132aeec61a4d0"
}
],
"title": "RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47750",
"datePublished": "2024-10-21T12:14:15.786Z",
"dateReserved": "2024-09-30T16:00:12.961Z",
"dateUpdated": "2025-11-03T22:21:45.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49950 (GCVE-0-2024-49950)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
Bluetooth: L2CAP: Fix uaf in l2cap_connect
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: L2CAP: Fix uaf in l2cap_connect
[Syzbot reported]
BUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949
Read of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54
CPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Workqueue: hci2 hci_rx_work
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:93 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119
print_address_description mm/kasan/report.c:377 [inline]
print_report+0xc3/0x620 mm/kasan/report.c:488
kasan_report+0xd9/0x110 mm/kasan/report.c:601
l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949
l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]
l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]
l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]
l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825
l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514
hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]
hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028
process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
process_scheduled_works kernel/workqueue.c:3312 [inline]
worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
...
Freed by task 5245:
kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579
poison_slab_object+0xf7/0x160 mm/kasan/common.c:240
__kasan_slab_free+0x32/0x50 mm/kasan/common.c:256
kasan_slab_free include/linux/kasan.h:184 [inline]
slab_free_hook mm/slub.c:2256 [inline]
slab_free mm/slub.c:4477 [inline]
kfree+0x12a/0x3b0 mm/slub.c:4598
l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]
kref_put include/linux/kref.h:65 [inline]
l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]
l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802
l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241
hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]
hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265
hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583
abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917
hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328
process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
process_scheduled_works kernel/workqueue.c:3312 [inline]
worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
7b064edae38d62d8587a8c574f93b53ce75ae749 , < 686e05c9dbd68766c6bda5f31f7e077f36a7fb29
(git)
Affected: 7b064edae38d62d8587a8c574f93b53ce75ae749 , < b22346eec479a30bfa4a02ad2c551b54809694d0 (git) Affected: 7b064edae38d62d8587a8c574f93b53ce75ae749 , < b90907696c30172b809aa3dd2f0caffae761e4c6 (git) Affected: 7b064edae38d62d8587a8c574f93b53ce75ae749 , < 78d30ce16fdf9c301bcd8b83ce613cea079cea83 (git) Affected: 7b064edae38d62d8587a8c574f93b53ce75ae749 , < a1c6174e23df10b8e5770e82d63bc6e2118a3dc7 (git) Affected: 7b064edae38d62d8587a8c574f93b53ce75ae749 , < 333b4fd11e89b29c84c269123f871883a30be586 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:36:31.459862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:49.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:30.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_core.c",
"net/bluetooth/hci_event.c",
"net/bluetooth/l2cap_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "686e05c9dbd68766c6bda5f31f7e077f36a7fb29",
"status": "affected",
"version": "7b064edae38d62d8587a8c574f93b53ce75ae749",
"versionType": "git"
},
{
"lessThan": "b22346eec479a30bfa4a02ad2c551b54809694d0",
"status": "affected",
"version": "7b064edae38d62d8587a8c574f93b53ce75ae749",
"versionType": "git"
},
{
"lessThan": "b90907696c30172b809aa3dd2f0caffae761e4c6",
"status": "affected",
"version": "7b064edae38d62d8587a8c574f93b53ce75ae749",
"versionType": "git"
},
{
"lessThan": "78d30ce16fdf9c301bcd8b83ce613cea079cea83",
"status": "affected",
"version": "7b064edae38d62d8587a8c574f93b53ce75ae749",
"versionType": "git"
},
{
"lessThan": "a1c6174e23df10b8e5770e82d63bc6e2118a3dc7",
"status": "affected",
"version": "7b064edae38d62d8587a8c574f93b53ce75ae749",
"versionType": "git"
},
{
"lessThan": "333b4fd11e89b29c84c269123f871883a30be586",
"status": "affected",
"version": "7b064edae38d62d8587a8c574f93b53ce75ae749",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_core.c",
"net/bluetooth/hci_event.c",
"net/bluetooth/l2cap_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.118",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.118",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:42:09.368Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/686e05c9dbd68766c6bda5f31f7e077f36a7fb29"
},
{
"url": "https://git.kernel.org/stable/c/b22346eec479a30bfa4a02ad2c551b54809694d0"
},
{
"url": "https://git.kernel.org/stable/c/b90907696c30172b809aa3dd2f0caffae761e4c6"
},
{
"url": "https://git.kernel.org/stable/c/78d30ce16fdf9c301bcd8b83ce613cea079cea83"
},
{
"url": "https://git.kernel.org/stable/c/a1c6174e23df10b8e5770e82d63bc6e2118a3dc7"
},
{
"url": "https://git.kernel.org/stable/c/333b4fd11e89b29c84c269123f871883a30be586"
}
],
"title": "Bluetooth: L2CAP: Fix uaf in l2cap_connect",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49950",
"datePublished": "2024-10-21T18:02:06.387Z",
"dateReserved": "2024-10-21T12:17:06.046Z",
"dateUpdated": "2025-11-03T22:23:30.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46721 (GCVE-0-2024-46721)
Vulnerability from cvelistv5 – Published: 2024-09-18 06:32 – Updated: 2026-01-05 10:52
VLAI?
EPSS
Title
apparmor: fix possible NULL pointer dereference
Summary
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix possible NULL pointer dereference
profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made
from __create_missing_ancestors(..) and 'ent->old' is NULL in
aa_replace_profiles(..).
In that case, it must return an error code and the code, -ENOENT represents
its state that the path of its parent is not existed yet.
BUG: kernel NULL pointer dereference, address: 0000000000000030
PGD 0 P4D 0
PREEMPT SMP PTI
CPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014
RIP: 0010:aafs_create.constprop.0+0x7f/0x130
Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae
RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0
Call Trace:
<TASK>
? show_regs+0x6d/0x80
? __die+0x24/0x80
? page_fault_oops+0x99/0x1b0
? kernelmode_fixup_or_oops+0xb2/0x140
? __bad_area_nosemaphore+0x1a5/0x2c0
? find_vma+0x34/0x60
? bad_area_nosemaphore+0x16/0x30
? do_user_addr_fault+0x2a2/0x6b0
? exc_page_fault+0x83/0x1b0
? asm_exc_page_fault+0x27/0x30
? aafs_create.constprop.0+0x7f/0x130
? aafs_create.constprop.0+0x51/0x130
__aafs_profile_mkdir+0x3d6/0x480
aa_replace_profiles+0x83f/0x1270
policy_update+0xe3/0x180
profile_load+0xbc/0x150
? rw_verify_area+0x47/0x140
vfs_write+0x100/0x480
? __x64_sys_openat+0x55/0xa0
? syscall_exit_to_user_mode+0x86/0x260
ksys_write+0x73/0x100
__x64_sys_write+0x19/0x30
x64_sys_call+0x7e/0x25c0
do_syscall_64+0x7f/0x180
entry_SYSCALL_64_after_hwframe+0x78/0x80
RIP: 0033:0x7be9f211c574
Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89
RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574
RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004
RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000
R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80
R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30
</TASK>
Modules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas
CR2: 0000000000000030
---[ end trace 0000000000000000 ]---
RIP: 0010:aafs_create.constprop.0+0x7f/0x130
Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae
RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000
---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
665b1856dc2399828d8ee07a18d4fd79868e729a , < 59f742e55a469ef36c5c1533b6095a103b61eda8
(git)
Affected: 665b1856dc2399828d8ee07a18d4fd79868e729a , < c49bbe69ee152bd9c1c1f314c0f582e76c578f64 (git) Affected: 665b1856dc2399828d8ee07a18d4fd79868e729a , < 3dd384108d53834002be5630132ad5c3f32166ad (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:56:49.835050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:57:04.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:16:57.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"security/apparmor/apparmorfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "59f742e55a469ef36c5c1533b6095a103b61eda8",
"status": "affected",
"version": "665b1856dc2399828d8ee07a18d4fd79868e729a",
"versionType": "git"
},
{
"lessThan": "c49bbe69ee152bd9c1c1f314c0f582e76c578f64",
"status": "affected",
"version": "665b1856dc2399828d8ee07a18d4fd79868e729a",
"versionType": "git"
},
{
"lessThan": "3dd384108d53834002be5630132ad5c3f32166ad",
"status": "affected",
"version": "665b1856dc2399828d8ee07a18d4fd79868e729a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"security/apparmor/apparmorfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.50",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.50",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix possible NULL pointer dereference\n\nprofile-\u003eparent-\u003edents[AAFS_PROF_DIR] could be NULL only if its parent is made\nfrom __create_missing_ancestors(..) and \u0027ent-\u003eold\u0027 is NULL in\naa_replace_profiles(..).\nIn that case, it must return an error code and the code, -ENOENT represents\nits state that the path of its parent is not existed yet.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000030\nPGD 0 P4D 0\nPREEMPT SMP PTI\nCPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc \u003c4d\u003e 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x6d/0x80\n ? __die+0x24/0x80\n ? page_fault_oops+0x99/0x1b0\n ? kernelmode_fixup_or_oops+0xb2/0x140\n ? __bad_area_nosemaphore+0x1a5/0x2c0\n ? find_vma+0x34/0x60\n ? bad_area_nosemaphore+0x16/0x30\n ? do_user_addr_fault+0x2a2/0x6b0\n ? exc_page_fault+0x83/0x1b0\n ? asm_exc_page_fault+0x27/0x30\n ? aafs_create.constprop.0+0x7f/0x130\n ? aafs_create.constprop.0+0x51/0x130\n __aafs_profile_mkdir+0x3d6/0x480\n aa_replace_profiles+0x83f/0x1270\n policy_update+0xe3/0x180\n profile_load+0xbc/0x150\n ? rw_verify_area+0x47/0x140\n vfs_write+0x100/0x480\n ? __x64_sys_openat+0x55/0xa0\n ? syscall_exit_to_user_mode+0x86/0x260\n ksys_write+0x73/0x100\n __x64_sys_write+0x19/0x30\n x64_sys_call+0x7e/0x25c0\n do_syscall_64+0x7f/0x180\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7be9f211c574\nCode: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89\nRSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574\nRDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004\nRBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80\nR13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30\n \u003c/TASK\u003e\nModules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas\nCR2: 0000000000000030\n---[ end trace 0000000000000000 ]---\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc \u003c4d\u003e 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:52:55.596Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/59f742e55a469ef36c5c1533b6095a103b61eda8"
},
{
"url": "https://git.kernel.org/stable/c/c49bbe69ee152bd9c1c1f314c0f582e76c578f64"
},
{
"url": "https://git.kernel.org/stable/c/3dd384108d53834002be5630132ad5c3f32166ad"
}
],
"title": "apparmor: fix possible NULL pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46721",
"datePublished": "2024-09-18T06:32:19.327Z",
"dateReserved": "2024-09-11T15:12:18.255Z",
"dateUpdated": "2026-01-05T10:52:55.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46846 (GCVE-0-2024-46846)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:39 – Updated: 2025-11-03 22:19
VLAI?
EPSS
Title
spi: rockchip: Resolve unbalanced runtime PM / system PM handling
Summary
In the Linux kernel, the following vulnerability has been resolved:
spi: rockchip: Resolve unbalanced runtime PM / system PM handling
Commit e882575efc77 ("spi: rockchip: Suspend and resume the bus during
NOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status and
simply disabled clocks unconditionally when suspending the system. This
causes problems when the device is already runtime suspended when we go
to sleep -- in which case we double-disable clocks and produce a
WARNing.
Switch back to pm_runtime_force_{suspend,resume}(), because that still
seems like the right thing to do, and the aforementioned commit makes no
explanation why it stopped using it.
Also, refactor some of the resume() error handling, because it's not
actually a good idea to re-disable clocks on failure.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
e882575efc771f130a24322377dc1033551da11d , < 14f970a8d03d882b15b97beb83bd84ac8ba6298c
(git)
Affected: e882575efc771f130a24322377dc1033551da11d , < d034bff62faea1a2219e0d2f3d17263265f24087 (git) Affected: e882575efc771f130a24322377dc1033551da11d , < 0efbad8445fbba7896402500a1473450a299a08a (git) Affected: e882575efc771f130a24322377dc1033551da11d , < be721b451affbecc4ba4eaac3b71cdbdcade1b1b (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T13:59:01.239641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T13:59:05.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:19:33.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi-rockchip.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "14f970a8d03d882b15b97beb83bd84ac8ba6298c",
"status": "affected",
"version": "e882575efc771f130a24322377dc1033551da11d",
"versionType": "git"
},
{
"lessThan": "d034bff62faea1a2219e0d2f3d17263265f24087",
"status": "affected",
"version": "e882575efc771f130a24322377dc1033551da11d",
"versionType": "git"
},
{
"lessThan": "0efbad8445fbba7896402500a1473450a299a08a",
"status": "affected",
"version": "e882575efc771f130a24322377dc1033551da11d",
"versionType": "git"
},
{
"lessThan": "be721b451affbecc4ba4eaac3b71cdbdcade1b1b",
"status": "affected",
"version": "e882575efc771f130a24322377dc1033551da11d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi-rockchip.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.110",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: rockchip: Resolve unbalanced runtime PM / system PM handling\n\nCommit e882575efc77 (\"spi: rockchip: Suspend and resume the bus during\nNOIRQ_SYSTEM_SLEEP_PM ops\") stopped respecting runtime PM status and\nsimply disabled clocks unconditionally when suspending the system. This\ncauses problems when the device is already runtime suspended when we go\nto sleep -- in which case we double-disable clocks and produce a\nWARNing.\n\nSwitch back to pm_runtime_force_{suspend,resume}(), because that still\nseems like the right thing to do, and the aforementioned commit makes no\nexplanation why it stopped using it.\n\nAlso, refactor some of the resume() error handling, because it\u0027s not\nactually a good idea to re-disable clocks on failure."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:35:48.961Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/14f970a8d03d882b15b97beb83bd84ac8ba6298c"
},
{
"url": "https://git.kernel.org/stable/c/d034bff62faea1a2219e0d2f3d17263265f24087"
},
{
"url": "https://git.kernel.org/stable/c/0efbad8445fbba7896402500a1473450a299a08a"
},
{
"url": "https://git.kernel.org/stable/c/be721b451affbecc4ba4eaac3b71cdbdcade1b1b"
}
],
"title": "spi: rockchip: Resolve unbalanced runtime PM / system PM handling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46846",
"datePublished": "2024-09-27T12:39:38.928Z",
"dateReserved": "2024-09-11T15:12:18.289Z",
"dateUpdated": "2025-11-03T22:19:33.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-42253 (GCVE-0-2024-42253)
Vulnerability from cvelistv5 – Published: 2024-08-08 08:46 – Updated: 2026-01-05 10:52
VLAI?
EPSS
Title
gpio: pca953x: fix pca953x_irq_bus_sync_unlock race
Summary
In the Linux kernel, the following vulnerability has been resolved:
gpio: pca953x: fix pca953x_irq_bus_sync_unlock race
Ensure that `i2c_lock' is held when setting interrupt latch and mask in
pca953x_irq_bus_sync_unlock() in order to avoid races.
The other (non-probe) call site pca953x_gpio_set_multiple() ensures the
lock is held before calling pca953x_write_regs().
The problem occurred when a request raced against irq_bus_sync_unlock()
approximately once per thousand reboots on an i.MX8MP based system.
* Normal case
0-0022: write register AI|3a {03,02,00,00,01} Input latch P0
0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0
0-0022: write register AI|08 {ff,00,00,00,00} Output P3
0-0022: write register AI|12 {fc,00,00,00,00} Config P3
* Race case
0-0022: write register AI|08 {ff,00,00,00,00} Output P3
0-0022: write register AI|08 {03,02,00,00,01} *** Wrong register ***
0-0022: write register AI|12 {fc,00,00,00,00} Config P3
0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
44896beae605b93f2232301befccb7ef42953198 , < 58a5c93bd1a6e949267400080f07e57ffe05ec34
(git)
Affected: 44896beae605b93f2232301befccb7ef42953198 , < e2ecdddca80dd845df42376e4b0197fe97018ba2 (git) Affected: 44896beae605b93f2232301befccb7ef42953198 , < de7cffa53149c7b48bd1bb29b02390c9f05b7f41 (git) Affected: 44896beae605b93f2232301befccb7ef42953198 , < bfc6444b57dc7186b6acc964705d7516cbaf3904 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:13:09.580370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:30.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:02:52.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpio-pca953x.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "58a5c93bd1a6e949267400080f07e57ffe05ec34",
"status": "affected",
"version": "44896beae605b93f2232301befccb7ef42953198",
"versionType": "git"
},
{
"lessThan": "e2ecdddca80dd845df42376e4b0197fe97018ba2",
"status": "affected",
"version": "44896beae605b93f2232301befccb7ef42953198",
"versionType": "git"
},
{
"lessThan": "de7cffa53149c7b48bd1bb29b02390c9f05b7f41",
"status": "affected",
"version": "44896beae605b93f2232301befccb7ef42953198",
"versionType": "git"
},
{
"lessThan": "bfc6444b57dc7186b6acc964705d7516cbaf3904",
"status": "affected",
"version": "44896beae605b93f2232301befccb7ef42953198",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpio-pca953x.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.101",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.42",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: pca953x: fix pca953x_irq_bus_sync_unlock race\n\nEnsure that `i2c_lock\u0027 is held when setting interrupt latch and mask in\npca953x_irq_bus_sync_unlock() in order to avoid races.\n\nThe other (non-probe) call site pca953x_gpio_set_multiple() ensures the\nlock is held before calling pca953x_write_regs().\n\nThe problem occurred when a request raced against irq_bus_sync_unlock()\napproximately once per thousand reboots on an i.MX8MP based system.\n\n * Normal case\n\n 0-0022: write register AI|3a {03,02,00,00,01} Input latch P0\n 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0\n 0-0022: write register AI|08 {ff,00,00,00,00} Output P3\n 0-0022: write register AI|12 {fc,00,00,00,00} Config P3\n\n * Race case\n\n 0-0022: write register AI|08 {ff,00,00,00,00} Output P3\n 0-0022: write register AI|08 {03,02,00,00,01} *** Wrong register ***\n 0-0022: write register AI|12 {fc,00,00,00,00} Config P3\n 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0"
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:52:08.494Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/58a5c93bd1a6e949267400080f07e57ffe05ec34"
},
{
"url": "https://git.kernel.org/stable/c/e2ecdddca80dd845df42376e4b0197fe97018ba2"
},
{
"url": "https://git.kernel.org/stable/c/de7cffa53149c7b48bd1bb29b02390c9f05b7f41"
},
{
"url": "https://git.kernel.org/stable/c/bfc6444b57dc7186b6acc964705d7516cbaf3904"
}
],
"title": "gpio: pca953x: fix pca953x_irq_bus_sync_unlock race",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42253",
"datePublished": "2024-08-08T08:46:29.284Z",
"dateReserved": "2024-07-30T07:40:12.256Z",
"dateUpdated": "2026-01-05T10:52:08.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47735 (GCVE-0-2024-47735)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled
Fix missuse of spin_lock_irq()/spin_unlock_irq() when
spin_lock_irqsave()/spin_lock_irqrestore() was hold.
This was discovered through the lock debugging, and the corresponding
log is as follows:
raw_local_irq_restore() called with IRQs enabled
WARNING: CPU: 96 PID: 2074 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40
...
Call trace:
warn_bogus_irq_restore+0x30/0x40
_raw_spin_unlock_irqrestore+0x84/0xc8
add_qp_to_list+0x11c/0x148 [hns_roce_hw_v2]
hns_roce_create_qp_common.constprop.0+0x240/0x780 [hns_roce_hw_v2]
hns_roce_create_qp+0x98/0x160 [hns_roce_hw_v2]
create_qp+0x138/0x258
ib_create_qp_kernel+0x50/0xe8
create_mad_qp+0xa8/0x128
ib_mad_port_open+0x218/0x448
ib_mad_init_device+0x70/0x1f8
add_client_context+0xfc/0x220
enable_device_and_get+0xd0/0x140
ib_register_device.part.0+0xf4/0x1c8
ib_register_device+0x34/0x50
hns_roce_register_device+0x174/0x3d0 [hns_roce_hw_v2]
hns_roce_init+0xfc/0x2c0 [hns_roce_hw_v2]
__hns_roce_hw_v2_init_instance+0x7c/0x1d0 [hns_roce_hw_v2]
hns_roce_hw_v2_init_instance+0x9c/0x180 [hns_roce_hw_v2]
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
9a4435375cd151e07c0c38fa601b00115986091b , < 07f0f643d7e570dbe8ef6f5c3367a43e3086a335
(git)
Affected: 9a4435375cd151e07c0c38fa601b00115986091b , < 29c0f546d3fd66238b42cf25bcd5f193bb1cf794 (git) Affected: 9a4435375cd151e07c0c38fa601b00115986091b , < 425589d4af09c49574bd71ac31f811362a5126c3 (git) Affected: 9a4435375cd151e07c0c38fa601b00115986091b , < 094a1821903f33fb91de4b71087773ee16aeb3a0 (git) Affected: 9a4435375cd151e07c0c38fa601b00115986091b , < 2656336a84fcb6802f6e6c233f4661891deea24f (git) Affected: 9a4435375cd151e07c0c38fa601b00115986091b , < a1a3403bb1826c8ec787f0d60c3e7b54f419129e (git) Affected: 9a4435375cd151e07c0c38fa601b00115986091b , < 74d315b5af180220d561684d15897730135733a6 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47735",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:59:57.677353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:15.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:31.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hns/hns_roce_qp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "07f0f643d7e570dbe8ef6f5c3367a43e3086a335",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "29c0f546d3fd66238b42cf25bcd5f193bb1cf794",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "425589d4af09c49574bd71ac31f811362a5126c3",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "094a1821903f33fb91de4b71087773ee16aeb3a0",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "2656336a84fcb6802f6e6c233f4661891deea24f",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "a1a3403bb1826c8ec787f0d60c3e7b54f419129e",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "74d315b5af180220d561684d15897730135733a6",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hns/hns_roce_qp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled\n\nFix missuse of spin_lock_irq()/spin_unlock_irq() when\nspin_lock_irqsave()/spin_lock_irqrestore() was hold.\n\nThis was discovered through the lock debugging, and the corresponding\nlog is as follows:\n\nraw_local_irq_restore() called with IRQs enabled\nWARNING: CPU: 96 PID: 2074 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40\n...\nCall trace:\n warn_bogus_irq_restore+0x30/0x40\n _raw_spin_unlock_irqrestore+0x84/0xc8\n add_qp_to_list+0x11c/0x148 [hns_roce_hw_v2]\n hns_roce_create_qp_common.constprop.0+0x240/0x780 [hns_roce_hw_v2]\n hns_roce_create_qp+0x98/0x160 [hns_roce_hw_v2]\n create_qp+0x138/0x258\n ib_create_qp_kernel+0x50/0xe8\n create_mad_qp+0xa8/0x128\n ib_mad_port_open+0x218/0x448\n ib_mad_init_device+0x70/0x1f8\n add_client_context+0xfc/0x220\n enable_device_and_get+0xd0/0x140\n ib_register_device.part.0+0xf4/0x1c8\n ib_register_device+0x34/0x50\n hns_roce_register_device+0x174/0x3d0 [hns_roce_hw_v2]\n hns_roce_init+0xfc/0x2c0 [hns_roce_hw_v2]\n __hns_roce_hw_v2_init_instance+0x7c/0x1d0 [hns_roce_hw_v2]\n hns_roce_hw_v2_init_instance+0x9c/0x180 [hns_roce_hw_v2]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:38:38.356Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/07f0f643d7e570dbe8ef6f5c3367a43e3086a335"
},
{
"url": "https://git.kernel.org/stable/c/29c0f546d3fd66238b42cf25bcd5f193bb1cf794"
},
{
"url": "https://git.kernel.org/stable/c/425589d4af09c49574bd71ac31f811362a5126c3"
},
{
"url": "https://git.kernel.org/stable/c/094a1821903f33fb91de4b71087773ee16aeb3a0"
},
{
"url": "https://git.kernel.org/stable/c/2656336a84fcb6802f6e6c233f4661891deea24f"
},
{
"url": "https://git.kernel.org/stable/c/a1a3403bb1826c8ec787f0d60c3e7b54f419129e"
},
{
"url": "https://git.kernel.org/stable/c/74d315b5af180220d561684d15897730135733a6"
}
],
"title": "RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47735",
"datePublished": "2024-10-21T12:14:05.876Z",
"dateReserved": "2024-09-30T16:00:12.958Z",
"dateUpdated": "2025-11-03T22:21:31.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50073 (GCVE-0-2024-50073)
Vulnerability from cvelistv5 – Published: 2024-10-29 00:50 – Updated: 2026-01-05 10:55
VLAI?
EPSS
Title
tty: n_gsm: Fix use-after-free in gsm_cleanup_mux
Summary
In the Linux kernel, the following vulnerability has been resolved:
tty: n_gsm: Fix use-after-free in gsm_cleanup_mux
BUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0
drivers/tty/n_gsm.c:3160 [n_gsm]
Read of size 8 at addr ffff88815fe99c00 by task poc/3379
CPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56
Hardware name: VMware, Inc. VMware Virtual Platform/440BX
Desktop Reference Platform, BIOS 6.00 11/12/2020
Call Trace:
<TASK>
gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]
__pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]
__pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389
update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500
__pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846
__rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161
gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]
_raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107
__pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]
ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195
ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79
__pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338
__pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805
tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818
Allocated by task 65:
gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]
gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]
gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]
gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]
tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391
tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39
flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445
process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229
worker_thread+0x3dc/0x950 kernel/workqueue.c:3391
kthread+0x2a3/0x370 kernel/kthread.c:389
ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257
Freed by task 3367:
kfree+0x126/0x420 mm/slub.c:4580
gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]
gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]
tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818
[Analysis]
gsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux
can be freed by multi threads through ioctl,which leads
to the occurrence of uaf. Protect it by gsm tx lock.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
0af021678d5d30c31f5a6b631f404ead3575212a , < bf171b5e86e41de4c1cf32fb7aefa275c3d7de49
(git)
Affected: 0af021678d5d30c31f5a6b631f404ead3575212a , < c29f192e0d44cc1cbaf698fa1ff198f63556691a (git) Affected: 0af021678d5d30c31f5a6b631f404ead3575212a , < 0eec592c6a7460ba795d7de29f3dc95cb5422e62 (git) Affected: 0af021678d5d30c31f5a6b631f404ead3575212a , < 9462f4ca56e7d2430fdb6dcc8498244acbfc4489 (git) Affected: c165698c9919b000bdbe73859d3bb7b33bdb9223 (git) Affected: 7962a4b900099cf90e02859bb297f2c618d8d940 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T14:26:06.514773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T14:58:34.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:25:08.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/n_gsm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bf171b5e86e41de4c1cf32fb7aefa275c3d7de49",
"status": "affected",
"version": "0af021678d5d30c31f5a6b631f404ead3575212a",
"versionType": "git"
},
{
"lessThan": "c29f192e0d44cc1cbaf698fa1ff198f63556691a",
"status": "affected",
"version": "0af021678d5d30c31f5a6b631f404ead3575212a",
"versionType": "git"
},
{
"lessThan": "0eec592c6a7460ba795d7de29f3dc95cb5422e62",
"status": "affected",
"version": "0af021678d5d30c31f5a6b631f404ead3575212a",
"versionType": "git"
},
{
"lessThan": "9462f4ca56e7d2430fdb6dcc8498244acbfc4489",
"status": "affected",
"version": "0af021678d5d30c31f5a6b631f404ead3575212a",
"versionType": "git"
},
{
"status": "affected",
"version": "c165698c9919b000bdbe73859d3bb7b33bdb9223",
"versionType": "git"
},
{
"status": "affected",
"version": "7962a4b900099cf90e02859bb297f2c618d8d940",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/n_gsm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.114",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.114",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.58",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.5",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.18.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.19.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:55:01.531Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bf171b5e86e41de4c1cf32fb7aefa275c3d7de49"
},
{
"url": "https://git.kernel.org/stable/c/c29f192e0d44cc1cbaf698fa1ff198f63556691a"
},
{
"url": "https://git.kernel.org/stable/c/0eec592c6a7460ba795d7de29f3dc95cb5422e62"
},
{
"url": "https://git.kernel.org/stable/c/9462f4ca56e7d2430fdb6dcc8498244acbfc4489"
}
],
"title": "tty: n_gsm: Fix use-after-free in gsm_cleanup_mux",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50073",
"datePublished": "2024-10-29T00:50:15.219Z",
"dateReserved": "2024-10-21T19:36:19.940Z",
"dateUpdated": "2026-01-05T10:55:01.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47698 (GCVE-0-2024-47698)
Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
Summary
In the Linux kernel, the following vulnerability has been resolved:
drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
Ensure index in rtl2832_pid_filter does not exceed 31 to prevent
out-of-bounds access.
dev->filters is a 32-bit value, so set_bit and clear_bit functions should
only operate on indices from 0 to 31. If index is 32, it will attempt to
access a non-existent 33rd bit, leading to out-of-bounds access.
Change the boundary check from index > 32 to index >= 32 to resolve this
issue.
[hverkuil: added fixes tag, rtl2830_pid_filter -> rtl2832_pid_filter in logmsg]
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
4b01e01a81b6629878344430531ced347cc2ed5b , < 7065c05c6d58b9b9a98127aa14e9a5ec68173918
(git)
Affected: 4b01e01a81b6629878344430531ced347cc2ed5b , < 49b33c38d202d3327dcfd058e27f541dcc308b92 (git) Affected: 4b01e01a81b6629878344430531ced347cc2ed5b , < 6ae3b9aee42616ee93c4585174f40c767828006d (git) Affected: 4b01e01a81b6629878344430531ced347cc2ed5b , < a879b6cdd48134a3d58949ea4f075c75fa2d7d71 (git) Affected: 4b01e01a81b6629878344430531ced347cc2ed5b , < 15bea004e939d938a6771dfcf2a26cc899ffd20a (git) Affected: 4b01e01a81b6629878344430531ced347cc2ed5b , < 527ab3eb3b0b4a6ee00e183c1de6a730239e2835 (git) Affected: 4b01e01a81b6629878344430531ced347cc2ed5b , < 66dbe0df6eccc7ee53a2c35016ce81e13b3ff447 (git) Affected: 4b01e01a81b6629878344430531ced347cc2ed5b , < bedd42e07988dbdd124b23e758ffef7a681b9c60 (git) Affected: 4b01e01a81b6629878344430531ced347cc2ed5b , < 8ae06f360cfaca2b88b98ca89144548b3186aab1 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:04:57.159768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:14:14.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:04.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-frontends/rtl2832.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7065c05c6d58b9b9a98127aa14e9a5ec68173918",
"status": "affected",
"version": "4b01e01a81b6629878344430531ced347cc2ed5b",
"versionType": "git"
},
{
"lessThan": "49b33c38d202d3327dcfd058e27f541dcc308b92",
"status": "affected",
"version": "4b01e01a81b6629878344430531ced347cc2ed5b",
"versionType": "git"
},
{
"lessThan": "6ae3b9aee42616ee93c4585174f40c767828006d",
"status": "affected",
"version": "4b01e01a81b6629878344430531ced347cc2ed5b",
"versionType": "git"
},
{
"lessThan": "a879b6cdd48134a3d58949ea4f075c75fa2d7d71",
"status": "affected",
"version": "4b01e01a81b6629878344430531ced347cc2ed5b",
"versionType": "git"
},
{
"lessThan": "15bea004e939d938a6771dfcf2a26cc899ffd20a",
"status": "affected",
"version": "4b01e01a81b6629878344430531ced347cc2ed5b",
"versionType": "git"
},
{
"lessThan": "527ab3eb3b0b4a6ee00e183c1de6a730239e2835",
"status": "affected",
"version": "4b01e01a81b6629878344430531ced347cc2ed5b",
"versionType": "git"
},
{
"lessThan": "66dbe0df6eccc7ee53a2c35016ce81e13b3ff447",
"status": "affected",
"version": "4b01e01a81b6629878344430531ced347cc2ed5b",
"versionType": "git"
},
{
"lessThan": "bedd42e07988dbdd124b23e758ffef7a681b9c60",
"status": "affected",
"version": "4b01e01a81b6629878344430531ced347cc2ed5b",
"versionType": "git"
},
{
"lessThan": "8ae06f360cfaca2b88b98ca89144548b3186aab1",
"status": "affected",
"version": "4b01e01a81b6629878344430531ced347cc2ed5b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-frontends/rtl2832.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"lessThan": "4.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error\n\nEnsure index in rtl2832_pid_filter does not exceed 31 to prevent\nout-of-bounds access.\n\ndev-\u003efilters is a 32-bit value, so set_bit and clear_bit functions should\nonly operate on indices from 0 to 31. If index is 32, it will attempt to\naccess a non-existent 33rd bit, leading to out-of-bounds access.\nChange the boundary check from index \u003e 32 to index \u003e= 32 to resolve this\nissue.\n\n[hverkuil: added fixes tag, rtl2830_pid_filter -\u003e rtl2832_pid_filter in logmsg]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:37:39.159Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7065c05c6d58b9b9a98127aa14e9a5ec68173918"
},
{
"url": "https://git.kernel.org/stable/c/49b33c38d202d3327dcfd058e27f541dcc308b92"
},
{
"url": "https://git.kernel.org/stable/c/6ae3b9aee42616ee93c4585174f40c767828006d"
},
{
"url": "https://git.kernel.org/stable/c/a879b6cdd48134a3d58949ea4f075c75fa2d7d71"
},
{
"url": "https://git.kernel.org/stable/c/15bea004e939d938a6771dfcf2a26cc899ffd20a"
},
{
"url": "https://git.kernel.org/stable/c/527ab3eb3b0b4a6ee00e183c1de6a730239e2835"
},
{
"url": "https://git.kernel.org/stable/c/66dbe0df6eccc7ee53a2c35016ce81e13b3ff447"
},
{
"url": "https://git.kernel.org/stable/c/bedd42e07988dbdd124b23e758ffef7a681b9c60"
},
{
"url": "https://git.kernel.org/stable/c/8ae06f360cfaca2b88b98ca89144548b3186aab1"
}
],
"title": "drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47698",
"datePublished": "2024-10-21T11:53:35.311Z",
"dateReserved": "2024-09-30T16:00:12.944Z",
"dateUpdated": "2025-11-03T22:21:04.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47663 (GCVE-0-2024-47663)
Vulnerability from cvelistv5 – Published: 2024-10-09 14:13 – Updated: 2025-11-03 22:20
VLAI?
EPSS
Title
staging: iio: frequency: ad9834: Validate frequency parameter value
Summary
In the Linux kernel, the following vulnerability has been resolved:
staging: iio: frequency: ad9834: Validate frequency parameter value
In ad9834_write_frequency() clk_get_rate() can return 0. In such case
ad9834_calc_freqreg() call will lead to division by zero. Checking
'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0.
ad9834_write_frequency() is called from ad9834_write(), where fout is
taken from text buffer, which can contain any value.
Modify parameters checking.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
12b9d5bf76bfa20d3207ef24fca9c8254a586a58 , < 5edc3a45ef428501000a7b23d0e1777a548907f6
(git)
Affected: 12b9d5bf76bfa20d3207ef24fca9c8254a586a58 , < 0e727707a239d5c519fc9abc2f0fd913516a7e47 (git) Affected: 12b9d5bf76bfa20d3207ef24fca9c8254a586a58 , < 41cc91e3138fe52f8da92a81bebcd0e6cf488c53 (git) Affected: 12b9d5bf76bfa20d3207ef24fca9c8254a586a58 , < d8b09a5edc4a634373158c1a405491de3c52e58a (git) Affected: 12b9d5bf76bfa20d3207ef24fca9c8254a586a58 , < 3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e (git) Affected: 12b9d5bf76bfa20d3207ef24fca9c8254a586a58 , < dc12e49f970b08d8b007b8981b97e2eb93c0e89d (git) Affected: 12b9d5bf76bfa20d3207ef24fca9c8254a586a58 , < 8961b245e8f92bccbaacfbbdf69eba60e3e7c227 (git) Affected: 12b9d5bf76bfa20d3207ef24fca9c8254a586a58 , < b48aa991758999d4e8f9296c5bbe388f293ef465 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T13:22:28.473649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T13:22:42.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:20:26.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/staging/iio/frequency/ad9834.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5edc3a45ef428501000a7b23d0e1777a548907f6",
"status": "affected",
"version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58",
"versionType": "git"
},
{
"lessThan": "0e727707a239d5c519fc9abc2f0fd913516a7e47",
"status": "affected",
"version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58",
"versionType": "git"
},
{
"lessThan": "41cc91e3138fe52f8da92a81bebcd0e6cf488c53",
"status": "affected",
"version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58",
"versionType": "git"
},
{
"lessThan": "d8b09a5edc4a634373158c1a405491de3c52e58a",
"status": "affected",
"version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58",
"versionType": "git"
},
{
"lessThan": "3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e",
"status": "affected",
"version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58",
"versionType": "git"
},
{
"lessThan": "dc12e49f970b08d8b007b8981b97e2eb93c0e89d",
"status": "affected",
"version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58",
"versionType": "git"
},
{
"lessThan": "8961b245e8f92bccbaacfbbdf69eba60e3e7c227",
"status": "affected",
"version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58",
"versionType": "git"
},
{
"lessThan": "b48aa991758999d4e8f9296c5bbe388f293ef465",
"status": "affected",
"version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/staging/iio/frequency/ad9834.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.38"
},
{
"lessThan": "2.6.38",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.110",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9834: Validate frequency parameter value\n\nIn ad9834_write_frequency() clk_get_rate() can return 0. In such case\nad9834_calc_freqreg() call will lead to division by zero. Checking\n\u0027if (fout \u003e (clk_freq / 2))\u0027 doesn\u0027t protect in case of \u0027fout\u0027 is 0.\nad9834_write_frequency() is called from ad9834_write(), where fout is\ntaken from text buffer, which can contain any value.\n\nModify parameters checking.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:36:40.948Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5edc3a45ef428501000a7b23d0e1777a548907f6"
},
{
"url": "https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47"
},
{
"url": "https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53"
},
{
"url": "https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a"
},
{
"url": "https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e"
},
{
"url": "https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d"
},
{
"url": "https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227"
},
{
"url": "https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465"
}
],
"title": "staging: iio: frequency: ad9834: Validate frequency parameter value",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47663",
"datePublished": "2024-10-09T14:13:56.514Z",
"dateReserved": "2024-09-30T16:00:12.935Z",
"dateUpdated": "2025-11-03T22:20:26.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47752 (GCVE-0-2024-47752)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2025-05-04 09:39
VLAI?
EPSS
Title
media: mediatek: vcodec: Fix H264 stateless decoder smatch warning
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: Fix H264 stateless decoder smatch warning
Fix a smatch static checker warning on vdec_h264_req_if.c.
Which leads to a kernel crash when fb is NULL.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
06fa5f757dc5a5687e1cdd13097c3265735f60bf , < c6b9f971b43980de8893610f606d751131fb5d86
(git)
Affected: 06fa5f757dc5a5687e1cdd13097c3265735f60bf , < 18181b0c1c5bd43846e5e0ae3d61a4a1adceab03 (git) Affected: 06fa5f757dc5a5687e1cdd13097c3265735f60bf , < 790d1848fac5ac3b1c474f66162598ab07a20c21 (git) Affected: 06fa5f757dc5a5687e1cdd13097c3265735f60bf , < 7878d3a385efab560dce793b595447867fb163f2 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47752",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:57:47.458380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:12.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_if.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c6b9f971b43980de8893610f606d751131fb5d86",
"status": "affected",
"version": "06fa5f757dc5a5687e1cdd13097c3265735f60bf",
"versionType": "git"
},
{
"lessThan": "18181b0c1c5bd43846e5e0ae3d61a4a1adceab03",
"status": "affected",
"version": "06fa5f757dc5a5687e1cdd13097c3265735f60bf",
"versionType": "git"
},
{
"lessThan": "790d1848fac5ac3b1c474f66162598ab07a20c21",
"status": "affected",
"version": "06fa5f757dc5a5687e1cdd13097c3265735f60bf",
"versionType": "git"
},
{
"lessThan": "7878d3a385efab560dce793b595447867fb163f2",
"status": "affected",
"version": "06fa5f757dc5a5687e1cdd13097c3265735f60bf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_if.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix H264 stateless decoder smatch warning\n\nFix a smatch static checker warning on vdec_h264_req_if.c.\nWhich leads to a kernel crash when fb is NULL."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:39:07.587Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c6b9f971b43980de8893610f606d751131fb5d86"
},
{
"url": "https://git.kernel.org/stable/c/18181b0c1c5bd43846e5e0ae3d61a4a1adceab03"
},
{
"url": "https://git.kernel.org/stable/c/790d1848fac5ac3b1c474f66162598ab07a20c21"
},
{
"url": "https://git.kernel.org/stable/c/7878d3a385efab560dce793b595447867fb163f2"
}
],
"title": "media: mediatek: vcodec: Fix H264 stateless decoder smatch warning",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47752",
"datePublished": "2024-10-21T12:14:17.097Z",
"dateReserved": "2024-09-30T16:00:12.961Z",
"dateUpdated": "2025-05-04T09:39:07.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48953 (GCVE-0-2022-48953)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:26
VLAI?
EPSS
Title
rtc: cmos: Fix event handler registration ordering issue
Summary
In the Linux kernel, the following vulnerability has been resolved:
rtc: cmos: Fix event handler registration ordering issue
Because acpi_install_fixed_event_handler() enables the event
automatically on success, it is incorrect to call it before the
handler routine passed to it is ready to handle events.
Unfortunately, the rtc-cmos driver does exactly the incorrect thing
by calling cmos_wake_setup(), which passes rtc_handler() to
acpi_install_fixed_event_handler(), before cmos_do_probe(), because
rtc_handler() uses dev_get_drvdata() to get to the cmos object
pointer and the driver data pointer is only populated in
cmos_do_probe().
This leads to a NULL pointer dereference in rtc_handler() on boot
if the RTC fixed event happens to be active at the init time.
To address this issue, change the initialization ordering of the
driver so that cmos_wake_setup() is always called after a successful
cmos_do_probe() call.
While at it, change cmos_pnp_probe() to call cmos_do_probe() after
the initial if () statement used for computing the IRQ argument to
be passed to cmos_do_probe() which is cleaner than calling it in
each branch of that if () (local variable "irq" can be of type int,
because it is passed to that function as an argument of type int).
Note that commit 6492fed7d8c9 ("rtc: rtc-cmos: Do not check
ACPI_FADT_LOW_POWER_S0") caused this issue to affect a larger number
of systems, because previously it only affected systems with
ACPI_FADT_LOW_POWER_S0 set, but it is present regardless of that
commit.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
a474aaedac99ba86e28ef6c912a7647c482db6dd , < 0bcfccb48696aba475f046c2021f0733659ce0ef
(git)
Affected: a474aaedac99ba86e28ef6c912a7647c482db6dd , < 60c6e563a843032cf6ff84b2fb732cd8754fc10d (git) Affected: a474aaedac99ba86e28ef6c912a7647c482db6dd , < 1ba745fce13d19775100eece30b0bfb8b8b10ea6 (git) Affected: a474aaedac99ba86e28ef6c912a7647c482db6dd , < 4919d3eb2ec0ee364f7e3cf2d99646c1b224fae8 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:21:22.806157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:40.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/rtc/rtc-cmos.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0bcfccb48696aba475f046c2021f0733659ce0ef",
"status": "affected",
"version": "a474aaedac99ba86e28ef6c912a7647c482db6dd",
"versionType": "git"
},
{
"lessThan": "60c6e563a843032cf6ff84b2fb732cd8754fc10d",
"status": "affected",
"version": "a474aaedac99ba86e28ef6c912a7647c482db6dd",
"versionType": "git"
},
{
"lessThan": "1ba745fce13d19775100eece30b0bfb8b8b10ea6",
"status": "affected",
"version": "a474aaedac99ba86e28ef6c912a7647c482db6dd",
"versionType": "git"
},
{
"lessThan": "4919d3eb2ec0ee364f7e3cf2d99646c1b224fae8",
"status": "affected",
"version": "a474aaedac99ba86e28ef6c912a7647c482db6dd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/rtc/rtc-cmos.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.28"
},
{
"lessThan": "2.6.28",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.163",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.86",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.14",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "2.6.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: cmos: Fix event handler registration ordering issue\n\nBecause acpi_install_fixed_event_handler() enables the event\nautomatically on success, it is incorrect to call it before the\nhandler routine passed to it is ready to handle events.\n\nUnfortunately, the rtc-cmos driver does exactly the incorrect thing\nby calling cmos_wake_setup(), which passes rtc_handler() to\nacpi_install_fixed_event_handler(), before cmos_do_probe(), because\nrtc_handler() uses dev_get_drvdata() to get to the cmos object\npointer and the driver data pointer is only populated in\ncmos_do_probe().\n\nThis leads to a NULL pointer dereference in rtc_handler() on boot\nif the RTC fixed event happens to be active at the init time.\n\nTo address this issue, change the initialization ordering of the\ndriver so that cmos_wake_setup() is always called after a successful\ncmos_do_probe() call.\n\nWhile at it, change cmos_pnp_probe() to call cmos_do_probe() after\nthe initial if () statement used for computing the IRQ argument to\nbe passed to cmos_do_probe() which is cleaner than calling it in\neach branch of that if () (local variable \"irq\" can be of type int,\nbecause it is passed to that function as an argument of type int).\n\nNote that commit 6492fed7d8c9 (\"rtc: rtc-cmos: Do not check\nACPI_FADT_LOW_POWER_S0\") caused this issue to affect a larger number\nof systems, because previously it only affected systems with\nACPI_FADT_LOW_POWER_S0 set, but it is present regardless of that\ncommit."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:50.082Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0bcfccb48696aba475f046c2021f0733659ce0ef"
},
{
"url": "https://git.kernel.org/stable/c/60c6e563a843032cf6ff84b2fb732cd8754fc10d"
},
{
"url": "https://git.kernel.org/stable/c/1ba745fce13d19775100eece30b0bfb8b8b10ea6"
},
{
"url": "https://git.kernel.org/stable/c/4919d3eb2ec0ee364f7e3cf2d99646c1b224fae8"
}
],
"title": "rtc: cmos: Fix event handler registration ordering issue",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48953",
"datePublished": "2024-10-21T20:05:40.399Z",
"dateReserved": "2024-08-22T01:27:53.626Z",
"dateUpdated": "2025-05-04T08:26:50.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47742 (GCVE-0-2024-47742)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
firmware_loader: Block path traversal
Summary
In the Linux kernel, the following vulnerability has been resolved:
firmware_loader: Block path traversal
Most firmware names are hardcoded strings, or are constructed from fairly
constrained format strings where the dynamic parts are just some hex
numbers or such.
However, there are a couple codepaths in the kernel where firmware file
names contain string components that are passed through from a device or
semi-privileged userspace; the ones I could find (not counting interfaces
that require root privileges) are:
- lpfc_sli4_request_firmware_update() seems to construct the firmware
filename from "ModelName", a string that was previously parsed out of
some descriptor ("Vital Product Data") in lpfc_fill_vpd()
- nfp_net_fw_find() seems to construct a firmware filename from a model
name coming from nfp_hwinfo_lookup(pf->hwinfo, "nffw.partno"), which I
think parses some descriptor that was read from the device.
(But this case likely isn't exploitable because the format string looks
like "netronome/nic_%s", and there shouldn't be any *folders* starting
with "netronome/nic_". The previous case was different because there,
the "%s" is *at the start* of the format string.)
- module_flash_fw_schedule() is reachable from the
ETHTOOL_MSG_MODULE_FW_FLASH_ACT netlink command, which is marked as
GENL_UNS_ADMIN_PERM (meaning CAP_NET_ADMIN inside a user namespace is
enough to pass the privilege check), and takes a userspace-provided
firmware name.
(But I think to reach this case, you need to have CAP_NET_ADMIN over a
network namespace that a special kind of ethernet device is mapped into,
so I think this is not a viable attack path in practice.)
Fix it by rejecting any firmware names containing ".." path components.
For what it's worth, I went looking and haven't found any USB device
drivers that use the firmware loader dangerously.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
abb139e75c2cdbb955e840d6331cb5863e409d0e , < d1768e5535d3ded59f888637016e6f821f4e069f
(git)
Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < 9b1ca33ebd05b3acef5b976c04e5e791af93ce1b (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < c30558e6c5c9ad6c86459d9acce1520ceeab9ea6 (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < a77fc4acfd49fc6076e565445b2bc5fdc3244da4 (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < 3d2411f4edcb649eaf232160db459bb4770b5251 (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < 7420c1bf7fc784e587b87329cc6dfa3dca537aa4 (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < 28f1cd94d3f1092728fb775a0fe26c5f1ac2ebeb (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < 6c4e13fdfcab34811c3143a0a03c05fec4e870ec (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < f0e5311aa8022107d63c54e2f03684ec097d1394 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:59:04.060717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:14.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:38.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/base/firmware_loader/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d1768e5535d3ded59f888637016e6f821f4e069f",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "9b1ca33ebd05b3acef5b976c04e5e791af93ce1b",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "c30558e6c5c9ad6c86459d9acce1520ceeab9ea6",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "a77fc4acfd49fc6076e565445b2bc5fdc3244da4",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "3d2411f4edcb649eaf232160db459bb4770b5251",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "7420c1bf7fc784e587b87329cc6dfa3dca537aa4",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "28f1cd94d3f1092728fb775a0fe26c5f1ac2ebeb",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "6c4e13fdfcab34811c3143a0a03c05fec4e870ec",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "f0e5311aa8022107d63c54e2f03684ec097d1394",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/base/firmware_loader/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware_loader: Block path traversal\n\nMost firmware names are hardcoded strings, or are constructed from fairly\nconstrained format strings where the dynamic parts are just some hex\nnumbers or such.\n\nHowever, there are a couple codepaths in the kernel where firmware file\nnames contain string components that are passed through from a device or\nsemi-privileged userspace; the ones I could find (not counting interfaces\nthat require root privileges) are:\n\n - lpfc_sli4_request_firmware_update() seems to construct the firmware\n filename from \"ModelName\", a string that was previously parsed out of\n some descriptor (\"Vital Product Data\") in lpfc_fill_vpd()\n - nfp_net_fw_find() seems to construct a firmware filename from a model\n name coming from nfp_hwinfo_lookup(pf-\u003ehwinfo, \"nffw.partno\"), which I\n think parses some descriptor that was read from the device.\n (But this case likely isn\u0027t exploitable because the format string looks\n like \"netronome/nic_%s\", and there shouldn\u0027t be any *folders* starting\n with \"netronome/nic_\". The previous case was different because there,\n the \"%s\" is *at the start* of the format string.)\n - module_flash_fw_schedule() is reachable from the\n ETHTOOL_MSG_MODULE_FW_FLASH_ACT netlink command, which is marked as\n GENL_UNS_ADMIN_PERM (meaning CAP_NET_ADMIN inside a user namespace is\n enough to pass the privilege check), and takes a userspace-provided\n firmware name.\n (But I think to reach this case, you need to have CAP_NET_ADMIN over a\n network namespace that a special kind of ethernet device is mapped into,\n so I think this is not a viable attack path in practice.)\n\nFix it by rejecting any firmware names containing \"..\" path components.\n\nFor what it\u0027s worth, I went looking and haven\u0027t found any USB device\ndrivers that use the firmware loader dangerously."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:38:52.888Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d1768e5535d3ded59f888637016e6f821f4e069f"
},
{
"url": "https://git.kernel.org/stable/c/9b1ca33ebd05b3acef5b976c04e5e791af93ce1b"
},
{
"url": "https://git.kernel.org/stable/c/c30558e6c5c9ad6c86459d9acce1520ceeab9ea6"
},
{
"url": "https://git.kernel.org/stable/c/a77fc4acfd49fc6076e565445b2bc5fdc3244da4"
},
{
"url": "https://git.kernel.org/stable/c/3d2411f4edcb649eaf232160db459bb4770b5251"
},
{
"url": "https://git.kernel.org/stable/c/7420c1bf7fc784e587b87329cc6dfa3dca537aa4"
},
{
"url": "https://git.kernel.org/stable/c/28f1cd94d3f1092728fb775a0fe26c5f1ac2ebeb"
},
{
"url": "https://git.kernel.org/stable/c/6c4e13fdfcab34811c3143a0a03c05fec4e870ec"
},
{
"url": "https://git.kernel.org/stable/c/f0e5311aa8022107d63c54e2f03684ec097d1394"
}
],
"title": "firmware_loader: Block path traversal",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47742",
"datePublished": "2024-10-21T12:14:10.499Z",
"dateReserved": "2024-09-30T16:00:12.959Z",
"dateUpdated": "2025-11-03T22:21:38.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26767 (GCVE-0-2024-26767)
Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2025-11-03 19:29
VLAI?
EPSS
Title
drm/amd/display: fixed integer types and null check locations
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: fixed integer types and null check locations
[why]:
issues fixed:
- comparison with wider integer type in loop condition which can cause
infinite loops
- pointer dereference before null check
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
7ef414375fcc001b6d0745d2931d91c9c736e18d , < 070fda699dfdce560755379bc428d9edada7a54e
(git)
Affected: 7ef414375fcc001b6d0745d2931d91c9c736e18d , < 71783d1ff65204d69207fd156d4b2eb1d3882375 (git) Affected: 7ef414375fcc001b6d0745d2931d91c9c736e18d , < beea9ab9080cd2ef46296070bb327af066ee09d7 (git) Affected: 7ef414375fcc001b6d0745d2931d91c9c736e18d , < 0484e05d048b66d01d1f3c1d2306010bb57d8738 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T19:27:45.666742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T19:27:54.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:29:33.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/71783d1ff65204d69207fd156d4b2eb1d3882375"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/beea9ab9080cd2ef46296070bb327af066ee09d7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0484e05d048b66d01d1f3c1d2306010bb57d8738"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c",
"drivers/gpu/drm/amd/display/dc/link/link_validation.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "070fda699dfdce560755379bc428d9edada7a54e",
"status": "affected",
"version": "7ef414375fcc001b6d0745d2931d91c9c736e18d",
"versionType": "git"
},
{
"lessThan": "71783d1ff65204d69207fd156d4b2eb1d3882375",
"status": "affected",
"version": "7ef414375fcc001b6d0745d2931d91c9c736e18d",
"versionType": "git"
},
{
"lessThan": "beea9ab9080cd2ef46296070bb327af066ee09d7",
"status": "affected",
"version": "7ef414375fcc001b6d0745d2931d91c9c736e18d",
"versionType": "git"
},
{
"lessThan": "0484e05d048b66d01d1f3c1d2306010bb57d8738",
"status": "affected",
"version": "7ef414375fcc001b6d0745d2931d91c9c736e18d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c",
"drivers/gpu/drm/amd/display/dc/link/link_validation.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.130",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fixed integer types and null check locations\n\n[why]:\nissues fixed:\n- comparison with wider integer type in loop condition which can cause\ninfinite loops\n- pointer dereference before null check"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:12:23.794Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/070fda699dfdce560755379bc428d9edada7a54e"
},
{
"url": "https://git.kernel.org/stable/c/71783d1ff65204d69207fd156d4b2eb1d3882375"
},
{
"url": "https://git.kernel.org/stable/c/beea9ab9080cd2ef46296070bb327af066ee09d7"
},
{
"url": "https://git.kernel.org/stable/c/0484e05d048b66d01d1f3c1d2306010bb57d8738"
}
],
"title": "drm/amd/display: fixed integer types and null check locations",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26767",
"datePublished": "2024-04-03T17:00:49.315Z",
"dateReserved": "2024-02-19T14:20:24.173Z",
"dateUpdated": "2025-11-03T19:29:33.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49897 (GCVE-0-2024-49897)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 20:41
VLAI?
EPSS
Title
drm/amd/display: Check phantom_stream before it is used
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check phantom_stream before it is used
dcn32_enable_phantom_stream can return null, so returned value
must be checked before used.
This fixes 1 NULL_RETURNS issue reported by Coverity.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < db1d7e1794fed62ee16d6a72a85997bb069e2e27
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < d247af7c5dbf143ad6be8179bb1550e76d6af57e (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 1decf695ce08e23d9ded6ce83d121b2282ce9899 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 3ba1219e299ab5462b5cb374c2fa2a67af0ea190 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 3718a619a8c0a53152e76bb6769b6c414e1e83f4 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:43:25.394828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:48.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:41:43.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "db1d7e1794fed62ee16d6a72a85997bb069e2e27",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "d247af7c5dbf143ad6be8179bb1550e76d6af57e",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "1decf695ce08e23d9ded6ce83d121b2282ce9899",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "3ba1219e299ab5462b5cb374c2fa2a67af0ea190",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "3718a619a8c0a53152e76bb6769b6c414e1e83f4",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check phantom_stream before it is used\n\ndcn32_enable_phantom_stream can return null, so returned value\nmust be checked before used.\n\nThis fixes 1 NULL_RETURNS issue reported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:20:58.215Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/db1d7e1794fed62ee16d6a72a85997bb069e2e27"
},
{
"url": "https://git.kernel.org/stable/c/d247af7c5dbf143ad6be8179bb1550e76d6af57e"
},
{
"url": "https://git.kernel.org/stable/c/1decf695ce08e23d9ded6ce83d121b2282ce9899"
},
{
"url": "https://git.kernel.org/stable/c/3ba1219e299ab5462b5cb374c2fa2a67af0ea190"
},
{
"url": "https://git.kernel.org/stable/c/3718a619a8c0a53152e76bb6769b6c414e1e83f4"
}
],
"title": "drm/amd/display: Check phantom_stream before it is used",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49897",
"datePublished": "2024-10-21T18:01:30.384Z",
"dateReserved": "2024-10-21T12:17:06.026Z",
"dateUpdated": "2025-11-03T20:41:43.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50081 (GCVE-0-2024-50081)
Vulnerability from cvelistv5 – Published: 2024-10-29 00:50 – Updated: 2026-01-11 16:29
VLAI?
EPSS
Title
blk-mq: setup queue ->tag_set before initializing hctx
Summary
In the Linux kernel, the following vulnerability has been resolved:
blk-mq: setup queue ->tag_set before initializing hctx
Commit 7b815817aa58 ("blk-mq: add helper for checking if one CPU is mapped to specified hctx")
needs to check queue mapping via tag set in hctx's cpuhp handler.
However, q->tag_set may not be setup yet when the cpuhp handler is
enabled, then kernel oops is triggered.
Fix the issue by setup queue tag_set before initializing hctx.
Severity ?
5.5 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
ff2d6ef107b1b1ec6b469073b4dda0dc744e343c , < 73d964ce4bc8b4de88a7c2e40df494f0d5cd8950
(git)
Affected: dbd0829d2458d7292b82bfc9d02cce23935b198f , < 25466e5b4bb11a8415ce8d0be89ab77135f7e444 (git) Affected: 7b815817aa58d2e2101feb2fcf64c60cae0b2695 , < d28b256db525d9432bc3eb2c8d83f7d3f5e1cc87 (git) Affected: 7b815817aa58d2e2101feb2fcf64c60cae0b2695 , < c25c0c9035bb8b28c844dfddeda7b8bdbcfcae95 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:23:15.472621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:27:20.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-mq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "73d964ce4bc8b4de88a7c2e40df494f0d5cd8950",
"status": "affected",
"version": "ff2d6ef107b1b1ec6b469073b4dda0dc744e343c",
"versionType": "git"
},
{
"lessThan": "25466e5b4bb11a8415ce8d0be89ab77135f7e444",
"status": "affected",
"version": "dbd0829d2458d7292b82bfc9d02cce23935b198f",
"versionType": "git"
},
{
"lessThan": "d28b256db525d9432bc3eb2c8d83f7d3f5e1cc87",
"status": "affected",
"version": "7b815817aa58d2e2101feb2fcf64c60cae0b2695",
"versionType": "git"
},
{
"lessThan": "c25c0c9035bb8b28c844dfddeda7b8bdbcfcae95",
"status": "affected",
"version": "7b815817aa58d2e2101feb2fcf64c60cae0b2695",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/blk-mq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.10"
},
{
"lessThan": "6.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.5",
"versionStartIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: setup queue -\u003etag_set before initializing hctx\n\nCommit 7b815817aa58 (\"blk-mq: add helper for checking if one CPU is mapped to specified hctx\")\nneeds to check queue mapping via tag set in hctx\u0027s cpuhp handler.\n\nHowever, q-\u003etag_set may not be setup yet when the cpuhp handler is\nenabled, then kernel oops is triggered.\n\nFix the issue by setup queue tag_set before initializing hctx."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-11T16:29:05.931Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/73d964ce4bc8b4de88a7c2e40df494f0d5cd8950"
},
{
"url": "https://git.kernel.org/stable/c/25466e5b4bb11a8415ce8d0be89ab77135f7e444"
},
{
"url": "https://git.kernel.org/stable/c/d28b256db525d9432bc3eb2c8d83f7d3f5e1cc87"
},
{
"url": "https://git.kernel.org/stable/c/c25c0c9035bb8b28c844dfddeda7b8bdbcfcae95"
}
],
"title": "blk-mq: setup queue -\u003etag_set before initializing hctx",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50081",
"datePublished": "2024-10-29T00:50:23.608Z",
"dateReserved": "2024-10-21T19:36:19.941Z",
"dateUpdated": "2026-01-11T16:29:05.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49870 (GCVE-0-2024-49870)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 22:22
VLAI?
EPSS
Title
cachefiles: fix dentry leak in cachefiles_open_file()
Summary
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: fix dentry leak in cachefiles_open_file()
A dentry leak may be caused when a lookup cookie and a cull are concurrent:
P1 | P2
-----------------------------------------------------------
cachefiles_lookup_cookie
cachefiles_look_up_object
lookup_one_positive_unlocked
// get dentry
cachefiles_cull
inode->i_flags |= S_KERNEL_FILE;
cachefiles_open_file
cachefiles_mark_inode_in_use
__cachefiles_mark_inode_in_use
can_use = false
if (!(inode->i_flags & S_KERNEL_FILE))
can_use = true
return false
return false
// Returns an error but doesn't put dentry
After that the following WARNING will be triggered when the backend folder
is umounted:
==================================================================
BUG: Dentry 000000008ad87947{i=7a,n=Dx_1_1.img} still in use (1) [unmount of ext4 sda]
WARNING: CPU: 4 PID: 359261 at fs/dcache.c:1767 umount_check+0x5d/0x70
CPU: 4 PID: 359261 Comm: umount Not tainted 6.6.0-dirty #25
RIP: 0010:umount_check+0x5d/0x70
Call Trace:
<TASK>
d_walk+0xda/0x2b0
do_one_tree+0x20/0x40
shrink_dcache_for_umount+0x2c/0x90
generic_shutdown_super+0x20/0x160
kill_block_super+0x1a/0x40
ext4_kill_sb+0x22/0x40
deactivate_locked_super+0x35/0x80
cleanup_mnt+0x104/0x160
==================================================================
Whether cachefiles_open_file() returns true or false, the reference count
obtained by lookup_positive_unlocked() in cachefiles_look_up_object()
should be released.
Therefore release that reference count in cachefiles_look_up_object() to
fix the above issue and simplify the code.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
1f08c925e7a38002bde509e66f6f891468848511 , < d32ff64c872d7e08e893c32ba6a2374583444410
(git)
Affected: 1f08c925e7a38002bde509e66f6f891468848511 , < c7d10fa7d7691558ff967668494672415f5fa151 (git) Affected: 1f08c925e7a38002bde509e66f6f891468848511 , < e4a28489b310339b2b8187bec0a437709be551c1 (git) Affected: 1f08c925e7a38002bde509e66f6f891468848511 , < 7fa2382f97421978514a419c93054eca69f5247b (git) Affected: 1f08c925e7a38002bde509e66f6f891468848511 , < da6ef2dffe6056aad3435e6cf7c6471c2a62187c (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49870",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:47:04.248927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:52.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:37.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/cachefiles/namei.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d32ff64c872d7e08e893c32ba6a2374583444410",
"status": "affected",
"version": "1f08c925e7a38002bde509e66f6f891468848511",
"versionType": "git"
},
{
"lessThan": "c7d10fa7d7691558ff967668494672415f5fa151",
"status": "affected",
"version": "1f08c925e7a38002bde509e66f6f891468848511",
"versionType": "git"
},
{
"lessThan": "e4a28489b310339b2b8187bec0a437709be551c1",
"status": "affected",
"version": "1f08c925e7a38002bde509e66f6f891468848511",
"versionType": "git"
},
{
"lessThan": "7fa2382f97421978514a419c93054eca69f5247b",
"status": "affected",
"version": "1f08c925e7a38002bde509e66f6f891468848511",
"versionType": "git"
},
{
"lessThan": "da6ef2dffe6056aad3435e6cf7c6471c2a62187c",
"status": "affected",
"version": "1f08c925e7a38002bde509e66f6f891468848511",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/cachefiles/namei.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix dentry leak in cachefiles_open_file()\n\nA dentry leak may be caused when a lookup cookie and a cull are concurrent:\n\n P1 | P2\n-----------------------------------------------------------\ncachefiles_lookup_cookie\n cachefiles_look_up_object\n lookup_one_positive_unlocked\n // get dentry\n cachefiles_cull\n inode-\u003ei_flags |= S_KERNEL_FILE;\n cachefiles_open_file\n cachefiles_mark_inode_in_use\n __cachefiles_mark_inode_in_use\n can_use = false\n if (!(inode-\u003ei_flags \u0026 S_KERNEL_FILE))\n can_use = true\n\t return false\n return false\n // Returns an error but doesn\u0027t put dentry\n\nAfter that the following WARNING will be triggered when the backend folder\nis umounted:\n\n==================================================================\nBUG: Dentry 000000008ad87947{i=7a,n=Dx_1_1.img} still in use (1) [unmount of ext4 sda]\nWARNING: CPU: 4 PID: 359261 at fs/dcache.c:1767 umount_check+0x5d/0x70\nCPU: 4 PID: 359261 Comm: umount Not tainted 6.6.0-dirty #25\nRIP: 0010:umount_check+0x5d/0x70\nCall Trace:\n \u003cTASK\u003e\n d_walk+0xda/0x2b0\n do_one_tree+0x20/0x40\n shrink_dcache_for_umount+0x2c/0x90\n generic_shutdown_super+0x20/0x160\n kill_block_super+0x1a/0x40\n ext4_kill_sb+0x22/0x40\n deactivate_locked_super+0x35/0x80\n cleanup_mnt+0x104/0x160\n==================================================================\n\nWhether cachefiles_open_file() returns true or false, the reference count\nobtained by lookup_positive_unlocked() in cachefiles_look_up_object()\nshould be released.\n\nTherefore release that reference count in cachefiles_look_up_object() to\nfix the above issue and simplify the code."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:39:59.523Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d32ff64c872d7e08e893c32ba6a2374583444410"
},
{
"url": "https://git.kernel.org/stable/c/c7d10fa7d7691558ff967668494672415f5fa151"
},
{
"url": "https://git.kernel.org/stable/c/e4a28489b310339b2b8187bec0a437709be551c1"
},
{
"url": "https://git.kernel.org/stable/c/7fa2382f97421978514a419c93054eca69f5247b"
},
{
"url": "https://git.kernel.org/stable/c/da6ef2dffe6056aad3435e6cf7c6471c2a62187c"
}
],
"title": "cachefiles: fix dentry leak in cachefiles_open_file()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49870",
"datePublished": "2024-10-21T18:01:12.048Z",
"dateReserved": "2024-10-21T12:17:06.019Z",
"dateUpdated": "2025-11-03T22:22:37.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49003 (GCVE-0-2022-49003)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
nvme: fix SRCU protection of nvme_ns_head list
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvme: fix SRCU protection of nvme_ns_head list
Walking the nvme_ns_head siblings list is protected by the head's srcu
in nvme_ns_head_submit_bio() but not nvme_mpath_revalidate_paths().
Removing namespaces from the list also fails to synchronize the srcu.
Concurrent scan work can therefore cause use-after-frees.
Hold the head's srcu lock in nvme_mpath_revalidate_paths() and
synchronize with the srcu, not the global RCU, in nvme_ns_remove().
Observed the following panic when making NVMe/RDMA connections
with native multipath on the Rocky Linux 8.6 kernel
(it seems the upstream kernel has the same race condition).
Disassembly shows the faulting instruction is cmp 0x50(%rdx),%rcx;
computing capacity != get_capacity(ns->disk).
Address 0x50 is dereferenced because ns->disk is NULL.
The NULL disk appears to be the result of concurrent scan work
freeing the namespace (note the log line in the middle of the panic).
[37314.206036] BUG: unable to handle kernel NULL pointer dereference at 0000000000000050
[37314.206036] nvme0n3: detected capacity change from 0 to 11811160064
[37314.299753] PGD 0 P4D 0
[37314.299756] Oops: 0000 [#1] SMP PTI
[37314.299759] CPU: 29 PID: 322046 Comm: kworker/u98:3 Kdump: loaded Tainted: G W X --------- - - 4.18.0-372.32.1.el8test86.x86_64 #1
[37314.299762] Hardware name: Dell Inc. PowerEdge R720/0JP31P, BIOS 2.7.0 05/23/2018
[37314.299763] Workqueue: nvme-wq nvme_scan_work [nvme_core]
[37314.299783] RIP: 0010:nvme_mpath_revalidate_paths+0x26/0xb0 [nvme_core]
[37314.299790] Code: 1f 44 00 00 66 66 66 66 90 55 53 48 8b 5f 50 48 8b 83 c8 c9 00 00 48 8b 13 48 8b 48 50 48 39 d3 74 20 48 8d 42 d0 48 8b 50 20 <48> 3b 4a 50 74 05 f0 80 60 70 ef 48 8b 50 30 48 8d 42 d0 48 39 d3
[37315.058803] RSP: 0018:ffffabe28f913d10 EFLAGS: 00010202
[37315.121316] RAX: ffff927a077da800 RBX: ffff92991dd70000 RCX: 0000000001600000
[37315.206704] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff92991b719800
[37315.292106] RBP: ffff929a6b70c000 R08: 000000010234cd4a R09: c0000000ffff7fff
[37315.377501] R10: 0000000000000001 R11: ffffabe28f913a30 R12: 0000000000000000
[37315.462889] R13: ffff92992716600c R14: ffff929964e6e030 R15: ffff92991dd70000
[37315.548286] FS: 0000000000000000(0000) GS:ffff92b87fb80000(0000) knlGS:0000000000000000
[37315.645111] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[37315.713871] CR2: 0000000000000050 CR3: 0000002208810006 CR4: 00000000000606e0
[37315.799267] Call Trace:
[37315.828515] nvme_update_ns_info+0x1ac/0x250 [nvme_core]
[37315.892075] nvme_validate_or_alloc_ns+0x2ff/0xa00 [nvme_core]
[37315.961871] ? __blk_mq_free_request+0x6b/0x90
[37316.015021] nvme_scan_work+0x151/0x240 [nvme_core]
[37316.073371] process_one_work+0x1a7/0x360
[37316.121318] ? create_worker+0x1a0/0x1a0
[37316.168227] worker_thread+0x30/0x390
[37316.212024] ? create_worker+0x1a0/0x1a0
[37316.258939] kthread+0x10a/0x120
[37316.297557] ? set_kthread_struct+0x50/0x50
[37316.347590] ret_from_fork+0x35/0x40
[37316.390360] Modules linked in: nvme_rdma nvme_tcp(X) nvme_fabrics nvme_core netconsole iscsi_tcp libiscsi_tcp dm_queue_length dm_service_time nf_conntrack_netlink br_netfilter bridge stp llc overlay nft_chain_nat ipt_MASQUERADE nf_nat xt_addrtype xt_CT nft_counter xt_state xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment xt_multiport nft_compat nf_tables libcrc32c nfnetlink dm_multipath tg3 rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm intel_rapl_msr iTCO_wdt iTCO_vendor_support dcdbas intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel ipmi_ssif kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel ib_uverbs rapl intel_cstate intel_uncore ib_core ipmi_si joydev mei_me pcspkr ipmi_devintf mei lpc_ich wmi ipmi_msghandler acpi_power_meter ex
---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
e7d65803e2bb5bc739548b67a5fc72c626cf7e3b , < 787d81d4eb150e443e5d1276c6e8f03cfecc2302
(git)
Affected: e7d65803e2bb5bc739548b67a5fc72c626cf7e3b , < 5b566d09ab1b975566a53f9c5466ee260d087582 (git) Affected: e7d65803e2bb5bc739548b67a5fc72c626cf7e3b , < 899d2a05dc14733cfba6224083c6b0dd5a738590 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:14:55.180723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:40.333Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/core.c",
"drivers/nvme/host/multipath.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "787d81d4eb150e443e5d1276c6e8f03cfecc2302",
"status": "affected",
"version": "e7d65803e2bb5bc739548b67a5fc72c626cf7e3b",
"versionType": "git"
},
{
"lessThan": "5b566d09ab1b975566a53f9c5466ee260d087582",
"status": "affected",
"version": "e7d65803e2bb5bc739548b67a5fc72c626cf7e3b",
"versionType": "git"
},
{
"lessThan": "899d2a05dc14733cfba6224083c6b0dd5a738590",
"status": "affected",
"version": "e7d65803e2bb5bc739548b67a5fc72c626cf7e3b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/core.c",
"drivers/nvme/host/multipath.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix SRCU protection of nvme_ns_head list\n\nWalking the nvme_ns_head siblings list is protected by the head\u0027s srcu\nin nvme_ns_head_submit_bio() but not nvme_mpath_revalidate_paths().\nRemoving namespaces from the list also fails to synchronize the srcu.\nConcurrent scan work can therefore cause use-after-frees.\n\nHold the head\u0027s srcu lock in nvme_mpath_revalidate_paths() and\nsynchronize with the srcu, not the global RCU, in nvme_ns_remove().\n\nObserved the following panic when making NVMe/RDMA connections\nwith native multipath on the Rocky Linux 8.6 kernel\n(it seems the upstream kernel has the same race condition).\nDisassembly shows the faulting instruction is cmp 0x50(%rdx),%rcx;\ncomputing capacity != get_capacity(ns-\u003edisk).\nAddress 0x50 is dereferenced because ns-\u003edisk is NULL.\nThe NULL disk appears to be the result of concurrent scan work\nfreeing the namespace (note the log line in the middle of the panic).\n\n[37314.206036] BUG: unable to handle kernel NULL pointer dereference at 0000000000000050\n[37314.206036] nvme0n3: detected capacity change from 0 to 11811160064\n[37314.299753] PGD 0 P4D 0\n[37314.299756] Oops: 0000 [#1] SMP PTI\n[37314.299759] CPU: 29 PID: 322046 Comm: kworker/u98:3 Kdump: loaded Tainted: G W X --------- - - 4.18.0-372.32.1.el8test86.x86_64 #1\n[37314.299762] Hardware name: Dell Inc. PowerEdge R720/0JP31P, BIOS 2.7.0 05/23/2018\n[37314.299763] Workqueue: nvme-wq nvme_scan_work [nvme_core]\n[37314.299783] RIP: 0010:nvme_mpath_revalidate_paths+0x26/0xb0 [nvme_core]\n[37314.299790] Code: 1f 44 00 00 66 66 66 66 90 55 53 48 8b 5f 50 48 8b 83 c8 c9 00 00 48 8b 13 48 8b 48 50 48 39 d3 74 20 48 8d 42 d0 48 8b 50 20 \u003c48\u003e 3b 4a 50 74 05 f0 80 60 70 ef 48 8b 50 30 48 8d 42 d0 48 39 d3\n[37315.058803] RSP: 0018:ffffabe28f913d10 EFLAGS: 00010202\n[37315.121316] RAX: ffff927a077da800 RBX: ffff92991dd70000 RCX: 0000000001600000\n[37315.206704] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff92991b719800\n[37315.292106] RBP: ffff929a6b70c000 R08: 000000010234cd4a R09: c0000000ffff7fff\n[37315.377501] R10: 0000000000000001 R11: ffffabe28f913a30 R12: 0000000000000000\n[37315.462889] R13: ffff92992716600c R14: ffff929964e6e030 R15: ffff92991dd70000\n[37315.548286] FS: 0000000000000000(0000) GS:ffff92b87fb80000(0000) knlGS:0000000000000000\n[37315.645111] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[37315.713871] CR2: 0000000000000050 CR3: 0000002208810006 CR4: 00000000000606e0\n[37315.799267] Call Trace:\n[37315.828515] nvme_update_ns_info+0x1ac/0x250 [nvme_core]\n[37315.892075] nvme_validate_or_alloc_ns+0x2ff/0xa00 [nvme_core]\n[37315.961871] ? __blk_mq_free_request+0x6b/0x90\n[37316.015021] nvme_scan_work+0x151/0x240 [nvme_core]\n[37316.073371] process_one_work+0x1a7/0x360\n[37316.121318] ? create_worker+0x1a0/0x1a0\n[37316.168227] worker_thread+0x30/0x390\n[37316.212024] ? create_worker+0x1a0/0x1a0\n[37316.258939] kthread+0x10a/0x120\n[37316.297557] ? set_kthread_struct+0x50/0x50\n[37316.347590] ret_from_fork+0x35/0x40\n[37316.390360] Modules linked in: nvme_rdma nvme_tcp(X) nvme_fabrics nvme_core netconsole iscsi_tcp libiscsi_tcp dm_queue_length dm_service_time nf_conntrack_netlink br_netfilter bridge stp llc overlay nft_chain_nat ipt_MASQUERADE nf_nat xt_addrtype xt_CT nft_counter xt_state xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment xt_multiport nft_compat nf_tables libcrc32c nfnetlink dm_multipath tg3 rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm intel_rapl_msr iTCO_wdt iTCO_vendor_support dcdbas intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel ipmi_ssif kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel ib_uverbs rapl intel_cstate intel_uncore ib_core ipmi_si joydev mei_me pcspkr ipmi_devintf mei lpc_ich wmi ipmi_msghandler acpi_power_meter ex\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:51.238Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/787d81d4eb150e443e5d1276c6e8f03cfecc2302"
},
{
"url": "https://git.kernel.org/stable/c/5b566d09ab1b975566a53f9c5466ee260d087582"
},
{
"url": "https://git.kernel.org/stable/c/899d2a05dc14733cfba6224083c6b0dd5a738590"
}
],
"title": "nvme: fix SRCU protection of nvme_ns_head list",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49003",
"datePublished": "2024-10-21T20:06:16.737Z",
"dateReserved": "2024-08-22T01:27:53.642Z",
"dateUpdated": "2025-05-04T08:27:51.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38576 (GCVE-0-2024-38576)
Vulnerability from cvelistv5 – Published: 2024-06-19 13:37 – Updated: 2025-05-04 09:14
VLAI?
EPSS
Title
rcu: Fix buffer overflow in print_cpu_stall_info()
Summary
In the Linux kernel, the following vulnerability has been resolved:
rcu: Fix buffer overflow in print_cpu_stall_info()
The rcuc-starvation output from print_cpu_stall_info() might overflow the
buffer if there is a huge difference in jiffies difference. The situation
might seem improbable, but computers sometimes get very confused about
time, which can result in full-sized integers, and, in this case,
buffer overflow.
Also, the unsigned jiffies difference is printed using %ld, which is
normally for signed integers. This is intentional for debugging purposes,
but it is not obvious from the code.
This commit therefore changes sprintf() to snprintf() and adds a
clarifying comment about intention of %ld format.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Severity ?
7.1 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
245a62982502255314b63dd2c4daaedd1cd595a6 , < e2228ed3fe7aa838fba87c79a76fb1ad9ea47138
(git)
Affected: 245a62982502255314b63dd2c4daaedd1cd595a6 , < afb39909bfb5c08111f99e21bf5be7505f59ff1c (git) Affected: 245a62982502255314b63dd2c4daaedd1cd595a6 , < 9351e1338539cb7f319ffc1210fa9b2aa27384b5 (git) Affected: 245a62982502255314b63dd2c4daaedd1cd595a6 , < 4c3e2ef4d8ddd313c8ce3ac30505940bea8d6257 (git) Affected: 245a62982502255314b63dd2c4daaedd1cd595a6 , < 3758f7d9917bd7ef0482c4184c0ad673b4c4e069 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T15:40:30.043568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T17:27:02.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e2228ed3fe7aa838fba87c79a76fb1ad9ea47138"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/afb39909bfb5c08111f99e21bf5be7505f59ff1c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9351e1338539cb7f319ffc1210fa9b2aa27384b5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c3e2ef4d8ddd313c8ce3ac30505940bea8d6257"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3758f7d9917bd7ef0482c4184c0ad673b4c4e069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/rcu/tree_stall.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e2228ed3fe7aa838fba87c79a76fb1ad9ea47138",
"status": "affected",
"version": "245a62982502255314b63dd2c4daaedd1cd595a6",
"versionType": "git"
},
{
"lessThan": "afb39909bfb5c08111f99e21bf5be7505f59ff1c",
"status": "affected",
"version": "245a62982502255314b63dd2c4daaedd1cd595a6",
"versionType": "git"
},
{
"lessThan": "9351e1338539cb7f319ffc1210fa9b2aa27384b5",
"status": "affected",
"version": "245a62982502255314b63dd2c4daaedd1cd595a6",
"versionType": "git"
},
{
"lessThan": "4c3e2ef4d8ddd313c8ce3ac30505940bea8d6257",
"status": "affected",
"version": "245a62982502255314b63dd2c4daaedd1cd595a6",
"versionType": "git"
},
{
"lessThan": "3758f7d9917bd7ef0482c4184c0ad673b4c4e069",
"status": "affected",
"version": "245a62982502255314b63dd2c4daaedd1cd595a6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/rcu/tree_stall.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu: Fix buffer overflow in print_cpu_stall_info()\n\nThe rcuc-starvation output from print_cpu_stall_info() might overflow the\nbuffer if there is a huge difference in jiffies difference. The situation\nmight seem improbable, but computers sometimes get very confused about\ntime, which can result in full-sized integers, and, in this case,\nbuffer overflow.\n\nAlso, the unsigned jiffies difference is printed using %ld, which is\nnormally for signed integers. This is intentional for debugging purposes,\nbut it is not obvious from the code.\n\nThis commit therefore changes sprintf() to snprintf() and adds a\nclarifying comment about intention of %ld format.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:28.625Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e2228ed3fe7aa838fba87c79a76fb1ad9ea47138"
},
{
"url": "https://git.kernel.org/stable/c/afb39909bfb5c08111f99e21bf5be7505f59ff1c"
},
{
"url": "https://git.kernel.org/stable/c/9351e1338539cb7f319ffc1210fa9b2aa27384b5"
},
{
"url": "https://git.kernel.org/stable/c/4c3e2ef4d8ddd313c8ce3ac30505940bea8d6257"
},
{
"url": "https://git.kernel.org/stable/c/3758f7d9917bd7ef0482c4184c0ad673b4c4e069"
}
],
"title": "rcu: Fix buffer overflow in print_cpu_stall_info()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38576",
"datePublished": "2024-06-19T13:37:35.142Z",
"dateReserved": "2024-06-18T19:36:34.924Z",
"dateUpdated": "2025-05-04T09:14:28.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47670 (GCVE-0-2024-47670)
Vulnerability from cvelistv5 – Published: 2024-10-09 14:49 – Updated: 2026-01-05 10:53
VLAI?
EPSS
Title
ocfs2: add bounds checking to ocfs2_xattr_find_entry()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: add bounds checking to ocfs2_xattr_find_entry()
Add a paranoia check to make sure it doesn't stray beyond valid memory
region containing ocfs2 xattr entries when scanning for a match. It will
prevent out-of-bound access in case of crafted images.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
cf1d6c763fbcb115263114302485ad17e7933d87 , < b49a786beb11ff740cb9e0c20b999c2a0e1729c2
(git)
Affected: cf1d6c763fbcb115263114302485ad17e7933d87 , < 60c0d36189bad58b1a8e69af8781d90009559ea1 (git) Affected: cf1d6c763fbcb115263114302485ad17e7933d87 , < 34759b7e4493d7337cbc414c132cef378c492a2c (git) Affected: cf1d6c763fbcb115263114302485ad17e7933d87 , < 5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd (git) Affected: cf1d6c763fbcb115263114302485ad17e7933d87 , < 9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f (git) Affected: cf1d6c763fbcb115263114302485ad17e7933d87 , < 1f6e167d6753fe3ea493cdc7f7de8d03147a4d39 (git) Affected: cf1d6c763fbcb115263114302485ad17e7933d87 , < 8e7bef408261746c160853fc27df3139659f5f77 (git) Affected: cf1d6c763fbcb115263114302485ad17e7933d87 , < 9e3041fecdc8f78a5900c3aa51d3d756e73264d6 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47670",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T13:20:40.243320Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T13:20:54.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:20:36.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b49a786beb11ff740cb9e0c20b999c2a0e1729c2",
"status": "affected",
"version": "cf1d6c763fbcb115263114302485ad17e7933d87",
"versionType": "git"
},
{
"lessThan": "60c0d36189bad58b1a8e69af8781d90009559ea1",
"status": "affected",
"version": "cf1d6c763fbcb115263114302485ad17e7933d87",
"versionType": "git"
},
{
"lessThan": "34759b7e4493d7337cbc414c132cef378c492a2c",
"status": "affected",
"version": "cf1d6c763fbcb115263114302485ad17e7933d87",
"versionType": "git"
},
{
"lessThan": "5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd",
"status": "affected",
"version": "cf1d6c763fbcb115263114302485ad17e7933d87",
"versionType": "git"
},
{
"lessThan": "9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f",
"status": "affected",
"version": "cf1d6c763fbcb115263114302485ad17e7933d87",
"versionType": "git"
},
{
"lessThan": "1f6e167d6753fe3ea493cdc7f7de8d03147a4d39",
"status": "affected",
"version": "cf1d6c763fbcb115263114302485ad17e7933d87",
"versionType": "git"
},
{
"lessThan": "8e7bef408261746c160853fc27df3139659f5f77",
"status": "affected",
"version": "cf1d6c763fbcb115263114302485ad17e7933d87",
"versionType": "git"
},
{
"lessThan": "9e3041fecdc8f78a5900c3aa51d3d756e73264d6",
"status": "affected",
"version": "cf1d6c763fbcb115263114302485ad17e7933d87",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.28"
},
{
"lessThan": "2.6.28",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.112",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.53",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.112",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.53",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.12",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_xattr_find_entry()\n\nAdd a paranoia check to make sure it doesn\u0027t stray beyond valid memory\nregion containing ocfs2 xattr entries when scanning for a match. It will\nprevent out-of-bound access in case of crafted images."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:53:58.570Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b49a786beb11ff740cb9e0c20b999c2a0e1729c2"
},
{
"url": "https://git.kernel.org/stable/c/60c0d36189bad58b1a8e69af8781d90009559ea1"
},
{
"url": "https://git.kernel.org/stable/c/34759b7e4493d7337cbc414c132cef378c492a2c"
},
{
"url": "https://git.kernel.org/stable/c/5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd"
},
{
"url": "https://git.kernel.org/stable/c/9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f"
},
{
"url": "https://git.kernel.org/stable/c/1f6e167d6753fe3ea493cdc7f7de8d03147a4d39"
},
{
"url": "https://git.kernel.org/stable/c/8e7bef408261746c160853fc27df3139659f5f77"
},
{
"url": "https://git.kernel.org/stable/c/9e3041fecdc8f78a5900c3aa51d3d756e73264d6"
}
],
"title": "ocfs2: add bounds checking to ocfs2_xattr_find_entry()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47670",
"datePublished": "2024-10-09T14:49:11.938Z",
"dateReserved": "2024-09-30T16:00:12.936Z",
"dateUpdated": "2026-01-05T10:53:58.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47686 (GCVE-0-2024-47686)
Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-11-03 22:20
VLAI?
EPSS
Title
ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate()
The psc->div[] array has psc->num_div elements. These values come from
when we call clk_hw_register_div(). It's adc_divisors and
ARRAY_SIZE(adc_divisors)) and so on. So this condition needs to be >=
instead of > to prevent an out of bounds read.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
9645ccc7bd7a16cd73c3be9dee70cd702b03be37 , < 7a5bd2fb92388c51d267f6ce57c40f1cca8af1e0
(git)
Affected: 9645ccc7bd7a16cd73c3be9dee70cd702b03be37 , < 66e78ade976dbd9bea09166aa8d66afc0963cde4 (git) Affected: 9645ccc7bd7a16cd73c3be9dee70cd702b03be37 , < 27f493e141823db052586010c1532b70b164507c (git) Affected: 9645ccc7bd7a16cd73c3be9dee70cd702b03be37 , < ae59eaf36a1ad396e9f657ec9b8b52da6206ed5f (git) Affected: 9645ccc7bd7a16cd73c3be9dee70cd702b03be37 , < c7f06284a6427475e3df742215535ec3f6cd9662 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:06:37.712927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:14:15.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:20:53.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm/mach-ep93xx/clock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7a5bd2fb92388c51d267f6ce57c40f1cca8af1e0",
"status": "affected",
"version": "9645ccc7bd7a16cd73c3be9dee70cd702b03be37",
"versionType": "git"
},
{
"lessThan": "66e78ade976dbd9bea09166aa8d66afc0963cde4",
"status": "affected",
"version": "9645ccc7bd7a16cd73c3be9dee70cd702b03be37",
"versionType": "git"
},
{
"lessThan": "27f493e141823db052586010c1532b70b164507c",
"status": "affected",
"version": "9645ccc7bd7a16cd73c3be9dee70cd702b03be37",
"versionType": "git"
},
{
"lessThan": "ae59eaf36a1ad396e9f657ec9b8b52da6206ed5f",
"status": "affected",
"version": "9645ccc7bd7a16cd73c3be9dee70cd702b03be37",
"versionType": "git"
},
{
"lessThan": "c7f06284a6427475e3df742215535ec3f6cd9662",
"status": "affected",
"version": "9645ccc7bd7a16cd73c3be9dee70cd702b03be37",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm/mach-ep93xx/clock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nep93xx: clock: Fix off by one in ep93xx_div_recalc_rate()\n\nThe psc-\u003ediv[] array has psc-\u003enum_div elements. These values come from\nwhen we call clk_hw_register_div(). It\u0027s adc_divisors and\nARRAY_SIZE(adc_divisors)) and so on. So this condition needs to be \u003e=\ninstead of \u003e to prevent an out of bounds read."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:37:20.709Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7a5bd2fb92388c51d267f6ce57c40f1cca8af1e0"
},
{
"url": "https://git.kernel.org/stable/c/66e78ade976dbd9bea09166aa8d66afc0963cde4"
},
{
"url": "https://git.kernel.org/stable/c/27f493e141823db052586010c1532b70b164507c"
},
{
"url": "https://git.kernel.org/stable/c/ae59eaf36a1ad396e9f657ec9b8b52da6206ed5f"
},
{
"url": "https://git.kernel.org/stable/c/c7f06284a6427475e3df742215535ec3f6cd9662"
}
],
"title": "ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47686",
"datePublished": "2024-10-21T11:53:27.144Z",
"dateReserved": "2024-09-30T16:00:12.941Z",
"dateUpdated": "2025-11-03T22:20:53.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49005 (GCVE-0-2022-49005)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 12:44
VLAI?
EPSS
Title
ASoC: ops: Fix bounds check for _sx controls
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: ops: Fix bounds check for _sx controls
For _sx controls the semantics of the max field is not the usual one, max
is the number of steps rather than the maximum value. This means that our
check in snd_soc_put_volsw_sx() needs to just check against the maximum
value.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
9e5c40b5706d8aae2cf70bd7e01f0b4575a642d0 , < e46adadf19248d59af3aa6bc52e09115bf479bf7
(git)
Affected: 4977491e4b3aad8567f57e2a9992d251410c1db3 , < 4a95a49f26308782b4056401989ecd7768fda8fa (git) Affected: 9a12fcbf3c622f9bf6b110a873d62b0cba93972e , < 46bab25cc0230df60d1c02b651cc5640a14b08df (git) Affected: c33402b056de61104b6146dedbe138ca8d7ec62b , < 73dce3c1d48c4662bdf3ccbde1492c2cb4bfd8ce (git) Affected: 038f8b7caa74d29e020949a43ca368c93f6b29b9 , < b50c9641897274c3faef5f95ac852f54b94be2e8 (git) Affected: e8e07c5e25a29e2a6f119fd947f55d7a55eb8a13 , < 98b15c706644bebc19d2e77ccc360cc51444f6d0 (git) Affected: 4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e , < 325d94d16e3131b54bdf07356e4cd855e0d853fc (git) Affected: 4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e , < 698813ba8c580efb356ace8dbf55f61dac6063a8 (git) Affected: ef6cd9eeb38062a145802b7b56be7ae1090e165e (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:14:37.897186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:39.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/soc-ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e46adadf19248d59af3aa6bc52e09115bf479bf7",
"status": "affected",
"version": "9e5c40b5706d8aae2cf70bd7e01f0b4575a642d0",
"versionType": "git"
},
{
"lessThan": "4a95a49f26308782b4056401989ecd7768fda8fa",
"status": "affected",
"version": "4977491e4b3aad8567f57e2a9992d251410c1db3",
"versionType": "git"
},
{
"lessThan": "46bab25cc0230df60d1c02b651cc5640a14b08df",
"status": "affected",
"version": "9a12fcbf3c622f9bf6b110a873d62b0cba93972e",
"versionType": "git"
},
{
"lessThan": "73dce3c1d48c4662bdf3ccbde1492c2cb4bfd8ce",
"status": "affected",
"version": "c33402b056de61104b6146dedbe138ca8d7ec62b",
"versionType": "git"
},
{
"lessThan": "b50c9641897274c3faef5f95ac852f54b94be2e8",
"status": "affected",
"version": "038f8b7caa74d29e020949a43ca368c93f6b29b9",
"versionType": "git"
},
{
"lessThan": "98b15c706644bebc19d2e77ccc360cc51444f6d0",
"status": "affected",
"version": "e8e07c5e25a29e2a6f119fd947f55d7a55eb8a13",
"versionType": "git"
},
{
"lessThan": "325d94d16e3131b54bdf07356e4cd855e0d853fc",
"status": "affected",
"version": "4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e",
"versionType": "git"
},
{
"lessThan": "698813ba8c580efb356ace8dbf55f61dac6063a8",
"status": "affected",
"version": "4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e",
"versionType": "git"
},
{
"status": "affected",
"version": "ef6cd9eeb38062a145802b7b56be7ae1090e165e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/soc-ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.335",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.301",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.335",
"versionStartIncluding": "4.9.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.301",
"versionStartIncluding": "4.14.265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.268",
"versionStartIncluding": "4.19.228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "5.4.178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "5.10.99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "5.15.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: ops: Fix bounds check for _sx controls\n\nFor _sx controls the semantics of the max field is not the usual one, max\nis the number of steps rather than the maximum value. This means that our\ncheck in snd_soc_put_volsw_sx() needs to just check against the maximum\nvalue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:09.760Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e46adadf19248d59af3aa6bc52e09115bf479bf7"
},
{
"url": "https://git.kernel.org/stable/c/4a95a49f26308782b4056401989ecd7768fda8fa"
},
{
"url": "https://git.kernel.org/stable/c/46bab25cc0230df60d1c02b651cc5640a14b08df"
},
{
"url": "https://git.kernel.org/stable/c/73dce3c1d48c4662bdf3ccbde1492c2cb4bfd8ce"
},
{
"url": "https://git.kernel.org/stable/c/b50c9641897274c3faef5f95ac852f54b94be2e8"
},
{
"url": "https://git.kernel.org/stable/c/98b15c706644bebc19d2e77ccc360cc51444f6d0"
},
{
"url": "https://git.kernel.org/stable/c/325d94d16e3131b54bdf07356e4cd855e0d853fc"
},
{
"url": "https://git.kernel.org/stable/c/698813ba8c580efb356ace8dbf55f61dac6063a8"
}
],
"title": "ASoC: ops: Fix bounds check for _sx controls",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49005",
"datePublished": "2024-10-21T20:06:18.143Z",
"dateReserved": "2024-08-22T01:27:53.643Z",
"dateUpdated": "2025-05-04T12:44:09.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46834 (GCVE-0-2024-46834)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:39 – Updated: 2026-01-05 10:53
VLAI?
EPSS
Title
ethtool: fail closed if we can't get max channel used in indirection tables
Summary
In the Linux kernel, the following vulnerability has been resolved:
ethtool: fail closed if we can't get max channel used in indirection tables
Commit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with
active RSS contexts") proves that allowing indirection table to contain
channels with out of bounds IDs may lead to crashes. Currently the
max channel check in the core gets skipped if driver can't fetch
the indirection table or when we can't allocate memory.
Both of those conditions should be extremely rare but if they do
happen we should try to be safe and fail the channel change.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:03:28.433366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:03:33.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ethtool/channels.c",
"net/ethtool/common.c",
"net/ethtool/common.h",
"net/ethtool/ioctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "101737d8b88dbd4be6010bac398fe810f1950036",
"status": "affected",
"version": "d4ab4286276fcd6c155bafdf4422b712068d2516",
"versionType": "git"
},
{
"lessThan": "2899d58462ba868287d6ff3acad3675e7adf934f",
"status": "affected",
"version": "d4ab4286276fcd6c155bafdf4422b712068d2516",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ethtool/channels.c",
"net/ethtool/common.c",
"net/ethtool/common.h",
"net/ethtool/ioctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.6"
},
{
"lessThan": "4.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: fail closed if we can\u0027t get max channel used in indirection tables\n\nCommit 0d1b7d6c9274 (\"bnxt: fix crashes when reducing ring count with\nactive RSS contexts\") proves that allowing indirection table to contain\nchannels with out of bounds IDs may lead to crashes. Currently the\nmax channel check in the core gets skipped if driver can\u0027t fetch\nthe indirection table or when we can\u0027t allocate memory.\n\nBoth of those conditions should be extremely rare but if they do\nhappen we should try to be safe and fail the channel change."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:53:28.772Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/101737d8b88dbd4be6010bac398fe810f1950036"
},
{
"url": "https://git.kernel.org/stable/c/2899d58462ba868287d6ff3acad3675e7adf934f"
}
],
"title": "ethtool: fail closed if we can\u0027t get max channel used in indirection tables",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46834",
"datePublished": "2024-09-27T12:39:31.110Z",
"dateReserved": "2024-09-11T15:12:18.287Z",
"dateUpdated": "2026-01-05T10:53:28.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47715 (GCVE-0-2024-47715)
Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-05-04 09:38
VLAI?
EPSS
Title
wifi: mt76: mt7915: fix oops on non-dbdc mt7986
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7915: fix oops on non-dbdc mt7986
mt7915_band_config() sets band_idx = 1 on the main phy for mt7986
with MT7975_ONE_ADIE or MT7976_ONE_ADIE.
Commit 0335c034e726 ("wifi: mt76: fix race condition related to
checking tx queue fill status") introduced a dereference of the
phys array indirectly indexed by band_idx via wcid->phy_idx in
mt76_wcid_cleanup(). This caused the following Oops on affected
mt7986 devices:
Unable to handle kernel read from unreadable memory at virtual address 0000000000000024
Mem abort info:
ESR = 0x0000000096000005
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x05: level 1 translation fault
Data abort info:
ISV = 0, ISS = 0x00000005
CM = 0, WnR = 0
user pgtable: 4k pages, 39-bit VAs, pgdp=0000000042545000
[0000000000000024] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
Internal error: Oops: 0000000096000005 [#1] SMP
Modules linked in: ... mt7915e mt76_connac_lib mt76 mac80211 cfg80211 ...
CPU: 2 PID: 1631 Comm: hostapd Not tainted 5.15.150 #0
Hardware name: ZyXEL EX5700 (Telenor) (DT)
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : mt76_wcid_cleanup+0x84/0x22c [mt76]
lr : mt76_wcid_cleanup+0x64/0x22c [mt76]
sp : ffffffc00a803700
x29: ffffffc00a803700 x28: ffffff80008f7300 x27: ffffff80003f3c00
x26: ffffff80000a7880 x25: ffffffc008c26e00 x24: 0000000000000001
x23: ffffffc000a68114 x22: 0000000000000000 x21: ffffff8004172cc8
x20: ffffffc00a803748 x19: ffffff8004152020 x18: 0000000000000000
x17: 00000000000017c0 x16: ffffffc008ef5000 x15: 0000000000000be0
x14: ffffff8004172e28 x13: ffffff8004172e28 x12: 0000000000000000
x11: 0000000000000000 x10: ffffff8004172e30 x9 : ffffff8004172e28
x8 : 0000000000000000 x7 : ffffff8004156020 x6 : 0000000000000000
x5 : 0000000000000031 x4 : 0000000000000000 x3 : 0000000000000001
x2 : 0000000000000000 x1 : ffffff80008f7300 x0 : 0000000000000024
Call trace:
mt76_wcid_cleanup+0x84/0x22c [mt76]
__mt76_sta_remove+0x70/0xbc [mt76]
mt76_sta_state+0x8c/0x1a4 [mt76]
mt7915_eeprom_get_power_delta+0x11e4/0x23a0 [mt7915e]
drv_sta_state+0x144/0x274 [mac80211]
sta_info_move_state+0x1cc/0x2a4 [mac80211]
sta_set_sinfo+0xaf8/0xc24 [mac80211]
sta_info_destroy_addr_bss+0x4c/0x6c [mac80211]
ieee80211_color_change_finish+0x1c08/0x1e70 [mac80211]
cfg80211_check_station_change+0x1360/0x4710 [cfg80211]
genl_family_rcv_msg_doit+0xb4/0x110
genl_rcv_msg+0xd0/0x1bc
netlink_rcv_skb+0x58/0x120
genl_rcv+0x34/0x50
netlink_unicast+0x1f0/0x2ec
netlink_sendmsg+0x198/0x3d0
____sys_sendmsg+0x1b0/0x210
___sys_sendmsg+0x80/0xf0
__sys_sendmsg+0x44/0xa0
__arm64_sys_sendmsg+0x20/0x30
invoke_syscall.constprop.0+0x4c/0xe0
do_el0_svc+0x40/0xd0
el0_svc+0x14/0x4c
el0t_64_sync_handler+0x100/0x110
el0t_64_sync+0x15c/0x160
Code: d2800002 910092c0 52800023 f9800011 (885f7c01)
---[ end trace 7e42dd9a39ed2281 ]---
Fix by using mt76_dev_phy() which will map band_idx to the correct phy
for all hardware combinations.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
d2defcddfe90b3be0cfccc2482495ab1fb759586 , < 818dd118f4a997f8b4fe9c010b22402d410a2424
(git)
Affected: 0335c034e7265d36d956e806f33202c94a8a9860 , < 7c128f3ff0be5802aef66f332e4bba6afe98735e (git) Affected: 0335c034e7265d36d956e806f33202c94a8a9860 , < a94d2bd111b39f0c2c7fcbfbf8276ab98c3b8353 (git) Affected: 0335c034e7265d36d956e806f33202c94a8a9860 , < 862bf7cbd772c2bad570ef0c5b5556a1330656dd (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47715",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:02:44.864133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:18.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/mediatek/mt76/mac80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "818dd118f4a997f8b4fe9c010b22402d410a2424",
"status": "affected",
"version": "d2defcddfe90b3be0cfccc2482495ab1fb759586",
"versionType": "git"
},
{
"lessThan": "7c128f3ff0be5802aef66f332e4bba6afe98735e",
"status": "affected",
"version": "0335c034e7265d36d956e806f33202c94a8a9860",
"versionType": "git"
},
{
"lessThan": "a94d2bd111b39f0c2c7fcbfbf8276ab98c3b8353",
"status": "affected",
"version": "0335c034e7265d36d956e806f33202c94a8a9860",
"versionType": "git"
},
{
"lessThan": "862bf7cbd772c2bad570ef0c5b5556a1330656dd",
"status": "affected",
"version": "0335c034e7265d36d956e806f33202c94a8a9860",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/mediatek/mt76/mac80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "6.6.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7915: fix oops on non-dbdc mt7986\n\nmt7915_band_config() sets band_idx = 1 on the main phy for mt7986\nwith MT7975_ONE_ADIE or MT7976_ONE_ADIE.\n\nCommit 0335c034e726 (\"wifi: mt76: fix race condition related to\nchecking tx queue fill status\") introduced a dereference of the\nphys array indirectly indexed by band_idx via wcid-\u003ephy_idx in\nmt76_wcid_cleanup(). This caused the following Oops on affected\nmt7986 devices:\n\n Unable to handle kernel read from unreadable memory at virtual address 0000000000000024\n Mem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000005\n CM = 0, WnR = 0\n user pgtable: 4k pages, 39-bit VAs, pgdp=0000000042545000\n [0000000000000024] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n Internal error: Oops: 0000000096000005 [#1] SMP\n Modules linked in: ... mt7915e mt76_connac_lib mt76 mac80211 cfg80211 ...\n CPU: 2 PID: 1631 Comm: hostapd Not tainted 5.15.150 #0\n Hardware name: ZyXEL EX5700 (Telenor) (DT)\n pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mt76_wcid_cleanup+0x84/0x22c [mt76]\n lr : mt76_wcid_cleanup+0x64/0x22c [mt76]\n sp : ffffffc00a803700\n x29: ffffffc00a803700 x28: ffffff80008f7300 x27: ffffff80003f3c00\n x26: ffffff80000a7880 x25: ffffffc008c26e00 x24: 0000000000000001\n x23: ffffffc000a68114 x22: 0000000000000000 x21: ffffff8004172cc8\n x20: ffffffc00a803748 x19: ffffff8004152020 x18: 0000000000000000\n x17: 00000000000017c0 x16: ffffffc008ef5000 x15: 0000000000000be0\n x14: ffffff8004172e28 x13: ffffff8004172e28 x12: 0000000000000000\n x11: 0000000000000000 x10: ffffff8004172e30 x9 : ffffff8004172e28\n x8 : 0000000000000000 x7 : ffffff8004156020 x6 : 0000000000000000\n x5 : 0000000000000031 x4 : 0000000000000000 x3 : 0000000000000001\n x2 : 0000000000000000 x1 : ffffff80008f7300 x0 : 0000000000000024\n Call trace:\n mt76_wcid_cleanup+0x84/0x22c [mt76]\n __mt76_sta_remove+0x70/0xbc [mt76]\n mt76_sta_state+0x8c/0x1a4 [mt76]\n mt7915_eeprom_get_power_delta+0x11e4/0x23a0 [mt7915e]\n drv_sta_state+0x144/0x274 [mac80211]\n sta_info_move_state+0x1cc/0x2a4 [mac80211]\n sta_set_sinfo+0xaf8/0xc24 [mac80211]\n sta_info_destroy_addr_bss+0x4c/0x6c [mac80211]\n\n ieee80211_color_change_finish+0x1c08/0x1e70 [mac80211]\n cfg80211_check_station_change+0x1360/0x4710 [cfg80211]\n genl_family_rcv_msg_doit+0xb4/0x110\n genl_rcv_msg+0xd0/0x1bc\n netlink_rcv_skb+0x58/0x120\n genl_rcv+0x34/0x50\n netlink_unicast+0x1f0/0x2ec\n netlink_sendmsg+0x198/0x3d0\n ____sys_sendmsg+0x1b0/0x210\n ___sys_sendmsg+0x80/0xf0\n __sys_sendmsg+0x44/0xa0\n __arm64_sys_sendmsg+0x20/0x30\n invoke_syscall.constprop.0+0x4c/0xe0\n do_el0_svc+0x40/0xd0\n el0_svc+0x14/0x4c\n el0t_64_sync_handler+0x100/0x110\n el0t_64_sync+0x15c/0x160\n Code: d2800002 910092c0 52800023 f9800011 (885f7c01)\n ---[ end trace 7e42dd9a39ed2281 ]---\n\nFix by using mt76_dev_phy() which will map band_idx to the correct phy\nfor all hardware combinations."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:38:08.832Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/818dd118f4a997f8b4fe9c010b22402d410a2424"
},
{
"url": "https://git.kernel.org/stable/c/7c128f3ff0be5802aef66f332e4bba6afe98735e"
},
{
"url": "https://git.kernel.org/stable/c/a94d2bd111b39f0c2c7fcbfbf8276ab98c3b8353"
},
{
"url": "https://git.kernel.org/stable/c/862bf7cbd772c2bad570ef0c5b5556a1330656dd"
}
],
"title": "wifi: mt76: mt7915: fix oops on non-dbdc mt7986",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47715",
"datePublished": "2024-10-21T11:53:46.772Z",
"dateReserved": "2024-09-30T16:00:12.949Z",
"dateUpdated": "2025-05-04T09:38:08.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50077 (GCVE-0-2024-50077)
Vulnerability from cvelistv5 – Published: 2024-10-29 00:50 – Updated: 2025-11-03 22:25
VLAI?
EPSS
Title
Bluetooth: ISO: Fix multiple init when debugfs is disabled
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: ISO: Fix multiple init when debugfs is disabled
If bt_debugfs is not created successfully, which happens if either
CONFIG_DEBUG_FS or CONFIG_DEBUG_FS_ALLOW_ALL is unset, then iso_init()
returns early and does not set iso_inited to true. This means that a
subsequent call to iso_init() will result in duplicate calls to
proto_register(), bt_sock_register(), etc.
With CONFIG_LIST_HARDENED and CONFIG_BUG_ON_DATA_CORRUPTION enabled, the
duplicate call to proto_register() triggers this BUG():
list_add double add: new=ffffffffc0b280d0, prev=ffffffffbab56250,
next=ffffffffc0b280d0.
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:35!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI
CPU: 2 PID: 887 Comm: bluetoothd Not tainted 6.10.11-1-ao-desktop #1
RIP: 0010:__list_add_valid_or_report+0x9a/0xa0
...
__list_add_valid_or_report+0x9a/0xa0
proto_register+0x2b5/0x340
iso_init+0x23/0x150 [bluetooth]
set_iso_socket_func+0x68/0x1b0 [bluetooth]
kmem_cache_free+0x308/0x330
hci_sock_sendmsg+0x990/0x9e0 [bluetooth]
__sock_sendmsg+0x7b/0x80
sock_write_iter+0x9a/0x110
do_iter_readv_writev+0x11d/0x220
vfs_writev+0x180/0x3e0
do_writev+0xca/0x100
...
This change removes the early return. The check for iso_debugfs being
NULL was unnecessary, it is always NULL when iso_inited is false.
Severity ?
5.5 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
ccf74f2390d60a2f9a75ef496d2564abb478f46a , < fa4b832c5a6ec35023a1b997cf658c436619c752
(git)
Affected: ccf74f2390d60a2f9a75ef496d2564abb478f46a , < 8fb8e912afb4c47dec12ea9a5853e7a8db95816f (git) Affected: ccf74f2390d60a2f9a75ef496d2564abb478f46a , < adf1b179c2ff8073c24bf87e5a605fcc5a09798b (git) Affected: ccf74f2390d60a2f9a75ef496d2564abb478f46a , < a9b7b535ba192c6b77e6c15a4c82d853163eab8c (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:23:28.558687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:27:21.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:25:11.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/iso.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fa4b832c5a6ec35023a1b997cf658c436619c752",
"status": "affected",
"version": "ccf74f2390d60a2f9a75ef496d2564abb478f46a",
"versionType": "git"
},
{
"lessThan": "8fb8e912afb4c47dec12ea9a5853e7a8db95816f",
"status": "affected",
"version": "ccf74f2390d60a2f9a75ef496d2564abb478f46a",
"versionType": "git"
},
{
"lessThan": "adf1b179c2ff8073c24bf87e5a605fcc5a09798b",
"status": "affected",
"version": "ccf74f2390d60a2f9a75ef496d2564abb478f46a",
"versionType": "git"
},
{
"lessThan": "a9b7b535ba192c6b77e6c15a4c82d853163eab8c",
"status": "affected",
"version": "ccf74f2390d60a2f9a75ef496d2564abb478f46a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/iso.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.114",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.114",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.58",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.5",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Fix multiple init when debugfs is disabled\n\nIf bt_debugfs is not created successfully, which happens if either\nCONFIG_DEBUG_FS or CONFIG_DEBUG_FS_ALLOW_ALL is unset, then iso_init()\nreturns early and does not set iso_inited to true. This means that a\nsubsequent call to iso_init() will result in duplicate calls to\nproto_register(), bt_sock_register(), etc.\n\nWith CONFIG_LIST_HARDENED and CONFIG_BUG_ON_DATA_CORRUPTION enabled, the\nduplicate call to proto_register() triggers this BUG():\n\n list_add double add: new=ffffffffc0b280d0, prev=ffffffffbab56250,\n next=ffffffffc0b280d0.\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:35!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 2 PID: 887 Comm: bluetoothd Not tainted 6.10.11-1-ao-desktop #1\n RIP: 0010:__list_add_valid_or_report+0x9a/0xa0\n ...\n __list_add_valid_or_report+0x9a/0xa0\n proto_register+0x2b5/0x340\n iso_init+0x23/0x150 [bluetooth]\n set_iso_socket_func+0x68/0x1b0 [bluetooth]\n kmem_cache_free+0x308/0x330\n hci_sock_sendmsg+0x990/0x9e0 [bluetooth]\n __sock_sendmsg+0x7b/0x80\n sock_write_iter+0x9a/0x110\n do_iter_readv_writev+0x11d/0x220\n vfs_writev+0x180/0x3e0\n do_writev+0xca/0x100\n ...\n\nThis change removes the early return. The check for iso_debugfs being\nNULL was unnecessary, it is always NULL when iso_inited is false."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:45:24.722Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fa4b832c5a6ec35023a1b997cf658c436619c752"
},
{
"url": "https://git.kernel.org/stable/c/8fb8e912afb4c47dec12ea9a5853e7a8db95816f"
},
{
"url": "https://git.kernel.org/stable/c/adf1b179c2ff8073c24bf87e5a605fcc5a09798b"
},
{
"url": "https://git.kernel.org/stable/c/a9b7b535ba192c6b77e6c15a4c82d853163eab8c"
}
],
"title": "Bluetooth: ISO: Fix multiple init when debugfs is disabled",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50077",
"datePublished": "2024-10-29T00:50:19.412Z",
"dateReserved": "2024-10-21T19:36:19.940Z",
"dateUpdated": "2025-11-03T22:25:11.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50059 (GCVE-0-2024-50059)
Vulnerability from cvelistv5 – Published: 2024-10-21 19:39 – Updated: 2026-01-05 10:54
VLAI?
EPSS
Title
ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition
Summary
In the Linux kernel, the following vulnerability has been resolved:
ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition
In the switchtec_ntb_add function, it can call switchtec_ntb_init_sndev
function, then &sndev->check_link_status_work is bound with
check_link_status_work. switchtec_ntb_link_notification may be called
to start the work.
If we remove the module which will call switchtec_ntb_remove to make
cleanup, it will free sndev through kfree(sndev), while the work
mentioned above will be used. The sequence of operations that may lead
to a UAF bug is as follows:
CPU0 CPU1
| check_link_status_work
switchtec_ntb_remove |
kfree(sndev); |
| if (sndev->link_force_down)
| // use sndev
Fix it by ensuring that the work is canceled before proceeding with
the cleanup in switchtec_ntb_remove.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
d04be142b8b61ffb3c9cc5c6d1abda8fc59a16c9 , < 5126d8f5567f49b52e21fca320eaa97977055099
(git)
Affected: d04be142b8b61ffb3c9cc5c6d1abda8fc59a16c9 , < b650189687822b705711f0567a65a164a314d8df (git) Affected: d04be142b8b61ffb3c9cc5c6d1abda8fc59a16c9 , < 92728fceefdaa2a0a3aae675f86193b006eeaa43 (git) Affected: d04be142b8b61ffb3c9cc5c6d1abda8fc59a16c9 , < 3ae45be8492460a35b5aebf6acac1f1d32708946 (git) Affected: d04be142b8b61ffb3c9cc5c6d1abda8fc59a16c9 , < fa840ba4bd9f3bad7f104e5b32028ee73af8b3dd (git) Affected: d04be142b8b61ffb3c9cc5c6d1abda8fc59a16c9 , < 177925d9c8715a897bb79eca62628862213ba956 (git) Affected: d04be142b8b61ffb3c9cc5c6d1abda8fc59a16c9 , < e51aded92d42784313ba16c12f4f88cc4f973bbb (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:23:07.094134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:42.461Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:24:58.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/ntb/hw/mscc/ntb_hw_switchtec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5126d8f5567f49b52e21fca320eaa97977055099",
"status": "affected",
"version": "d04be142b8b61ffb3c9cc5c6d1abda8fc59a16c9",
"versionType": "git"
},
{
"lessThan": "b650189687822b705711f0567a65a164a314d8df",
"status": "affected",
"version": "d04be142b8b61ffb3c9cc5c6d1abda8fc59a16c9",
"versionType": "git"
},
{
"lessThan": "92728fceefdaa2a0a3aae675f86193b006eeaa43",
"status": "affected",
"version": "d04be142b8b61ffb3c9cc5c6d1abda8fc59a16c9",
"versionType": "git"
},
{
"lessThan": "3ae45be8492460a35b5aebf6acac1f1d32708946",
"status": "affected",
"version": "d04be142b8b61ffb3c9cc5c6d1abda8fc59a16c9",
"versionType": "git"
},
{
"lessThan": "fa840ba4bd9f3bad7f104e5b32028ee73af8b3dd",
"status": "affected",
"version": "d04be142b8b61ffb3c9cc5c6d1abda8fc59a16c9",
"versionType": "git"
},
{
"lessThan": "177925d9c8715a897bb79eca62628862213ba956",
"status": "affected",
"version": "d04be142b8b61ffb3c9cc5c6d1abda8fc59a16c9",
"versionType": "git"
},
{
"lessThan": "e51aded92d42784313ba16c12f4f88cc4f973bbb",
"status": "affected",
"version": "d04be142b8b61ffb3c9cc5c6d1abda8fc59a16c9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/ntb/hw/mscc/ntb_hw_switchtec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.57",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.57",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.4",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition\n\nIn the switchtec_ntb_add function, it can call switchtec_ntb_init_sndev\nfunction, then \u0026sndev-\u003echeck_link_status_work is bound with\ncheck_link_status_work. switchtec_ntb_link_notification may be called\nto start the work.\n\nIf we remove the module which will call switchtec_ntb_remove to make\ncleanup, it will free sndev through kfree(sndev), while the work\nmentioned above will be used. The sequence of operations that may lead\nto a UAF bug is as follows:\n\nCPU0 CPU1\n\n | check_link_status_work\nswitchtec_ntb_remove |\nkfree(sndev); |\n | if (sndev-\u003elink_force_down)\n | // use sndev\n\nFix it by ensuring that the work is canceled before proceeding with\nthe cleanup in switchtec_ntb_remove."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:54:57.871Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5126d8f5567f49b52e21fca320eaa97977055099"
},
{
"url": "https://git.kernel.org/stable/c/b650189687822b705711f0567a65a164a314d8df"
},
{
"url": "https://git.kernel.org/stable/c/92728fceefdaa2a0a3aae675f86193b006eeaa43"
},
{
"url": "https://git.kernel.org/stable/c/3ae45be8492460a35b5aebf6acac1f1d32708946"
},
{
"url": "https://git.kernel.org/stable/c/fa840ba4bd9f3bad7f104e5b32028ee73af8b3dd"
},
{
"url": "https://git.kernel.org/stable/c/177925d9c8715a897bb79eca62628862213ba956"
},
{
"url": "https://git.kernel.org/stable/c/e51aded92d42784313ba16c12f4f88cc4f973bbb"
}
],
"title": "ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50059",
"datePublished": "2024-10-21T19:39:49.079Z",
"dateReserved": "2024-10-21T19:36:19.939Z",
"dateUpdated": "2026-01-05T10:54:57.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47697 (GCVE-0-2024-47697)
Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
Summary
In the Linux kernel, the following vulnerability has been resolved:
drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
Ensure index in rtl2830_pid_filter does not exceed 31 to prevent
out-of-bounds access.
dev->filters is a 32-bit value, so set_bit and clear_bit functions should
only operate on indices from 0 to 31. If index is 32, it will attempt to
access a non-existent 33rd bit, leading to out-of-bounds access.
Change the boundary check from index > 32 to index >= 32 to resolve this
issue.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
df70ddad81b47c57bcccffc805fbd75f2f1b2dc6 , < 8ffbe7d07b8e76193b151107878ddc1ccc94deb5
(git)
Affected: df70ddad81b47c57bcccffc805fbd75f2f1b2dc6 , < 883f794c6e498ae24680aead55c16f66b06cfc30 (git) Affected: df70ddad81b47c57bcccffc805fbd75f2f1b2dc6 , < badbd736e6649c4e6d7b4ff7e2b9857acfa9ea94 (git) Affected: df70ddad81b47c57bcccffc805fbd75f2f1b2dc6 , < 86d920d2600c3a48efc2775c1666c1017eec6956 (git) Affected: df70ddad81b47c57bcccffc805fbd75f2f1b2dc6 , < 3dba83d3c81de1368d15a39f22df7b53e306052f (git) Affected: df70ddad81b47c57bcccffc805fbd75f2f1b2dc6 , < 58f31be7dfbc0c84a6497ad51924949cf64b86a2 (git) Affected: df70ddad81b47c57bcccffc805fbd75f2f1b2dc6 , < 7fd6aae7e53b94f4035b1bfce28b8dfa0d0ae470 (git) Affected: df70ddad81b47c57bcccffc805fbd75f2f1b2dc6 , < 042b101d7bf70616c4967c286ffa6fcca65babfb (git) Affected: df70ddad81b47c57bcccffc805fbd75f2f1b2dc6 , < 46d7ebfe6a75a454a5fa28604f0ef1491f9d8d14 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47697",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:05:04.931797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:14:14.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:02.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-frontends/rtl2830.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8ffbe7d07b8e76193b151107878ddc1ccc94deb5",
"status": "affected",
"version": "df70ddad81b47c57bcccffc805fbd75f2f1b2dc6",
"versionType": "git"
},
{
"lessThan": "883f794c6e498ae24680aead55c16f66b06cfc30",
"status": "affected",
"version": "df70ddad81b47c57bcccffc805fbd75f2f1b2dc6",
"versionType": "git"
},
{
"lessThan": "badbd736e6649c4e6d7b4ff7e2b9857acfa9ea94",
"status": "affected",
"version": "df70ddad81b47c57bcccffc805fbd75f2f1b2dc6",
"versionType": "git"
},
{
"lessThan": "86d920d2600c3a48efc2775c1666c1017eec6956",
"status": "affected",
"version": "df70ddad81b47c57bcccffc805fbd75f2f1b2dc6",
"versionType": "git"
},
{
"lessThan": "3dba83d3c81de1368d15a39f22df7b53e306052f",
"status": "affected",
"version": "df70ddad81b47c57bcccffc805fbd75f2f1b2dc6",
"versionType": "git"
},
{
"lessThan": "58f31be7dfbc0c84a6497ad51924949cf64b86a2",
"status": "affected",
"version": "df70ddad81b47c57bcccffc805fbd75f2f1b2dc6",
"versionType": "git"
},
{
"lessThan": "7fd6aae7e53b94f4035b1bfce28b8dfa0d0ae470",
"status": "affected",
"version": "df70ddad81b47c57bcccffc805fbd75f2f1b2dc6",
"versionType": "git"
},
{
"lessThan": "042b101d7bf70616c4967c286ffa6fcca65babfb",
"status": "affected",
"version": "df70ddad81b47c57bcccffc805fbd75f2f1b2dc6",
"versionType": "git"
},
{
"lessThan": "46d7ebfe6a75a454a5fa28604f0ef1491f9d8d14",
"status": "affected",
"version": "df70ddad81b47c57bcccffc805fbd75f2f1b2dc6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-frontends/rtl2830.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"lessThan": "4.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error\n\nEnsure index in rtl2830_pid_filter does not exceed 31 to prevent\nout-of-bounds access.\n\ndev-\u003efilters is a 32-bit value, so set_bit and clear_bit functions should\nonly operate on indices from 0 to 31. If index is 32, it will attempt to\naccess a non-existent 33rd bit, leading to out-of-bounds access.\nChange the boundary check from index \u003e 32 to index \u003e= 32 to resolve this\nissue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:37:37.837Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8ffbe7d07b8e76193b151107878ddc1ccc94deb5"
},
{
"url": "https://git.kernel.org/stable/c/883f794c6e498ae24680aead55c16f66b06cfc30"
},
{
"url": "https://git.kernel.org/stable/c/badbd736e6649c4e6d7b4ff7e2b9857acfa9ea94"
},
{
"url": "https://git.kernel.org/stable/c/86d920d2600c3a48efc2775c1666c1017eec6956"
},
{
"url": "https://git.kernel.org/stable/c/3dba83d3c81de1368d15a39f22df7b53e306052f"
},
{
"url": "https://git.kernel.org/stable/c/58f31be7dfbc0c84a6497ad51924949cf64b86a2"
},
{
"url": "https://git.kernel.org/stable/c/7fd6aae7e53b94f4035b1bfce28b8dfa0d0ae470"
},
{
"url": "https://git.kernel.org/stable/c/042b101d7bf70616c4967c286ffa6fcca65babfb"
},
{
"url": "https://git.kernel.org/stable/c/46d7ebfe6a75a454a5fa28604f0ef1491f9d8d14"
}
],
"title": "drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47697",
"datePublished": "2024-10-21T11:53:34.630Z",
"dateReserved": "2024-09-30T16:00:12.942Z",
"dateUpdated": "2025-11-03T22:21:02.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46807 (GCVE-0-2024-46807)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-11-03 22:18
VLAI?
EPSS
Title
drm/amd/amdgpu: Check tbo resource pointer
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/amdgpu: Check tbo resource pointer
Validate tbo resource pointer, skip if NULL
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
403009bfba45163887398652762ed1fc6645181c , < e55e3904ffeaff81715256a711b1a61f4ad5258a
(git)
Affected: 403009bfba45163887398652762ed1fc6645181c , < 2be1eb6304d9623ba21dd6f3e68ffb753a759635 (git) Affected: 403009bfba45163887398652762ed1fc6645181c , < 4dfec5f5501a27e0a0da00e136d65ef9011ded4c (git) Affected: 403009bfba45163887398652762ed1fc6645181c , < e8765364d4f3aaf88c7abe0a4fc99089d059ab49 (git) Affected: 403009bfba45163887398652762ed1fc6645181c , < 6cd2b872643bb29bba01a8ac739138db7bd79007 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:19:59.164290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:20:11.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:18:50.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e55e3904ffeaff81715256a711b1a61f4ad5258a",
"status": "affected",
"version": "403009bfba45163887398652762ed1fc6645181c",
"versionType": "git"
},
{
"lessThan": "2be1eb6304d9623ba21dd6f3e68ffb753a759635",
"status": "affected",
"version": "403009bfba45163887398652762ed1fc6645181c",
"versionType": "git"
},
{
"lessThan": "4dfec5f5501a27e0a0da00e136d65ef9011ded4c",
"status": "affected",
"version": "403009bfba45163887398652762ed1fc6645181c",
"versionType": "git"
},
{
"lessThan": "e8765364d4f3aaf88c7abe0a4fc99089d059ab49",
"status": "affected",
"version": "403009bfba45163887398652762ed1fc6645181c",
"versionType": "git"
},
{
"lessThan": "6cd2b872643bb29bba01a8ac739138db7bd79007",
"status": "affected",
"version": "403009bfba45163887398652762ed1fc6645181c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.50",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.109",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.50",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Check tbo resource pointer\n\nValidate tbo resource pointer, skip if NULL"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:15.151Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e55e3904ffeaff81715256a711b1a61f4ad5258a"
},
{
"url": "https://git.kernel.org/stable/c/2be1eb6304d9623ba21dd6f3e68ffb753a759635"
},
{
"url": "https://git.kernel.org/stable/c/4dfec5f5501a27e0a0da00e136d65ef9011ded4c"
},
{
"url": "https://git.kernel.org/stable/c/e8765364d4f3aaf88c7abe0a4fc99089d059ab49"
},
{
"url": "https://git.kernel.org/stable/c/6cd2b872643bb29bba01a8ac739138db7bd79007"
}
],
"title": "drm/amd/amdgpu: Check tbo resource pointer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46807",
"datePublished": "2024-09-27T12:35:51.815Z",
"dateReserved": "2024-09-11T15:12:18.282Z",
"dateUpdated": "2025-11-03T22:18:50.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49022 (GCVE-0-2022-49022)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration
Fix possible out-of-bound access in ieee80211_get_rate_duration routine
as reported by the following UBSAN report:
UBSAN: array-index-out-of-bounds in net/mac80211/airtime.c:455:47
index 15 is out of range for type 'u16 [12]'
CPU: 2 PID: 217 Comm: kworker/u32:10 Not tainted 6.1.0-060100rc3-generic
Hardware name: Acer Aspire TC-281/Aspire TC-281, BIOS R01-A2 07/18/2017
Workqueue: mt76 mt76u_tx_status_data [mt76_usb]
Call Trace:
<TASK>
show_stack+0x4e/0x61
dump_stack_lvl+0x4a/0x6f
dump_stack+0x10/0x18
ubsan_epilogue+0x9/0x43
__ubsan_handle_out_of_bounds.cold+0x42/0x47
ieee80211_get_rate_duration.constprop.0+0x22f/0x2a0 [mac80211]
? ieee80211_tx_status_ext+0x32e/0x640 [mac80211]
ieee80211_calc_rx_airtime+0xda/0x120 [mac80211]
ieee80211_calc_tx_airtime+0xb4/0x100 [mac80211]
mt76x02_send_tx_status+0x266/0x480 [mt76x02_lib]
mt76x02_tx_status_data+0x52/0x80 [mt76x02_lib]
mt76u_tx_status_data+0x67/0xd0 [mt76_usb]
process_one_work+0x225/0x400
worker_thread+0x50/0x3e0
? process_one_work+0x400/0x400
kthread+0xe9/0x110
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x22/0x30
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
db3e1c40cf2f973fbdd52ae0b59a9472b1c04f4a , < 0184ede0ec61b9cd075babfaa45081b1bf322234
(git)
Affected: db3e1c40cf2f973fbdd52ae0b59a9472b1c04f4a , < 59b54f0563b6546c94bdb6823d3b382c75407019 (git) Affected: db3e1c40cf2f973fbdd52ae0b59a9472b1c04f4a , < f0fcad4c7201ecfaa17357f4ce0c50b4708df22d (git) Affected: db3e1c40cf2f973fbdd52ae0b59a9472b1c04f4a , < 3e8f7abcc3473bc9603323803aeaed4ffcc3a2ab (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:12:26.001640Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:37.055Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mac80211/airtime.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0184ede0ec61b9cd075babfaa45081b1bf322234",
"status": "affected",
"version": "db3e1c40cf2f973fbdd52ae0b59a9472b1c04f4a",
"versionType": "git"
},
{
"lessThan": "59b54f0563b6546c94bdb6823d3b382c75407019",
"status": "affected",
"version": "db3e1c40cf2f973fbdd52ae0b59a9472b1c04f4a",
"versionType": "git"
},
{
"lessThan": "f0fcad4c7201ecfaa17357f4ce0c50b4708df22d",
"status": "affected",
"version": "db3e1c40cf2f973fbdd52ae0b59a9472b1c04f4a",
"versionType": "git"
},
{
"lessThan": "3e8f7abcc3473bc9603323803aeaed4ffcc3a2ab",
"status": "affected",
"version": "db3e1c40cf2f973fbdd52ae0b59a9472b1c04f4a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mac80211/airtime.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac8021: fix possible oob access in ieee80211_get_rate_duration\n\nFix possible out-of-bound access in ieee80211_get_rate_duration routine\nas reported by the following UBSAN report:\n\nUBSAN: array-index-out-of-bounds in net/mac80211/airtime.c:455:47\nindex 15 is out of range for type \u0027u16 [12]\u0027\nCPU: 2 PID: 217 Comm: kworker/u32:10 Not tainted 6.1.0-060100rc3-generic\nHardware name: Acer Aspire TC-281/Aspire TC-281, BIOS R01-A2 07/18/2017\nWorkqueue: mt76 mt76u_tx_status_data [mt76_usb]\nCall Trace:\n \u003cTASK\u003e\n show_stack+0x4e/0x61\n dump_stack_lvl+0x4a/0x6f\n dump_stack+0x10/0x18\n ubsan_epilogue+0x9/0x43\n __ubsan_handle_out_of_bounds.cold+0x42/0x47\nieee80211_get_rate_duration.constprop.0+0x22f/0x2a0 [mac80211]\n ? ieee80211_tx_status_ext+0x32e/0x640 [mac80211]\n ieee80211_calc_rx_airtime+0xda/0x120 [mac80211]\n ieee80211_calc_tx_airtime+0xb4/0x100 [mac80211]\n mt76x02_send_tx_status+0x266/0x480 [mt76x02_lib]\n mt76x02_tx_status_data+0x52/0x80 [mt76x02_lib]\n mt76u_tx_status_data+0x67/0xd0 [mt76_usb]\n process_one_work+0x225/0x400\n worker_thread+0x50/0x3e0\n ? process_one_work+0x400/0x400\n kthread+0xe9/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:15.655Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0184ede0ec61b9cd075babfaa45081b1bf322234"
},
{
"url": "https://git.kernel.org/stable/c/59b54f0563b6546c94bdb6823d3b382c75407019"
},
{
"url": "https://git.kernel.org/stable/c/f0fcad4c7201ecfaa17357f4ce0c50b4708df22d"
},
{
"url": "https://git.kernel.org/stable/c/3e8f7abcc3473bc9603323803aeaed4ffcc3a2ab"
}
],
"title": "wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49022",
"datePublished": "2024-10-21T20:06:29.239Z",
"dateReserved": "2024-08-22T01:27:53.649Z",
"dateUpdated": "2025-05-04T08:28:15.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}