Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-1048
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | openSUSE Leap 15.3 | ||
| SUSE | N/A | openSUSE Leap 15.4 | ||
| SUSE | N/A | openSUSE Leap 15.5 | ||
| SUSE | N/A | openSUSE Leap 15.6 | ||
| SUSE | SUSE Enterprise Storage | SUSE Enterprise Storage 7.1 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 15 SP4 LTSS | ||
| SUSE | SUSE Linux Enterprise High Availability Extension | SUSE Linux Enterprise High Availability Extension 12 SP5 | ||
| SUSE | SUSE Linux Enterprise High Availability Extension | SUSE Linux Enterprise High Availability Extension 15 SP2 | ||
| SUSE | SUSE Linux Enterprise High Availability Extension | SUSE Linux Enterprise High Availability Extension 15 SP3 | ||
| SUSE | SUSE Linux Enterprise High Availability Extension | SUSE Linux Enterprise High Availability Extension 15 SP4 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 12 SP5 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP2 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP4 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.4 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro for Rancher 5.2 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro for Rancher 5.3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro for Rancher 5.4 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12 SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12 SP5 LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP2 Business Critical Linux | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP2 LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP3 Business Critical Linux | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP3 LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP4 LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12 SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.1 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.2 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.3 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.1 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.2 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.3 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.1 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.2 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.3 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "openSUSE Leap 15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15 SP4 LTSS",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 12 SP5",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP2",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12 SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP2",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP2",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5 LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP2 Business Critical Linux",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP2 LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 Business Critical Linux",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4 LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.3",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-46755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46755"
},
{
"name": "CVE-2024-47748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47748"
},
{
"name": "CVE-2024-46826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46826"
},
{
"name": "CVE-2022-48992",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48992"
},
{
"name": "CVE-2022-48651",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48651"
},
{
"name": "CVE-2022-49010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49010"
},
{
"name": "CVE-2024-46849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46849"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-46815",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46815"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2024-42133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42133"
},
{
"name": "CVE-2022-49028",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49028"
},
{
"name": "CVE-2024-49969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49969"
},
{
"name": "CVE-2022-49015",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49015"
},
{
"name": "CVE-2024-35949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35949"
},
{
"name": "CVE-2024-50208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50208"
},
{
"name": "CVE-2021-47291",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47291"
},
{
"name": "CVE-2023-52846",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52846"
},
{
"name": "CVE-2024-41082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41082"
},
{
"name": "CVE-2022-45934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45934"
},
{
"name": "CVE-2024-36904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36904"
},
{
"name": "CVE-2022-48947",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48947"
},
{
"name": "CVE-2024-42253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42253"
},
{
"name": "CVE-2022-49000",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49000"
},
{
"name": "CVE-2024-49967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49967"
},
{
"name": "CVE-2024-26585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26585"
},
{
"name": "CVE-2021-47612",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47612"
},
{
"name": "CVE-2021-47402",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47402"
},
{
"name": "CVE-2021-47598",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47598"
},
{
"name": "CVE-2024-46724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46724"
},
{
"name": "CVE-2024-46813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46813"
},
{
"name": "CVE-2024-47673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47673"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2022-48953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48953"
},
{
"name": "CVE-2024-45026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45026"
},
{
"name": "CVE-2022-48968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48968"
},
{
"name": "CVE-2022-48788",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48788"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2024-42114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42114"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2022-49007",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49007"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2023-46343",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46343"
},
{
"name": "CVE-2024-35867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35867"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2022-49016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49016"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-49995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49995"
},
{
"name": "CVE-2024-26852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26852"
},
{
"name": "CVE-2022-48994",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48994"
},
{
"name": "CVE-2024-46816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46816"
},
{
"name": "CVE-2022-48987",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48987"
},
{
"name": "CVE-2022-49022",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49022"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2022-48790",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48790"
},
{
"name": "CVE-2022-48969",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48969"
},
{
"name": "CVE-2022-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3435"
},
{
"name": "CVE-2022-48955",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48955"
},
{
"name": "CVE-2022-49002",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49002"
},
{
"name": "CVE-2024-27398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27398"
},
{
"name": "CVE-2024-46802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46802"
},
{
"name": "CVE-2024-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27043"
},
{
"name": "CVE-2022-49023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49023"
},
{
"name": "CVE-2023-52340",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52340"
},
{
"name": "CVE-2022-48789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48789"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2022-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48988"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2022-48954",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48954"
},
{
"name": "CVE-2023-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28327"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2022-49032",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49032"
},
{
"name": "CVE-2022-49027",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49027"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-26804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
},
{
"name": "CVE-2022-48971",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48971"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-49945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49945"
},
{
"name": "CVE-2023-6270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6270"
},
{
"name": "CVE-2024-49891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49891"
},
{
"name": "CVE-2024-35950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35950"
},
{
"name": "CVE-2023-52918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52918"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2022-48959",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48959"
},
{
"name": "CVE-2024-47672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47672"
},
{
"name": "CVE-2023-52800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52800"
},
{
"name": "CVE-2024-44958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44958"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2022-48975",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48975"
},
{
"name": "CVE-2022-49003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49003"
},
{
"name": "CVE-2022-48961",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48961"
},
{
"name": "CVE-2024-49929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49929"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2023-52766",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52766"
},
{
"name": "CVE-2022-48958",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48958"
},
{
"name": "CVE-2022-48949",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48949"
},
{
"name": "CVE-2022-48970",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48970"
},
{
"name": "CVE-2023-52919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52919"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2022-48999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48999"
},
{
"name": "CVE-2021-47589",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47589"
},
{
"name": "CVE-2022-48991",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48991"
},
{
"name": "CVE-2024-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46809"
},
{
"name": "CVE-2022-48956",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48956"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2022-48985",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48985"
},
{
"name": "CVE-2024-35905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35905"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2022-49024",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49024"
},
{
"name": "CVE-2024-49901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49901"
},
{
"name": "CVE-2022-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48948"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-26610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26610"
},
{
"name": "CVE-2022-49026",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49026"
},
{
"name": "CVE-2022-48995",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48995"
},
{
"name": "CVE-2022-49031",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49031"
},
{
"name": "CVE-2024-49920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49920"
},
{
"name": "CVE-2022-48960",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48960"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-40965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40965"
},
{
"name": "CVE-2022-48978",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48978"
},
{
"name": "CVE-2024-49925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49925"
},
{
"name": "CVE-2022-49020",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49020"
},
{
"name": "CVE-2021-47517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47517"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2024-35864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35864"
},
{
"name": "CVE-2022-49029",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49029"
},
{
"name": "CVE-2021-47378",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47378"
},
{
"name": "CVE-2024-46817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46817"
},
{
"name": "CVE-2021-47383",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47383"
},
{
"name": "CVE-2022-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48997"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2023-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52881"
},
{
"name": "CVE-2024-43861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43861"
},
{
"name": "CVE-2024-26923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26923"
},
{
"name": "CVE-2024-40954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
},
{
"name": "CVE-2024-46841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46841"
},
{
"name": "CVE-2024-49930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49930"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2023-52752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52752"
},
{
"name": "CVE-2022-48951",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48951"
},
{
"name": "CVE-2024-39476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39476"
},
{
"name": "CVE-2023-1829",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1829"
},
{
"name": "CVE-2024-47668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47668"
},
{
"name": "CVE-2024-35862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35862"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2022-48664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48664"
},
{
"name": "CVE-2024-46840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46840"
},
{
"name": "CVE-2022-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49014"
},
{
"name": "CVE-2024-41059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41059"
},
{
"name": "CVE-2022-49006",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49006"
},
{
"name": "CVE-2024-49996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49996"
},
{
"name": "CVE-2022-48972",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48972"
},
{
"name": "CVE-2024-46814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46814"
},
{
"name": "CVE-2024-47670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47670"
},
{
"name": "CVE-2024-46818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46818"
},
{
"name": "CVE-2022-48809",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48809"
},
{
"name": "CVE-2024-35817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35817"
},
{
"name": "CVE-2024-26828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26828"
},
{
"name": "CVE-2024-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46848"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2022-49019",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49019"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2022-48879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48879"
},
{
"name": "CVE-2021-47163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47163"
},
{
"name": "CVE-2021-46936",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46936"
},
{
"name": "CVE-2024-35863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35863"
},
{
"name": "CVE-2024-36964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36964"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2022-48946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48946"
},
{
"name": "CVE-2022-48977",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48977"
},
{
"name": "CVE-2022-48981",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48981"
},
{
"name": "CVE-2024-45013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45013"
},
{
"name": "CVE-2022-49011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49011"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2023-6546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6546"
},
{
"name": "CVE-2022-48962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48962"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2023-52502",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52502"
},
{
"name": "CVE-2022-48967",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48967"
},
{
"name": "CVE-2024-47674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47674"
},
{
"name": "CVE-2022-49005",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49005"
},
{
"name": "CVE-2021-47534",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47534"
},
{
"name": "CVE-2023-52898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52898"
},
{
"name": "CVE-2021-47416",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47416"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-35861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35861"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2024-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40909"
},
{
"name": "CVE-2024-46834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46834"
},
{
"name": "CVE-2024-26930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26930"
},
{
"name": "CVE-2024-47745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47745"
},
{
"name": "CVE-2022-49021",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49021"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47747"
},
{
"name": "CVE-2024-26766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26766"
},
{
"name": "CVE-2022-48662",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48662"
},
{
"name": "CVE-2022-49025",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49025"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2022-49012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49012"
},
{
"name": "CVE-2024-44947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44947"
},
{
"name": "CVE-2024-38538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38538"
},
{
"name": "CVE-2022-48973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48973"
},
{
"name": "CVE-2022-48966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48966"
},
{
"name": "CVE-2024-36899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36899"
},
{
"name": "CVE-2024-46716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46716"
},
{
"name": "CVE-2023-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2166"
},
{
"name": "CVE-2024-50058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50058"
},
{
"name": "CVE-2024-26622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26622"
},
{
"name": "CVE-2024-42145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42145"
},
{
"name": "CVE-2024-45016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45016"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1048",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2024-11-28",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4100-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244100-1"
},
{
"published_at": "2024-11-28",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4103-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244103-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4208-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244208-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4124-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244124-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4218-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244218-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4221-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244221-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4217-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244217-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4195-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244195-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4197-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244197-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4140-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244140-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4210-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244210-1"
},
{
"published_at": "2024-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4161-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244161-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4129-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244129-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4219-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244219-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4131-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244131-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4141-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244141-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4220-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244220-1"
},
{
"published_at": "2024-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4179-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244179-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4125-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244125-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4214-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244214-1"
},
{
"published_at": "2024-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4180-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244180-1"
},
{
"published_at": "2024-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4160-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244160-1"
},
{
"published_at": "2024-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4170-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244170-1"
},
{
"published_at": "2024-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4177-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244177-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4122-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244122-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4206-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244206-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4123-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244123-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4128-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244128-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4209-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244209-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4207-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244207-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4127-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244127-1"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4216-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244216-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4120-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244120-1"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:4139-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244139-1"
}
]
}
CVE-2022-48790 (GCVE-0-2022-48790)
Vulnerability from cvelistv5 – Published: 2024-07-16 11:43 – Updated: 2025-12-23 13:20
VLAI?
EPSS
Title
nvme: fix a possible use-after-free in controller reset during load
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvme: fix a possible use-after-free in controller reset during load
Unlike .queue_rq, in .submit_async_event drivers may not check the ctrl
readiness for AER submission. This may lead to a use-after-free
condition that was observed with nvme-tcp.
The race condition may happen in the following scenario:
1. driver executes its reset_ctrl_work
2. -> nvme_stop_ctrl - flushes ctrl async_event_work
3. ctrl sends AEN which is received by the host, which in turn
schedules AEN handling
4. teardown admin queue (which releases the queue socket)
5. AEN processed, submits another AER, calling the driver to submit
6. driver attempts to send the cmd
==> use-after-free
In order to fix that, add ctrl state check to validate the ctrl
is actually able to accept the AER submission.
This addresses the above race in controller resets because the driver
during teardown should:
1. change ctrl state to RESETTING
2. flush async_event_work (as well as other async work elements)
So after 1,2, any other AER command will find the
ctrl state to be RESETTING and bail out without submitting the AER.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
ad22c355b707a8d8d48e282aadc01c0b0604b2e9 , < a25e460fbb0340488d119fb2e28fe3f829b7417e
(git)
Affected: ad22c355b707a8d8d48e282aadc01c0b0604b2e9 , < 70356b756a58704e5c8818cb09da5854af87e765 (git) Affected: ad22c355b707a8d8d48e282aadc01c0b0604b2e9 , < 0ead57ceb21bbf15963b4874c2ac67143455382f (git) Affected: ad22c355b707a8d8d48e282aadc01c0b0604b2e9 , < e043fb5a0336ee74614e26f0d9f36f1f5bb6d606 (git) Affected: ad22c355b707a8d8d48e282aadc01c0b0604b2e9 , < 9e956a2596ae276124ef0d96829c013dd0faf861 (git) Affected: ad22c355b707a8d8d48e282aadc01c0b0604b2e9 , < 0fa0f99fc84e41057cbdd2efbfe91c6b2f47dd9d (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:25:01.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a25e460fbb0340488d119fb2e28fe3f829b7417e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70356b756a58704e5c8818cb09da5854af87e765"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0ead57ceb21bbf15963b4874c2ac67143455382f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e043fb5a0336ee74614e26f0d9f36f1f5bb6d606"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9e956a2596ae276124ef0d96829c013dd0faf861"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0fa0f99fc84e41057cbdd2efbfe91c6b2f47dd9d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:59:38.803415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:15.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a25e460fbb0340488d119fb2e28fe3f829b7417e",
"status": "affected",
"version": "ad22c355b707a8d8d48e282aadc01c0b0604b2e9",
"versionType": "git"
},
{
"lessThan": "70356b756a58704e5c8818cb09da5854af87e765",
"status": "affected",
"version": "ad22c355b707a8d8d48e282aadc01c0b0604b2e9",
"versionType": "git"
},
{
"lessThan": "0ead57ceb21bbf15963b4874c2ac67143455382f",
"status": "affected",
"version": "ad22c355b707a8d8d48e282aadc01c0b0604b2e9",
"versionType": "git"
},
{
"lessThan": "e043fb5a0336ee74614e26f0d9f36f1f5bb6d606",
"status": "affected",
"version": "ad22c355b707a8d8d48e282aadc01c0b0604b2e9",
"versionType": "git"
},
{
"lessThan": "9e956a2596ae276124ef0d96829c013dd0faf861",
"status": "affected",
"version": "ad22c355b707a8d8d48e282aadc01c0b0604b2e9",
"versionType": "git"
},
{
"lessThan": "0fa0f99fc84e41057cbdd2efbfe91c6b2f47dd9d",
"status": "affected",
"version": "ad22c355b707a8d8d48e282aadc01c0b0604b2e9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.102",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.25",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.231",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.181",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.102",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.25",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.11",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix a possible use-after-free in controller reset during load\n\nUnlike .queue_rq, in .submit_async_event drivers may not check the ctrl\nreadiness for AER submission. This may lead to a use-after-free\ncondition that was observed with nvme-tcp.\n\nThe race condition may happen in the following scenario:\n1. driver executes its reset_ctrl_work\n2. -\u003e nvme_stop_ctrl - flushes ctrl async_event_work\n3. ctrl sends AEN which is received by the host, which in turn\n schedules AEN handling\n4. teardown admin queue (which releases the queue socket)\n5. AEN processed, submits another AER, calling the driver to submit\n6. driver attempts to send the cmd\n==\u003e use-after-free\n\nIn order to fix that, add ctrl state check to validate the ctrl\nis actually able to accept the AER submission.\n\nThis addresses the above race in controller resets because the driver\nduring teardown should:\n1. change ctrl state to RESETTING\n2. flush async_event_work (as well as other async work elements)\n\nSo after 1,2, any other AER command will find the\nctrl state to be RESETTING and bail out without submitting the AER."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T13:20:27.690Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a25e460fbb0340488d119fb2e28fe3f829b7417e"
},
{
"url": "https://git.kernel.org/stable/c/70356b756a58704e5c8818cb09da5854af87e765"
},
{
"url": "https://git.kernel.org/stable/c/0ead57ceb21bbf15963b4874c2ac67143455382f"
},
{
"url": "https://git.kernel.org/stable/c/e043fb5a0336ee74614e26f0d9f36f1f5bb6d606"
},
{
"url": "https://git.kernel.org/stable/c/9e956a2596ae276124ef0d96829c013dd0faf861"
},
{
"url": "https://git.kernel.org/stable/c/0fa0f99fc84e41057cbdd2efbfe91c6b2f47dd9d"
}
],
"title": "nvme: fix a possible use-after-free in controller reset during load",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48790",
"datePublished": "2024-07-16T11:43:46.556Z",
"dateReserved": "2024-07-16T11:38:08.893Z",
"dateUpdated": "2025-12-23T13:20:27.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46813 (GCVE-0-2024-46813)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-07-11 17:20
VLAI?
EPSS
Title
drm/amd/display: Check link_index before accessing dc->links[]
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check link_index before accessing dc->links[]
[WHY & HOW]
dc->links[] has max size of MAX_LINKS and NULL is return when trying to
access with out-of-bound index.
This fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 032c5407a608ac3b2a98bf4fbda27d12c20c5887
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < ac04759b4a002969cf0f1384f1b8bb2001cfa782 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 8aa2864044b9d13e95fe224f32e808afbf79ecdf (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:18:36.575115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:18:48.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "032c5407a608ac3b2a98bf4fbda27d12c20c5887",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "ac04759b4a002969cf0f1384f1b8bb2001cfa782",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "8aa2864044b9d13e95fe224f32e808afbf79ecdf",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.87",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_index before accessing dc-\u003elinks[]\n\n[WHY \u0026 HOW]\ndc-\u003elinks[] has max size of MAX_LINKS and NULL is return when trying to\naccess with out-of-bound index.\n\nThis fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:20:38.616Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/032c5407a608ac3b2a98bf4fbda27d12c20c5887"
},
{
"url": "https://git.kernel.org/stable/c/ac04759b4a002969cf0f1384f1b8bb2001cfa782"
},
{
"url": "https://git.kernel.org/stable/c/8aa2864044b9d13e95fe224f32e808afbf79ecdf"
}
],
"title": "drm/amd/display: Check link_index before accessing dc-\u003elinks[]",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46813",
"datePublished": "2024-09-27T12:35:55.786Z",
"dateReserved": "2024-09-11T15:12:18.283Z",
"dateUpdated": "2025-07-11T17:20:38.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49974 (GCVE-0-2024-49974)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
NFSD: Limit the number of concurrent async COPY operations
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Limit the number of concurrent async COPY operations
Nothing appears to limit the number of concurrent async COPY
operations that clients can start. In addition, AFAICT each async
COPY can copy an unlimited number of 4MB chunks, so can run for a
long time. Thus IMO async COPY can become a DoS vector.
Add a restriction mechanism that bounds the number of concurrent
background COPY operations. Start simple and try to be fair -- this
patch implements a per-namespace limit.
An async COPY request that occurs while this limit is exceeded gets
NFS4ERR_DELAY. The requesting client can choose to send the request
again after a delay or fall back to a traditional read/write style
copy.
If there is need to make the mechanism more sophisticated, we can
visit that in future patches.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < 9e52ff544e0bfa09ee339fd7b0937ee3c080c24e
(git)
Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < 43e46ee5efc03990b223f7aa8b77aa9c3d3acfdf (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < 7ea9260874b779637aff6d24c344b8ef4ac862a0 (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < ae267989b7b7933dfedcd26468d0a88fc3a9da9e (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < b4e21431a0db4854b5023cd5af001be557e6c3db (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < 6a488ad7745b8f64625c6d3a24ce7e448e83f11b (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < aadc3bbea163b6caaaebfdd2b6c4667fbc726752 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:33:23.238318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:45.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:54.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfsd/netns.h",
"fs/nfsd/nfs4proc.c",
"fs/nfsd/nfs4state.c",
"fs/nfsd/xdr4.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9e52ff544e0bfa09ee339fd7b0937ee3c080c24e",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
},
{
"lessThan": "43e46ee5efc03990b223f7aa8b77aa9c3d3acfdf",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
},
{
"lessThan": "7ea9260874b779637aff6d24c344b8ef4ac862a0",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
},
{
"lessThan": "ae267989b7b7933dfedcd26468d0a88fc3a9da9e",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
},
{
"lessThan": "b4e21431a0db4854b5023cd5af001be557e6c3db",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
},
{
"lessThan": "6a488ad7745b8f64625c6d3a24ce7e448e83f11b",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
},
{
"lessThan": "aadc3bbea163b6caaaebfdd2b6c4667fbc726752",
"status": "affected",
"version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfsd/netns.h",
"fs/nfsd/nfs4proc.c",
"fs/nfsd/nfs4state.c",
"fs/nfsd/xdr4.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.119",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.231",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.119",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.63",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Limit the number of concurrent async COPY operations\n\nNothing appears to limit the number of concurrent async COPY\noperations that clients can start. In addition, AFAICT each async\nCOPY can copy an unlimited number of 4MB chunks, so can run for a\nlong time. Thus IMO async COPY can become a DoS vector.\n\nAdd a restriction mechanism that bounds the number of concurrent\nbackground COPY operations. Start simple and try to be fair -- this\npatch implements a per-namespace limit.\n\nAn async COPY request that occurs while this limit is exceeded gets\nNFS4ERR_DELAY. The requesting client can choose to send the request\nagain after a delay or fall back to a traditional read/write style\ncopy.\n\nIf there is need to make the mechanism more sophisticated, we can\nvisit that in future patches."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:33.931Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9e52ff544e0bfa09ee339fd7b0937ee3c080c24e"
},
{
"url": "https://git.kernel.org/stable/c/43e46ee5efc03990b223f7aa8b77aa9c3d3acfdf"
},
{
"url": "https://git.kernel.org/stable/c/7ea9260874b779637aff6d24c344b8ef4ac862a0"
},
{
"url": "https://git.kernel.org/stable/c/ae267989b7b7933dfedcd26468d0a88fc3a9da9e"
},
{
"url": "https://git.kernel.org/stable/c/b4e21431a0db4854b5023cd5af001be557e6c3db"
},
{
"url": "https://git.kernel.org/stable/c/6a488ad7745b8f64625c6d3a24ce7e448e83f11b"
},
{
"url": "https://git.kernel.org/stable/c/aadc3bbea163b6caaaebfdd2b6c4667fbc726752"
}
],
"title": "NFSD: Limit the number of concurrent async COPY operations",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49974",
"datePublished": "2024-10-21T18:02:22.392Z",
"dateReserved": "2024-10-21T12:17:06.052Z",
"dateUpdated": "2025-11-03T22:23:54.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-39476 (GCVE-0-2024-39476)
Vulnerability from cvelistv5 – Published: 2024-07-05 06:55 – Updated: 2025-05-04 12:57
VLAI?
EPSS
Title
md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING
Summary
In the Linux kernel, the following vulnerability has been resolved:
md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING
Xiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with
small possibility, the root cause is exactly the same as commit
bed9e27baf52 ("Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"")
However, Dan reported another hang after that, and junxiao investigated
the problem and found out that this is caused by plugged bio can't issue
from raid5d().
Current implementation in raid5d() has a weird dependence:
1) md_check_recovery() from raid5d() must hold 'reconfig_mutex' to clear
MD_SB_CHANGE_PENDING;
2) raid5d() handles IO in a deadloop, until all IO are issued;
3) IO from raid5d() must wait for MD_SB_CHANGE_PENDING to be cleared;
This behaviour is introduce before v2.6, and for consequence, if other
context hold 'reconfig_mutex', and md_check_recovery() can't update
super_block, then raid5d() will waste one cpu 100% by the deadloop, until
'reconfig_mutex' is released.
Refer to the implementation from raid1 and raid10, fix this problem by
skipping issue IO if MD_SB_CHANGE_PENDING is still set after
md_check_recovery(), daemon thread will be woken up when 'reconfig_mutex'
is released. Meanwhile, the hang problem will be fixed as well.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
f3d55bd5b7b928ad82f8075d89c908702f3593ab , < b32aa95843cac6b12c2c014d40fca18aef24a347
(git)
Affected: 1c00bb624cd084e2006520ad0edacaff0fb941c4 , < 634ba3c97ec413cb10681c7b196db43ee461ecf4 (git) Affected: 782b3e71c957991ac8ae53318bc369049d49bb53 , < aa64464c8f4d2ab92f6d0b959a1e0767b829d787 (git) Affected: 9e86dffd0b02594d2e7c60c6db9e889c0395414b , < 098d54934814dd876963abfe751c3b1cf7fbe56a (git) Affected: 5e2cf333b7bd5d3e62595a44d598a254c697cd74 , < 3f8d5e802d4cedd445f9a89be8c3fd2d0e99024b (git) Affected: 5e2cf333b7bd5d3e62595a44d598a254c697cd74 , < cd2538e5af495b3c747e503db346470fc1ffc447 (git) Affected: 5e2cf333b7bd5d3e62595a44d598a254c697cd74 , < e332a12f65d8fed8cf63bedb4e9317bb872b9ac7 (git) Affected: 5e2cf333b7bd5d3e62595a44d598a254c697cd74 , < 151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa (git) Affected: 7d808fe6af8409cf9f46ed2b10840e5788985e9b (git) Affected: 2cab058f2b147e0b7c01546ba00445e5701861f5 (git) Affected: 91962e40ec3d26e291db230cd45b302da2aff200 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39476",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T15:14:06.487642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T15:14:14.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b32aa95843cac6b12c2c014d40fca18aef24a347"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/634ba3c97ec413cb10681c7b196db43ee461ecf4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa64464c8f4d2ab92f6d0b959a1e0767b829d787"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/098d54934814dd876963abfe751c3b1cf7fbe56a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f8d5e802d4cedd445f9a89be8c3fd2d0e99024b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd2538e5af495b3c747e503db346470fc1ffc447"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e332a12f65d8fed8cf63bedb4e9317bb872b9ac7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/raid5.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b32aa95843cac6b12c2c014d40fca18aef24a347",
"status": "affected",
"version": "f3d55bd5b7b928ad82f8075d89c908702f3593ab",
"versionType": "git"
},
{
"lessThan": "634ba3c97ec413cb10681c7b196db43ee461ecf4",
"status": "affected",
"version": "1c00bb624cd084e2006520ad0edacaff0fb941c4",
"versionType": "git"
},
{
"lessThan": "aa64464c8f4d2ab92f6d0b959a1e0767b829d787",
"status": "affected",
"version": "782b3e71c957991ac8ae53318bc369049d49bb53",
"versionType": "git"
},
{
"lessThan": "098d54934814dd876963abfe751c3b1cf7fbe56a",
"status": "affected",
"version": "9e86dffd0b02594d2e7c60c6db9e889c0395414b",
"versionType": "git"
},
{
"lessThan": "3f8d5e802d4cedd445f9a89be8c3fd2d0e99024b",
"status": "affected",
"version": "5e2cf333b7bd5d3e62595a44d598a254c697cd74",
"versionType": "git"
},
{
"lessThan": "cd2538e5af495b3c747e503db346470fc1ffc447",
"status": "affected",
"version": "5e2cf333b7bd5d3e62595a44d598a254c697cd74",
"versionType": "git"
},
{
"lessThan": "e332a12f65d8fed8cf63bedb4e9317bb872b9ac7",
"status": "affected",
"version": "5e2cf333b7bd5d3e62595a44d598a254c697cd74",
"versionType": "git"
},
{
"lessThan": "151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa",
"status": "affected",
"version": "5e2cf333b7bd5d3e62595a44d598a254c697cd74",
"versionType": "git"
},
{
"status": "affected",
"version": "7d808fe6af8409cf9f46ed2b10840e5788985e9b",
"versionType": "git"
},
{
"status": "affected",
"version": "2cab058f2b147e0b7c01546ba00445e5701861f5",
"versionType": "git"
},
{
"status": "affected",
"version": "91962e40ec3d26e291db230cd45b302da2aff200",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/raid5.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.19.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "5.4.220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "5.10.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.15.75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.94",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.34",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.5",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.19.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING\n\nXiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with\nsmall possibility, the root cause is exactly the same as commit\nbed9e27baf52 (\"Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\"\")\n\nHowever, Dan reported another hang after that, and junxiao investigated\nthe problem and found out that this is caused by plugged bio can\u0027t issue\nfrom raid5d().\n\nCurrent implementation in raid5d() has a weird dependence:\n\n1) md_check_recovery() from raid5d() must hold \u0027reconfig_mutex\u0027 to clear\n MD_SB_CHANGE_PENDING;\n2) raid5d() handles IO in a deadloop, until all IO are issued;\n3) IO from raid5d() must wait for MD_SB_CHANGE_PENDING to be cleared;\n\nThis behaviour is introduce before v2.6, and for consequence, if other\ncontext hold \u0027reconfig_mutex\u0027, and md_check_recovery() can\u0027t update\nsuper_block, then raid5d() will waste one cpu 100% by the deadloop, until\n\u0027reconfig_mutex\u0027 is released.\n\nRefer to the implementation from raid1 and raid10, fix this problem by\nskipping issue IO if MD_SB_CHANGE_PENDING is still set after\nmd_check_recovery(), daemon thread will be woken up when \u0027reconfig_mutex\u0027\nis released. Meanwhile, the hang problem will be fixed as well."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:57:03.441Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b32aa95843cac6b12c2c014d40fca18aef24a347"
},
{
"url": "https://git.kernel.org/stable/c/634ba3c97ec413cb10681c7b196db43ee461ecf4"
},
{
"url": "https://git.kernel.org/stable/c/aa64464c8f4d2ab92f6d0b959a1e0767b829d787"
},
{
"url": "https://git.kernel.org/stable/c/098d54934814dd876963abfe751c3b1cf7fbe56a"
},
{
"url": "https://git.kernel.org/stable/c/3f8d5e802d4cedd445f9a89be8c3fd2d0e99024b"
},
{
"url": "https://git.kernel.org/stable/c/cd2538e5af495b3c747e503db346470fc1ffc447"
},
{
"url": "https://git.kernel.org/stable/c/e332a12f65d8fed8cf63bedb4e9317bb872b9ac7"
},
{
"url": "https://git.kernel.org/stable/c/151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa"
}
],
"title": "md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39476",
"datePublished": "2024-07-05T06:55:06.559Z",
"dateReserved": "2024-06-25T14:23:23.746Z",
"dateUpdated": "2025-05-04T12:57:03.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47668 (GCVE-0-2024-47668)
Vulnerability from cvelistv5 – Published: 2024-10-09 14:14 – Updated: 2026-01-05 10:53
VLAI?
EPSS
Title
lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
Summary
In the Linux kernel, the following vulnerability has been resolved:
lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
If we need to increase the tree depth, allocate a new node, and then
race with another thread that increased the tree depth before us, we'll
still have a preallocated node that might be used later.
If we then use that node for a new non-root node, it'll still have a
pointer to the old root instead of being zeroed - fix this by zeroing it
in the cmpxchg failure path.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
ba20ba2e3743bac786dff777954c11930256075e , < 0f27f4f445390cb7f73d4209cb2bf32834dc53da
(git)
Affected: ba20ba2e3743bac786dff777954c11930256075e , < 99418ec776a39609f50934720419e0b464ca2283 (git) Affected: ba20ba2e3743bac786dff777954c11930256075e , < ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169 (git) Affected: ba20ba2e3743bac786dff777954c11930256075e , < ebeff038744c498a036e7a92eb8e433ae0a386d7 (git) Affected: ba20ba2e3743bac786dff777954c11930256075e , < d942e855324a60107025c116245095632476613e (git) Affected: ba20ba2e3743bac786dff777954c11930256075e , < 0f078f8ca93b28a34e20bd050f12cd4efeee7c0f (git) Affected: ba20ba2e3743bac786dff777954c11930256075e , < b2f11c6f3e1fc60742673b8675c95b78447f3dae (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47668",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T13:21:11.227741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T13:21:24.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:20:33.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"lib/generic-radix-tree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0f27f4f445390cb7f73d4209cb2bf32834dc53da",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
},
{
"lessThan": "99418ec776a39609f50934720419e0b464ca2283",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
},
{
"lessThan": "ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
},
{
"lessThan": "ebeff038744c498a036e7a92eb8e433ae0a386d7",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
},
{
"lessThan": "d942e855324a60107025c116245095632476613e",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
},
{
"lessThan": "0f078f8ca93b28a34e20bd050f12cd4efeee7c0f",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
},
{
"lessThan": "b2f11c6f3e1fc60742673b8675c95b78447f3dae",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"lib/generic-radix-tree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.110",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we\u0027ll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it\u0027ll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:53:56.917Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da"
},
{
"url": "https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283"
},
{
"url": "https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169"
},
{
"url": "https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7"
},
{
"url": "https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e"
},
{
"url": "https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f"
},
{
"url": "https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae"
}
],
"title": "lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47668",
"datePublished": "2024-10-09T14:14:00.189Z",
"dateReserved": "2024-09-30T16:00:12.936Z",
"dateUpdated": "2026-01-05T10:53:56.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49965 (GCVE-0-2024-49965)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
ocfs2: remove unreasonable unlock in ocfs2_read_blocks
Summary
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: remove unreasonable unlock in ocfs2_read_blocks
Patch series "Misc fixes for ocfs2_read_blocks", v5.
This series contains 2 fixes for ocfs2_read_blocks(). The first patch fix
the issue reported by syzbot, which detects bad unlock balance in
ocfs2_read_blocks(). The second patch fixes an issue reported by Heming
Zhao when reviewing above fix.
This patch (of 2):
There was a lock release before exiting, so remove the unreasonable unlock.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
6c150df9c2e80b5cf86f5a0d98beb7390ad63bfc , < 5245f109b4afb6595360d4c180d483a6d2009a59
(git)
Affected: cf76c78595ca87548ca5e45c862ac9e0949c4687 , < 9753bcb17b36c9add9b32c61766ddf8d2d161911 (git) Affected: cf76c78595ca87548ca5e45c862ac9e0949c4687 , < 3f1ca6ba5452d53c598a45d21267a2c0c221eef3 (git) Affected: cf76c78595ca87548ca5e45c862ac9e0949c4687 , < f55a33fe0fb5274ef185fd61947cf142138958af (git) Affected: cf76c78595ca87548ca5e45c862ac9e0949c4687 , < 81aba693b129e82e11bb54f569504d943d018de9 (git) Affected: cf76c78595ca87548ca5e45c862ac9e0949c4687 , < 84543da867c967edffd5065fa910ebf56aaae49d (git) Affected: cf76c78595ca87548ca5e45c862ac9e0949c4687 , < df4f20fc3673cee11abf2c571987a95733cb638d (git) Affected: cf76c78595ca87548ca5e45c862ac9e0949c4687 , < 39a88623af3f1c686bf6db1e677ed865ffe6fccc (git) Affected: cf76c78595ca87548ca5e45c862ac9e0949c4687 , < c03a82b4a0c935774afa01fd6d128b444fd930a1 (git) Affected: 01f93d5e36753fc4d06ec67f05ce78c9c6f2dd56 (git) Affected: 65cbd1279f4b999d56a838344a30642db24cd215 (git) Affected: 97e1db17bc1ef4c2e1789bc9323c7be44fba53f8 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:34:35.371630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:47.085Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:47.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/buffer_head_io.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5245f109b4afb6595360d4c180d483a6d2009a59",
"status": "affected",
"version": "6c150df9c2e80b5cf86f5a0d98beb7390ad63bfc",
"versionType": "git"
},
{
"lessThan": "9753bcb17b36c9add9b32c61766ddf8d2d161911",
"status": "affected",
"version": "cf76c78595ca87548ca5e45c862ac9e0949c4687",
"versionType": "git"
},
{
"lessThan": "3f1ca6ba5452d53c598a45d21267a2c0c221eef3",
"status": "affected",
"version": "cf76c78595ca87548ca5e45c862ac9e0949c4687",
"versionType": "git"
},
{
"lessThan": "f55a33fe0fb5274ef185fd61947cf142138958af",
"status": "affected",
"version": "cf76c78595ca87548ca5e45c862ac9e0949c4687",
"versionType": "git"
},
{
"lessThan": "81aba693b129e82e11bb54f569504d943d018de9",
"status": "affected",
"version": "cf76c78595ca87548ca5e45c862ac9e0949c4687",
"versionType": "git"
},
{
"lessThan": "84543da867c967edffd5065fa910ebf56aaae49d",
"status": "affected",
"version": "cf76c78595ca87548ca5e45c862ac9e0949c4687",
"versionType": "git"
},
{
"lessThan": "df4f20fc3673cee11abf2c571987a95733cb638d",
"status": "affected",
"version": "cf76c78595ca87548ca5e45c862ac9e0949c4687",
"versionType": "git"
},
{
"lessThan": "39a88623af3f1c686bf6db1e677ed865ffe6fccc",
"status": "affected",
"version": "cf76c78595ca87548ca5e45c862ac9e0949c4687",
"versionType": "git"
},
{
"lessThan": "c03a82b4a0c935774afa01fd6d128b444fd930a1",
"status": "affected",
"version": "cf76c78595ca87548ca5e45c862ac9e0949c4687",
"versionType": "git"
},
{
"status": "affected",
"version": "01f93d5e36753fc4d06ec67f05ce78c9c6f2dd56",
"versionType": "git"
},
{
"status": "affected",
"version": "65cbd1279f4b999d56a838344a30642db24cd215",
"versionType": "git"
},
{
"status": "affected",
"version": "97e1db17bc1ef4c2e1789bc9323c7be44fba53f8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/buffer_head_io.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.19.87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.157",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: remove unreasonable unlock in ocfs2_read_blocks\n\nPatch series \"Misc fixes for ocfs2_read_blocks\", v5.\n\nThis series contains 2 fixes for ocfs2_read_blocks(). The first patch fix\nthe issue reported by syzbot, which detects bad unlock balance in\nocfs2_read_blocks(). The second patch fixes an issue reported by Heming\nZhao when reviewing above fix.\n\n\nThis patch (of 2):\n\nThere was a lock release before exiting, so remove the unreasonable unlock."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:59:15.214Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5245f109b4afb6595360d4c180d483a6d2009a59"
},
{
"url": "https://git.kernel.org/stable/c/9753bcb17b36c9add9b32c61766ddf8d2d161911"
},
{
"url": "https://git.kernel.org/stable/c/3f1ca6ba5452d53c598a45d21267a2c0c221eef3"
},
{
"url": "https://git.kernel.org/stable/c/f55a33fe0fb5274ef185fd61947cf142138958af"
},
{
"url": "https://git.kernel.org/stable/c/81aba693b129e82e11bb54f569504d943d018de9"
},
{
"url": "https://git.kernel.org/stable/c/84543da867c967edffd5065fa910ebf56aaae49d"
},
{
"url": "https://git.kernel.org/stable/c/df4f20fc3673cee11abf2c571987a95733cb638d"
},
{
"url": "https://git.kernel.org/stable/c/39a88623af3f1c686bf6db1e677ed865ffe6fccc"
},
{
"url": "https://git.kernel.org/stable/c/c03a82b4a0c935774afa01fd6d128b444fd930a1"
}
],
"title": "ocfs2: remove unreasonable unlock in ocfs2_read_blocks",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49965",
"datePublished": "2024-10-21T18:02:16.407Z",
"dateReserved": "2024-10-21T12:17:06.050Z",
"dateUpdated": "2025-11-03T22:23:47.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47742 (GCVE-0-2024-47742)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
firmware_loader: Block path traversal
Summary
In the Linux kernel, the following vulnerability has been resolved:
firmware_loader: Block path traversal
Most firmware names are hardcoded strings, or are constructed from fairly
constrained format strings where the dynamic parts are just some hex
numbers or such.
However, there are a couple codepaths in the kernel where firmware file
names contain string components that are passed through from a device or
semi-privileged userspace; the ones I could find (not counting interfaces
that require root privileges) are:
- lpfc_sli4_request_firmware_update() seems to construct the firmware
filename from "ModelName", a string that was previously parsed out of
some descriptor ("Vital Product Data") in lpfc_fill_vpd()
- nfp_net_fw_find() seems to construct a firmware filename from a model
name coming from nfp_hwinfo_lookup(pf->hwinfo, "nffw.partno"), which I
think parses some descriptor that was read from the device.
(But this case likely isn't exploitable because the format string looks
like "netronome/nic_%s", and there shouldn't be any *folders* starting
with "netronome/nic_". The previous case was different because there,
the "%s" is *at the start* of the format string.)
- module_flash_fw_schedule() is reachable from the
ETHTOOL_MSG_MODULE_FW_FLASH_ACT netlink command, which is marked as
GENL_UNS_ADMIN_PERM (meaning CAP_NET_ADMIN inside a user namespace is
enough to pass the privilege check), and takes a userspace-provided
firmware name.
(But I think to reach this case, you need to have CAP_NET_ADMIN over a
network namespace that a special kind of ethernet device is mapped into,
so I think this is not a viable attack path in practice.)
Fix it by rejecting any firmware names containing ".." path components.
For what it's worth, I went looking and haven't found any USB device
drivers that use the firmware loader dangerously.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
abb139e75c2cdbb955e840d6331cb5863e409d0e , < d1768e5535d3ded59f888637016e6f821f4e069f
(git)
Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < 9b1ca33ebd05b3acef5b976c04e5e791af93ce1b (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < c30558e6c5c9ad6c86459d9acce1520ceeab9ea6 (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < a77fc4acfd49fc6076e565445b2bc5fdc3244da4 (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < 3d2411f4edcb649eaf232160db459bb4770b5251 (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < 7420c1bf7fc784e587b87329cc6dfa3dca537aa4 (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < 28f1cd94d3f1092728fb775a0fe26c5f1ac2ebeb (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < 6c4e13fdfcab34811c3143a0a03c05fec4e870ec (git) Affected: abb139e75c2cdbb955e840d6331cb5863e409d0e , < f0e5311aa8022107d63c54e2f03684ec097d1394 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:59:04.060717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:14.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:38.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/base/firmware_loader/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d1768e5535d3ded59f888637016e6f821f4e069f",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "9b1ca33ebd05b3acef5b976c04e5e791af93ce1b",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "c30558e6c5c9ad6c86459d9acce1520ceeab9ea6",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "a77fc4acfd49fc6076e565445b2bc5fdc3244da4",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "3d2411f4edcb649eaf232160db459bb4770b5251",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "7420c1bf7fc784e587b87329cc6dfa3dca537aa4",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "28f1cd94d3f1092728fb775a0fe26c5f1ac2ebeb",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "6c4e13fdfcab34811c3143a0a03c05fec4e870ec",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
},
{
"lessThan": "f0e5311aa8022107d63c54e2f03684ec097d1394",
"status": "affected",
"version": "abb139e75c2cdbb955e840d6331cb5863e409d0e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/base/firmware_loader/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware_loader: Block path traversal\n\nMost firmware names are hardcoded strings, or are constructed from fairly\nconstrained format strings where the dynamic parts are just some hex\nnumbers or such.\n\nHowever, there are a couple codepaths in the kernel where firmware file\nnames contain string components that are passed through from a device or\nsemi-privileged userspace; the ones I could find (not counting interfaces\nthat require root privileges) are:\n\n - lpfc_sli4_request_firmware_update() seems to construct the firmware\n filename from \"ModelName\", a string that was previously parsed out of\n some descriptor (\"Vital Product Data\") in lpfc_fill_vpd()\n - nfp_net_fw_find() seems to construct a firmware filename from a model\n name coming from nfp_hwinfo_lookup(pf-\u003ehwinfo, \"nffw.partno\"), which I\n think parses some descriptor that was read from the device.\n (But this case likely isn\u0027t exploitable because the format string looks\n like \"netronome/nic_%s\", and there shouldn\u0027t be any *folders* starting\n with \"netronome/nic_\". The previous case was different because there,\n the \"%s\" is *at the start* of the format string.)\n - module_flash_fw_schedule() is reachable from the\n ETHTOOL_MSG_MODULE_FW_FLASH_ACT netlink command, which is marked as\n GENL_UNS_ADMIN_PERM (meaning CAP_NET_ADMIN inside a user namespace is\n enough to pass the privilege check), and takes a userspace-provided\n firmware name.\n (But I think to reach this case, you need to have CAP_NET_ADMIN over a\n network namespace that a special kind of ethernet device is mapped into,\n so I think this is not a viable attack path in practice.)\n\nFix it by rejecting any firmware names containing \"..\" path components.\n\nFor what it\u0027s worth, I went looking and haven\u0027t found any USB device\ndrivers that use the firmware loader dangerously."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:38:52.888Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d1768e5535d3ded59f888637016e6f821f4e069f"
},
{
"url": "https://git.kernel.org/stable/c/9b1ca33ebd05b3acef5b976c04e5e791af93ce1b"
},
{
"url": "https://git.kernel.org/stable/c/c30558e6c5c9ad6c86459d9acce1520ceeab9ea6"
},
{
"url": "https://git.kernel.org/stable/c/a77fc4acfd49fc6076e565445b2bc5fdc3244da4"
},
{
"url": "https://git.kernel.org/stable/c/3d2411f4edcb649eaf232160db459bb4770b5251"
},
{
"url": "https://git.kernel.org/stable/c/7420c1bf7fc784e587b87329cc6dfa3dca537aa4"
},
{
"url": "https://git.kernel.org/stable/c/28f1cd94d3f1092728fb775a0fe26c5f1ac2ebeb"
},
{
"url": "https://git.kernel.org/stable/c/6c4e13fdfcab34811c3143a0a03c05fec4e870ec"
},
{
"url": "https://git.kernel.org/stable/c/f0e5311aa8022107d63c54e2f03684ec097d1394"
}
],
"title": "firmware_loader: Block path traversal",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47742",
"datePublished": "2024-10-21T12:14:10.499Z",
"dateReserved": "2024-09-30T16:00:12.959Z",
"dateUpdated": "2025-11-03T22:21:38.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49894 (GCVE-0-2024-49894)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 22:22
VLAI?
EPSS
Title
drm/amd/display: Fix index out of bounds in degamma hardware format translation
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix index out of bounds in degamma hardware format translation
Fixes index out of bounds issue in
`cm_helper_translate_curve_to_degamma_hw_format` function. The issue
could occur when the index 'i' exceeds the number of transfer function
points (TRANSFER_FUNC_POINTS).
The fix adds a check to ensure 'i' is within bounds before accessing the
transfer function points. If 'i' is out of bounds the function returns
false to indicate an error.
Reported by smatch:
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:594 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:595 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:596 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < b3dfa878257a7e98830b3009ca5831a01d8f85fc
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < f5f6d90087131812c1e4b9d3103f400f1624396d (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < c130a3c09e3746c1a09ce26c20d21d449d039b1d (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < c6979719012a90e5b8e3bc31725fbfdd0b9b2b79 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 2495c8e272d84685403506833a664fad932e453a (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 122e3a7a8c7bcbe3aacddd6103f67f9f36bed473 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 2f5da549535be8ccd2ab7c9abac8562ad370b181 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 07078fa5d589a7fbce8f81ea8acf7aa0021ab38e (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < b7e99058eb2e86aabd7a10761e76cae33d22b49f (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:43:53.969023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:48.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:58.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b3dfa878257a7e98830b3009ca5831a01d8f85fc",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "f5f6d90087131812c1e4b9d3103f400f1624396d",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "c130a3c09e3746c1a09ce26c20d21d449d039b1d",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "c6979719012a90e5b8e3bc31725fbfdd0b9b2b79",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "2495c8e272d84685403506833a664fad932e453a",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "122e3a7a8c7bcbe3aacddd6103f67f9f36bed473",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "2f5da549535be8ccd2ab7c9abac8562ad370b181",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "07078fa5d589a7fbce8f81ea8acf7aa0021ab38e",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "b7e99058eb2e86aabd7a10761e76cae33d22b49f",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in degamma hardware format translation\n\nFixes index out of bounds issue in\n`cm_helper_translate_curve_to_degamma_hw_format` function. The issue\ncould occur when the index \u0027i\u0027 exceeds the number of transfer function\npoints (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\ntransfer function points. If \u0027i\u0027 is out of bounds the function returns\nfalse to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:594 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:595 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:596 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max"
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:20:55.732Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b3dfa878257a7e98830b3009ca5831a01d8f85fc"
},
{
"url": "https://git.kernel.org/stable/c/f5f6d90087131812c1e4b9d3103f400f1624396d"
},
{
"url": "https://git.kernel.org/stable/c/c130a3c09e3746c1a09ce26c20d21d449d039b1d"
},
{
"url": "https://git.kernel.org/stable/c/c6979719012a90e5b8e3bc31725fbfdd0b9b2b79"
},
{
"url": "https://git.kernel.org/stable/c/2495c8e272d84685403506833a664fad932e453a"
},
{
"url": "https://git.kernel.org/stable/c/122e3a7a8c7bcbe3aacddd6103f67f9f36bed473"
},
{
"url": "https://git.kernel.org/stable/c/2f5da549535be8ccd2ab7c9abac8562ad370b181"
},
{
"url": "https://git.kernel.org/stable/c/07078fa5d589a7fbce8f81ea8acf7aa0021ab38e"
},
{
"url": "https://git.kernel.org/stable/c/b7e99058eb2e86aabd7a10761e76cae33d22b49f"
}
],
"title": "drm/amd/display: Fix index out of bounds in degamma hardware format translation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49894",
"datePublished": "2024-10-21T18:01:28.360Z",
"dateReserved": "2024-10-21T12:17:06.025Z",
"dateUpdated": "2025-11-03T22:22:58.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48949 (GCVE-0-2022-48949)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:26
VLAI?
EPSS
Title
igb: Initialize mailbox message for VF reset
Summary
In the Linux kernel, the following vulnerability has been resolved:
igb: Initialize mailbox message for VF reset
When a MAC address is not assigned to the VF, that portion of the message
sent to the VF is not set. The memory, however, is allocated from the
stack meaning that information may be leaked to the VM. Initialize the
message buffer to 0 so that no information is passed to the VM in this
case.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
6ddbc4cf1f4d5a3a58b4223c80881f299dae3774 , < a6629659af3f5c6a91e3914ea62554c975ab77f4
(git)
Affected: 6ddbc4cf1f4d5a3a58b4223c80881f299dae3774 , < ef1d739dd1f362aec081278ff92f943c31eb177a (git) Affected: 6ddbc4cf1f4d5a3a58b4223c80881f299dae3774 , < c581439a977545d61849a72e8ed631cfc8a2a3c1 (git) Affected: 6ddbc4cf1f4d5a3a58b4223c80881f299dae3774 , < f2479c3daaabccbac6c343a737615d0c595c6dc4 (git) Affected: 6ddbc4cf1f4d5a3a58b4223c80881f299dae3774 , < 367e1e3399dbc56fc669740c4ab60e35da632b0e (git) Affected: 6ddbc4cf1f4d5a3a58b4223c80881f299dae3774 , < 51fd5ede7ed42f272682a0c33d6f0767b3484a3d (git) Affected: 6ddbc4cf1f4d5a3a58b4223c80881f299dae3774 , < c383c7c35c7bc15e07a04eefa060a8a80cbeae29 (git) Affected: 6ddbc4cf1f4d5a3a58b4223c80881f299dae3774 , < de5dc44370fbd6b46bd7f1a1e00369be54a041c8 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:21:53.220754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:40.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/igb/igb_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a6629659af3f5c6a91e3914ea62554c975ab77f4",
"status": "affected",
"version": "6ddbc4cf1f4d5a3a58b4223c80881f299dae3774",
"versionType": "git"
},
{
"lessThan": "ef1d739dd1f362aec081278ff92f943c31eb177a",
"status": "affected",
"version": "6ddbc4cf1f4d5a3a58b4223c80881f299dae3774",
"versionType": "git"
},
{
"lessThan": "c581439a977545d61849a72e8ed631cfc8a2a3c1",
"status": "affected",
"version": "6ddbc4cf1f4d5a3a58b4223c80881f299dae3774",
"versionType": "git"
},
{
"lessThan": "f2479c3daaabccbac6c343a737615d0c595c6dc4",
"status": "affected",
"version": "6ddbc4cf1f4d5a3a58b4223c80881f299dae3774",
"versionType": "git"
},
{
"lessThan": "367e1e3399dbc56fc669740c4ab60e35da632b0e",
"status": "affected",
"version": "6ddbc4cf1f4d5a3a58b4223c80881f299dae3774",
"versionType": "git"
},
{
"lessThan": "51fd5ede7ed42f272682a0c33d6f0767b3484a3d",
"status": "affected",
"version": "6ddbc4cf1f4d5a3a58b4223c80881f299dae3774",
"versionType": "git"
},
{
"lessThan": "c383c7c35c7bc15e07a04eefa060a8a80cbeae29",
"status": "affected",
"version": "6ddbc4cf1f4d5a3a58b4223c80881f299dae3774",
"versionType": "git"
},
{
"lessThan": "de5dc44370fbd6b46bd7f1a1e00369be54a041c8",
"status": "affected",
"version": "6ddbc4cf1f4d5a3a58b4223c80881f299dae3774",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/igb/igb_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"lessThan": "4.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.303",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.303",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.161",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.85",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.15",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.1",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Initialize mailbox message for VF reset\n\nWhen a MAC address is not assigned to the VF, that portion of the message\nsent to the VF is not set. The memory, however, is allocated from the\nstack meaning that information may be leaked to the VM. Initialize the\nmessage buffer to 0 so that no information is passed to the VM in this\ncase."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:44.707Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a6629659af3f5c6a91e3914ea62554c975ab77f4"
},
{
"url": "https://git.kernel.org/stable/c/ef1d739dd1f362aec081278ff92f943c31eb177a"
},
{
"url": "https://git.kernel.org/stable/c/c581439a977545d61849a72e8ed631cfc8a2a3c1"
},
{
"url": "https://git.kernel.org/stable/c/f2479c3daaabccbac6c343a737615d0c595c6dc4"
},
{
"url": "https://git.kernel.org/stable/c/367e1e3399dbc56fc669740c4ab60e35da632b0e"
},
{
"url": "https://git.kernel.org/stable/c/51fd5ede7ed42f272682a0c33d6f0767b3484a3d"
},
{
"url": "https://git.kernel.org/stable/c/c383c7c35c7bc15e07a04eefa060a8a80cbeae29"
},
{
"url": "https://git.kernel.org/stable/c/de5dc44370fbd6b46bd7f1a1e00369be54a041c8"
}
],
"title": "igb: Initialize mailbox message for VF reset",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48949",
"datePublished": "2024-10-21T20:05:37.782Z",
"dateReserved": "2024-08-22T01:27:53.625Z",
"dateUpdated": "2025-05-04T08:26:44.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49967 (GCVE-0-2024-49967)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-01-07 08:46
VLAI?
EPSS
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-01-07T08:46:31.368Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49967",
"datePublished": "2024-10-21T18:02:17.714Z",
"dateRejected": "2025-01-07T08:46:31.368Z",
"dateReserved": "2024-10-21T12:17:06.050Z",
"dateUpdated": "2025-01-07T08:46:31.368Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47163 (GCVE-0-2021-47163)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
tipc: wait and exit until all work queues are done
Summary
In the Linux kernel, the following vulnerability has been resolved:
tipc: wait and exit until all work queues are done
On some host, a crash could be triggered simply by repeating these
commands several times:
# modprobe tipc
# tipc bearer enable media udp name UDP1 localip 127.0.0.1
# rmmod tipc
[] BUG: unable to handle kernel paging request at ffffffffc096bb00
[] Workqueue: events 0xffffffffc096bb00
[] Call Trace:
[] ? process_one_work+0x1a7/0x360
[] ? worker_thread+0x30/0x390
[] ? create_worker+0x1a0/0x1a0
[] ? kthread+0x116/0x130
[] ? kthread_flush_work_fn+0x10/0x10
[] ? ret_from_fork+0x35/0x40
When removing the TIPC module, the UDP tunnel sock will be delayed to
release in a work queue as sock_release() can't be done in rtnl_lock().
If the work queue is schedule to run after the TIPC module is removed,
kernel will crash as the work queue function cleanup_beareri() code no
longer exists when trying to invoke it.
To fix it, this patch introduce a member wq_count in tipc_net to track
the numbers of work queues in schedule, and wait and exit until all
work queues are done in tipc_exit_net().
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
d0f91938bede204a343473792529e0db7d599836 , < d1f76dfadaf8f47ed1753f97dbcbd41c16215ffa
(git)
Affected: d0f91938bede204a343473792529e0db7d599836 , < 5195ec5e365a2a9331bfeb585b613a6e94f98dba (git) Affected: d0f91938bede204a343473792529e0db7d599836 , < b9f5b7ad4ac3af006443f535b1ce7bff1d130d7d (git) Affected: d0f91938bede204a343473792529e0db7d599836 , < 04c26faa51d1e2fe71cf13c45791f5174c37f986 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-01T19:41:39.688056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:00.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d1f76dfadaf8f47ed1753f97dbcbd41c16215ffa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5195ec5e365a2a9331bfeb585b613a6e94f98dba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b9f5b7ad4ac3af006443f535b1ce7bff1d130d7d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04c26faa51d1e2fe71cf13c45791f5174c37f986"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tipc/core.c",
"net/tipc/core.h",
"net/tipc/udp_media.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d1f76dfadaf8f47ed1753f97dbcbd41c16215ffa",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
},
{
"lessThan": "5195ec5e365a2a9331bfeb585b613a6e94f98dba",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
},
{
"lessThan": "b9f5b7ad4ac3af006443f535b1ce7bff1d130d7d",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
},
{
"lessThan": "04c26faa51d1e2fe71cf13c45791f5174c37f986",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tipc/core.c",
"net/tipc/core.h",
"net/tipc/udp_media.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.1"
},
{
"lessThan": "4.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: wait and exit until all work queues are done\n\nOn some host, a crash could be triggered simply by repeating these\ncommands several times:\n\n # modprobe tipc\n # tipc bearer enable media udp name UDP1 localip 127.0.0.1\n # rmmod tipc\n\n [] BUG: unable to handle kernel paging request at ffffffffc096bb00\n [] Workqueue: events 0xffffffffc096bb00\n [] Call Trace:\n [] ? process_one_work+0x1a7/0x360\n [] ? worker_thread+0x30/0x390\n [] ? create_worker+0x1a0/0x1a0\n [] ? kthread+0x116/0x130\n [] ? kthread_flush_work_fn+0x10/0x10\n [] ? ret_from_fork+0x35/0x40\n\nWhen removing the TIPC module, the UDP tunnel sock will be delayed to\nrelease in a work queue as sock_release() can\u0027t be done in rtnl_lock().\nIf the work queue is schedule to run after the TIPC module is removed,\nkernel will crash as the work queue function cleanup_beareri() code no\nlonger exists when trying to invoke it.\n\nTo fix it, this patch introduce a member wq_count in tipc_net to track\nthe numbers of work queues in schedule, and wait and exit until all\nwork queues are done in tipc_exit_net()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:22.258Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d1f76dfadaf8f47ed1753f97dbcbd41c16215ffa"
},
{
"url": "https://git.kernel.org/stable/c/5195ec5e365a2a9331bfeb585b613a6e94f98dba"
},
{
"url": "https://git.kernel.org/stable/c/b9f5b7ad4ac3af006443f535b1ce7bff1d130d7d"
},
{
"url": "https://git.kernel.org/stable/c/04c26faa51d1e2fe71cf13c45791f5174c37f986"
}
],
"title": "tipc: wait and exit until all work queues are done",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47163",
"datePublished": "2024-03-25T09:16:16.676Z",
"dateReserved": "2024-03-25T09:12:14.109Z",
"dateUpdated": "2025-05-04T07:05:22.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49021 (GCVE-0-2022-49021)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
net: phy: fix null-ptr-deref while probe() failed
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: phy: fix null-ptr-deref while probe() failed
I got a null-ptr-deref report as following when doing fault injection test:
BUG: kernel NULL pointer dereference, address: 0000000000000058
Oops: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 1 PID: 253 Comm: 507-spi-dm9051 Tainted: G B N 6.1.0-rc3+
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:klist_put+0x2d/0xd0
Call Trace:
<TASK>
klist_remove+0xf1/0x1c0
device_release_driver_internal+0x23e/0x2d0
bus_remove_device+0x1bd/0x240
device_del+0x357/0x770
phy_device_remove+0x11/0x30
mdiobus_unregister+0xa5/0x140
release_nodes+0x6a/0xa0
devres_release_all+0xf8/0x150
device_unbind_cleanup+0x19/0xd0
//probe path:
phy_device_register()
device_add()
phy_connect
phy_attach_direct() //set device driver
probe() //it's failed, driver is not bound
device_bind_driver() // probe failed, it's not called
//remove path:
phy_device_remove()
device_del()
device_release_driver_internal()
__device_release_driver() //dev->drv is not NULL
klist_remove() <- knode_driver is not added yet, cause null-ptr-deref
In phy_attach_direct(), after setting the 'dev->driver', probe() fails,
device_bind_driver() is not called, so the knode_driver->n_klist is not
set, then it causes null-ptr-deref in __device_release_driver() while
deleting device. Fix this by setting dev->driver to NULL in the error
path in phy_attach_direct().
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
e13934563db047043ccead26412f552375cea90c , < 8aaafe0f71314f46a066382a047ba8bb3840d273
(git)
Affected: e13934563db047043ccead26412f552375cea90c , < 51d7f6b20fae8bae64ad1136f1e30d1fd5ba78f7 (git) Affected: e13934563db047043ccead26412f552375cea90c , < 0744c7be4de564db03e24527b2e096b7e0e20972 (git) Affected: e13934563db047043ccead26412f552375cea90c , < 3e21f85d87c836462bb52ef2078ea561260935c1 (git) Affected: e13934563db047043ccead26412f552375cea90c , < fe6bc99c27c21348f548966118867ed26a9a372c (git) Affected: e13934563db047043ccead26412f552375cea90c , < 7730904f50c7187dd16c76949efb56b5fb55cd57 (git) Affected: e13934563db047043ccead26412f552375cea90c , < eaa5722549ac2604ffa56c2e946acc83226f130c (git) Affected: e13934563db047043ccead26412f552375cea90c , < 369eb2c9f1f72adbe91e0ea8efb130f0a2ba11a6 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49021",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:12:34.199961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:37.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/phy/phy_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8aaafe0f71314f46a066382a047ba8bb3840d273",
"status": "affected",
"version": "e13934563db047043ccead26412f552375cea90c",
"versionType": "git"
},
{
"lessThan": "51d7f6b20fae8bae64ad1136f1e30d1fd5ba78f7",
"status": "affected",
"version": "e13934563db047043ccead26412f552375cea90c",
"versionType": "git"
},
{
"lessThan": "0744c7be4de564db03e24527b2e096b7e0e20972",
"status": "affected",
"version": "e13934563db047043ccead26412f552375cea90c",
"versionType": "git"
},
{
"lessThan": "3e21f85d87c836462bb52ef2078ea561260935c1",
"status": "affected",
"version": "e13934563db047043ccead26412f552375cea90c",
"versionType": "git"
},
{
"lessThan": "fe6bc99c27c21348f548966118867ed26a9a372c",
"status": "affected",
"version": "e13934563db047043ccead26412f552375cea90c",
"versionType": "git"
},
{
"lessThan": "7730904f50c7187dd16c76949efb56b5fb55cd57",
"status": "affected",
"version": "e13934563db047043ccead26412f552375cea90c",
"versionType": "git"
},
{
"lessThan": "eaa5722549ac2604ffa56c2e946acc83226f130c",
"status": "affected",
"version": "e13934563db047043ccead26412f552375cea90c",
"versionType": "git"
},
{
"lessThan": "369eb2c9f1f72adbe91e0ea8efb130f0a2ba11a6",
"status": "affected",
"version": "e13934563db047043ccead26412f552375cea90c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/phy/phy_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.14"
},
{
"lessThan": "2.6.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.335",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.301",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.335",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.301",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.268",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "2.6.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: fix null-ptr-deref while probe() failed\n\nI got a null-ptr-deref report as following when doing fault injection test:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000058\nOops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 PID: 253 Comm: 507-spi-dm9051 Tainted: G B N 6.1.0-rc3+\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nRIP: 0010:klist_put+0x2d/0xd0\nCall Trace:\n \u003cTASK\u003e\n klist_remove+0xf1/0x1c0\n device_release_driver_internal+0x23e/0x2d0\n bus_remove_device+0x1bd/0x240\n device_del+0x357/0x770\n phy_device_remove+0x11/0x30\n mdiobus_unregister+0xa5/0x140\n release_nodes+0x6a/0xa0\n devres_release_all+0xf8/0x150\n device_unbind_cleanup+0x19/0xd0\n\n//probe path:\nphy_device_register()\n device_add()\n\nphy_connect\n phy_attach_direct() //set device driver\n probe() //it\u0027s failed, driver is not bound\n device_bind_driver() // probe failed, it\u0027s not called\n\n//remove path:\nphy_device_remove()\n device_del()\n device_release_driver_internal()\n __device_release_driver() //dev-\u003edrv is not NULL\n klist_remove() \u003c- knode_driver is not added yet, cause null-ptr-deref\n\nIn phy_attach_direct(), after setting the \u0027dev-\u003edriver\u0027, probe() fails,\ndevice_bind_driver() is not called, so the knode_driver-\u003en_klist is not\nset, then it causes null-ptr-deref in __device_release_driver() while\ndeleting device. Fix this by setting dev-\u003edriver to NULL in the error\npath in phy_attach_direct()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:14.303Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8aaafe0f71314f46a066382a047ba8bb3840d273"
},
{
"url": "https://git.kernel.org/stable/c/51d7f6b20fae8bae64ad1136f1e30d1fd5ba78f7"
},
{
"url": "https://git.kernel.org/stable/c/0744c7be4de564db03e24527b2e096b7e0e20972"
},
{
"url": "https://git.kernel.org/stable/c/3e21f85d87c836462bb52ef2078ea561260935c1"
},
{
"url": "https://git.kernel.org/stable/c/fe6bc99c27c21348f548966118867ed26a9a372c"
},
{
"url": "https://git.kernel.org/stable/c/7730904f50c7187dd16c76949efb56b5fb55cd57"
},
{
"url": "https://git.kernel.org/stable/c/eaa5722549ac2604ffa56c2e946acc83226f130c"
},
{
"url": "https://git.kernel.org/stable/c/369eb2c9f1f72adbe91e0ea8efb130f0a2ba11a6"
}
],
"title": "net: phy: fix null-ptr-deref while probe() failed",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49021",
"datePublished": "2024-10-21T20:06:28.608Z",
"dateReserved": "2024-08-22T01:27:53.649Z",
"dateUpdated": "2025-05-04T08:28:14.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49995 (GCVE-0-2024-49995)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-04-24 13:44
VLAI?
EPSS
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-04-24T13:44:04.982Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49995",
"datePublished": "2024-10-21T18:02:36.411Z",
"dateRejected": "2025-04-24T13:44:04.982Z",
"dateReserved": "2024-10-21T12:17:06.056Z",
"dateUpdated": "2025-04-24T13:44:04.982Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35950 (GCVE-0-2024-35950)
Vulnerability from cvelistv5 – Published: 2024-05-20 09:41 – Updated: 2026-01-05 10:36
VLAI?
EPSS
Title
drm/client: Fully protect modes[] with dev->mode_config.mutex
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/client: Fully protect modes[] with dev->mode_config.mutex
The modes[] array contains pointers to modes on the connectors'
mode lists, which are protected by dev->mode_config.mutex.
Thus we need to extend modes[] the same protection or by the
time we use it the elements may already be pointing to
freed/reused memory.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
e13a058310509b22b2b45cbdd82d8797e173c3db , < 5a2f957e3c4553bbb100504a1acfeaeb33f4ca4e
(git)
Affected: e13a058310509b22b2b45cbdd82d8797e173c3db , < 41586487769eede64ab1aa6c65c74cbf76c12ef0 (git) Affected: e13a058310509b22b2b45cbdd82d8797e173c3db , < d2dc6600d4e3e1453e3b1fb233e9f97e2a1ae949 (git) Affected: e13a058310509b22b2b45cbdd82d8797e173c3db , < 18c8cc6680ce938d0458859b6a08b4d34f7d8055 (git) Affected: e13a058310509b22b2b45cbdd82d8797e173c3db , < 04e018bd913d3d3336ab7d21c2ad31a9175fe984 (git) Affected: e13a058310509b22b2b45cbdd82d8797e173c3db , < 8ceb873d816786a7c8058f50d903574aff8d3764 (git) Affected: e13a058310509b22b2b45cbdd82d8797e173c3db , < 3eadd887dbac1df8f25f701e5d404d1b90fd0fea (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:10:23.377799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:42.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a2f957e3c4553bbb100504a1acfeaeb33f4ca4e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41586487769eede64ab1aa6c65c74cbf76c12ef0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d2dc6600d4e3e1453e3b1fb233e9f97e2a1ae949"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/18c8cc6680ce938d0458859b6a08b4d34f7d8055"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04e018bd913d3d3336ab7d21c2ad31a9175fe984"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ceb873d816786a7c8058f50d903574aff8d3764"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3eadd887dbac1df8f25f701e5d404d1b90fd0fea"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/drm_client_modeset.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5a2f957e3c4553bbb100504a1acfeaeb33f4ca4e",
"status": "affected",
"version": "e13a058310509b22b2b45cbdd82d8797e173c3db",
"versionType": "git"
},
{
"lessThan": "41586487769eede64ab1aa6c65c74cbf76c12ef0",
"status": "affected",
"version": "e13a058310509b22b2b45cbdd82d8797e173c3db",
"versionType": "git"
},
{
"lessThan": "d2dc6600d4e3e1453e3b1fb233e9f97e2a1ae949",
"status": "affected",
"version": "e13a058310509b22b2b45cbdd82d8797e173c3db",
"versionType": "git"
},
{
"lessThan": "18c8cc6680ce938d0458859b6a08b4d34f7d8055",
"status": "affected",
"version": "e13a058310509b22b2b45cbdd82d8797e173c3db",
"versionType": "git"
},
{
"lessThan": "04e018bd913d3d3336ab7d21c2ad31a9175fe984",
"status": "affected",
"version": "e13a058310509b22b2b45cbdd82d8797e173c3db",
"versionType": "git"
},
{
"lessThan": "8ceb873d816786a7c8058f50d903574aff8d3764",
"status": "affected",
"version": "e13a058310509b22b2b45cbdd82d8797e173c3db",
"versionType": "git"
},
{
"lessThan": "3eadd887dbac1df8f25f701e5d404d1b90fd0fea",
"status": "affected",
"version": "e13a058310509b22b2b45cbdd82d8797e173c3db",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/drm_client_modeset.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.156",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.156",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.87",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.28",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: Fully protect modes[] with dev-\u003emode_config.mutex\n\nThe modes[] array contains pointers to modes on the connectors\u0027\nmode lists, which are protected by dev-\u003emode_config.mutex.\nThus we need to extend modes[] the same protection or by the\ntime we use it the elements may already be pointing to\nfreed/reused memory."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:36:07.144Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5a2f957e3c4553bbb100504a1acfeaeb33f4ca4e"
},
{
"url": "https://git.kernel.org/stable/c/41586487769eede64ab1aa6c65c74cbf76c12ef0"
},
{
"url": "https://git.kernel.org/stable/c/d2dc6600d4e3e1453e3b1fb233e9f97e2a1ae949"
},
{
"url": "https://git.kernel.org/stable/c/18c8cc6680ce938d0458859b6a08b4d34f7d8055"
},
{
"url": "https://git.kernel.org/stable/c/04e018bd913d3d3336ab7d21c2ad31a9175fe984"
},
{
"url": "https://git.kernel.org/stable/c/8ceb873d816786a7c8058f50d903574aff8d3764"
},
{
"url": "https://git.kernel.org/stable/c/3eadd887dbac1df8f25f701e5d404d1b90fd0fea"
}
],
"title": "drm/client: Fully protect modes[] with dev-\u003emode_config.mutex",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35950",
"datePublished": "2024-05-20T09:41:45.333Z",
"dateReserved": "2024-05-17T13:50:33.134Z",
"dateUpdated": "2026-01-05T10:36:07.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47735 (GCVE-0-2024-47735)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled
Fix missuse of spin_lock_irq()/spin_unlock_irq() when
spin_lock_irqsave()/spin_lock_irqrestore() was hold.
This was discovered through the lock debugging, and the corresponding
log is as follows:
raw_local_irq_restore() called with IRQs enabled
WARNING: CPU: 96 PID: 2074 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40
...
Call trace:
warn_bogus_irq_restore+0x30/0x40
_raw_spin_unlock_irqrestore+0x84/0xc8
add_qp_to_list+0x11c/0x148 [hns_roce_hw_v2]
hns_roce_create_qp_common.constprop.0+0x240/0x780 [hns_roce_hw_v2]
hns_roce_create_qp+0x98/0x160 [hns_roce_hw_v2]
create_qp+0x138/0x258
ib_create_qp_kernel+0x50/0xe8
create_mad_qp+0xa8/0x128
ib_mad_port_open+0x218/0x448
ib_mad_init_device+0x70/0x1f8
add_client_context+0xfc/0x220
enable_device_and_get+0xd0/0x140
ib_register_device.part.0+0xf4/0x1c8
ib_register_device+0x34/0x50
hns_roce_register_device+0x174/0x3d0 [hns_roce_hw_v2]
hns_roce_init+0xfc/0x2c0 [hns_roce_hw_v2]
__hns_roce_hw_v2_init_instance+0x7c/0x1d0 [hns_roce_hw_v2]
hns_roce_hw_v2_init_instance+0x9c/0x180 [hns_roce_hw_v2]
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
9a4435375cd151e07c0c38fa601b00115986091b , < 07f0f643d7e570dbe8ef6f5c3367a43e3086a335
(git)
Affected: 9a4435375cd151e07c0c38fa601b00115986091b , < 29c0f546d3fd66238b42cf25bcd5f193bb1cf794 (git) Affected: 9a4435375cd151e07c0c38fa601b00115986091b , < 425589d4af09c49574bd71ac31f811362a5126c3 (git) Affected: 9a4435375cd151e07c0c38fa601b00115986091b , < 094a1821903f33fb91de4b71087773ee16aeb3a0 (git) Affected: 9a4435375cd151e07c0c38fa601b00115986091b , < 2656336a84fcb6802f6e6c233f4661891deea24f (git) Affected: 9a4435375cd151e07c0c38fa601b00115986091b , < a1a3403bb1826c8ec787f0d60c3e7b54f419129e (git) Affected: 9a4435375cd151e07c0c38fa601b00115986091b , < 74d315b5af180220d561684d15897730135733a6 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47735",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:59:57.677353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:15.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:31.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hns/hns_roce_qp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "07f0f643d7e570dbe8ef6f5c3367a43e3086a335",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "29c0f546d3fd66238b42cf25bcd5f193bb1cf794",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "425589d4af09c49574bd71ac31f811362a5126c3",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "094a1821903f33fb91de4b71087773ee16aeb3a0",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "2656336a84fcb6802f6e6c233f4661891deea24f",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "a1a3403bb1826c8ec787f0d60c3e7b54f419129e",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "74d315b5af180220d561684d15897730135733a6",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hns/hns_roce_qp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled\n\nFix missuse of spin_lock_irq()/spin_unlock_irq() when\nspin_lock_irqsave()/spin_lock_irqrestore() was hold.\n\nThis was discovered through the lock debugging, and the corresponding\nlog is as follows:\n\nraw_local_irq_restore() called with IRQs enabled\nWARNING: CPU: 96 PID: 2074 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40\n...\nCall trace:\n warn_bogus_irq_restore+0x30/0x40\n _raw_spin_unlock_irqrestore+0x84/0xc8\n add_qp_to_list+0x11c/0x148 [hns_roce_hw_v2]\n hns_roce_create_qp_common.constprop.0+0x240/0x780 [hns_roce_hw_v2]\n hns_roce_create_qp+0x98/0x160 [hns_roce_hw_v2]\n create_qp+0x138/0x258\n ib_create_qp_kernel+0x50/0xe8\n create_mad_qp+0xa8/0x128\n ib_mad_port_open+0x218/0x448\n ib_mad_init_device+0x70/0x1f8\n add_client_context+0xfc/0x220\n enable_device_and_get+0xd0/0x140\n ib_register_device.part.0+0xf4/0x1c8\n ib_register_device+0x34/0x50\n hns_roce_register_device+0x174/0x3d0 [hns_roce_hw_v2]\n hns_roce_init+0xfc/0x2c0 [hns_roce_hw_v2]\n __hns_roce_hw_v2_init_instance+0x7c/0x1d0 [hns_roce_hw_v2]\n hns_roce_hw_v2_init_instance+0x9c/0x180 [hns_roce_hw_v2]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:38:38.356Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/07f0f643d7e570dbe8ef6f5c3367a43e3086a335"
},
{
"url": "https://git.kernel.org/stable/c/29c0f546d3fd66238b42cf25bcd5f193bb1cf794"
},
{
"url": "https://git.kernel.org/stable/c/425589d4af09c49574bd71ac31f811362a5126c3"
},
{
"url": "https://git.kernel.org/stable/c/094a1821903f33fb91de4b71087773ee16aeb3a0"
},
{
"url": "https://git.kernel.org/stable/c/2656336a84fcb6802f6e6c233f4661891deea24f"
},
{
"url": "https://git.kernel.org/stable/c/a1a3403bb1826c8ec787f0d60c3e7b54f419129e"
},
{
"url": "https://git.kernel.org/stable/c/74d315b5af180220d561684d15897730135733a6"
}
],
"title": "RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47735",
"datePublished": "2024-10-21T12:14:05.876Z",
"dateReserved": "2024-09-30T16:00:12.958Z",
"dateUpdated": "2025-11-03T22:21:31.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49002 (GCVE-0-2022-49002)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
for_each_pci_dev() is implemented by pci_get_device(). The comment of
pci_get_device() says that it will increase the reference count for the
returned pci_dev and also decrease the reference count for the input
pci_dev @from if it is not NULL.
If we break for_each_pci_dev() loop with pdev not NULL, we need to call
pci_dev_put() to decrease the reference count. Add the missing
pci_dev_put() for the error path to avoid reference count leak.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
2e45528930388658603ea24d49cf52867b928d3e , < d47bc9d7bcdbb9adc9703513d964b514fee5b0bf
(git)
Affected: 2e45528930388658603ea24d49cf52867b928d3e , < 71c4a621985fc051ab86d3a86c749069a993fcb2 (git) Affected: 2e45528930388658603ea24d49cf52867b928d3e , < 876d7bfb89273997056220029ff12b1c2cc4691d (git) Affected: 2e45528930388658603ea24d49cf52867b928d3e , < cbdd83bd2fd67142b03ce9dbdd1eab322ff7321f (git) Affected: 2e45528930388658603ea24d49cf52867b928d3e , < a5c65cd56aed027f8a97fda8b691caaeb66d115e (git) Affected: 2e45528930388658603ea24d49cf52867b928d3e , < bdb613ef179ad4bb9d56a2533e9b30e434f1dfb7 (git) Affected: 2e45528930388658603ea24d49cf52867b928d3e , < 2a8f7b90681472948de172dbbf5a54cd342870aa (git) Affected: 2e45528930388658603ea24d49cf52867b928d3e , < 4bedbbd782ebbe7287231fea862c158d4f08a9e3 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:15:03.202654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:40.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/intel/dmar.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d47bc9d7bcdbb9adc9703513d964b514fee5b0bf",
"status": "affected",
"version": "2e45528930388658603ea24d49cf52867b928d3e",
"versionType": "git"
},
{
"lessThan": "71c4a621985fc051ab86d3a86c749069a993fcb2",
"status": "affected",
"version": "2e45528930388658603ea24d49cf52867b928d3e",
"versionType": "git"
},
{
"lessThan": "876d7bfb89273997056220029ff12b1c2cc4691d",
"status": "affected",
"version": "2e45528930388658603ea24d49cf52867b928d3e",
"versionType": "git"
},
{
"lessThan": "cbdd83bd2fd67142b03ce9dbdd1eab322ff7321f",
"status": "affected",
"version": "2e45528930388658603ea24d49cf52867b928d3e",
"versionType": "git"
},
{
"lessThan": "a5c65cd56aed027f8a97fda8b691caaeb66d115e",
"status": "affected",
"version": "2e45528930388658603ea24d49cf52867b928d3e",
"versionType": "git"
},
{
"lessThan": "bdb613ef179ad4bb9d56a2533e9b30e434f1dfb7",
"status": "affected",
"version": "2e45528930388658603ea24d49cf52867b928d3e",
"versionType": "git"
},
{
"lessThan": "2a8f7b90681472948de172dbbf5a54cd342870aa",
"status": "affected",
"version": "2e45528930388658603ea24d49cf52867b928d3e",
"versionType": "git"
},
{
"lessThan": "4bedbbd782ebbe7287231fea862c158d4f08a9e3",
"status": "affected",
"version": "2e45528930388658603ea24d49cf52867b928d3e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/intel/dmar.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.15"
},
{
"lessThan": "3.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.335",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.301",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.335",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.301",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.268",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "3.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()\n\nfor_each_pci_dev() is implemented by pci_get_device(). The comment of\npci_get_device() says that it will increase the reference count for the\nreturned pci_dev and also decrease the reference count for the input\npci_dev @from if it is not NULL.\n\nIf we break for_each_pci_dev() loop with pdev not NULL, we need to call\npci_dev_put() to decrease the reference count. Add the missing\npci_dev_put() for the error path to avoid reference count leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:50.143Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d47bc9d7bcdbb9adc9703513d964b514fee5b0bf"
},
{
"url": "https://git.kernel.org/stable/c/71c4a621985fc051ab86d3a86c749069a993fcb2"
},
{
"url": "https://git.kernel.org/stable/c/876d7bfb89273997056220029ff12b1c2cc4691d"
},
{
"url": "https://git.kernel.org/stable/c/cbdd83bd2fd67142b03ce9dbdd1eab322ff7321f"
},
{
"url": "https://git.kernel.org/stable/c/a5c65cd56aed027f8a97fda8b691caaeb66d115e"
},
{
"url": "https://git.kernel.org/stable/c/bdb613ef179ad4bb9d56a2533e9b30e434f1dfb7"
},
{
"url": "https://git.kernel.org/stable/c/2a8f7b90681472948de172dbbf5a54cd342870aa"
},
{
"url": "https://git.kernel.org/stable/c/4bedbbd782ebbe7287231fea862c158d4f08a9e3"
}
],
"title": "iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49002",
"datePublished": "2024-10-21T20:06:16.093Z",
"dateReserved": "2024-08-22T01:27:53.642Z",
"dateUpdated": "2025-05-04T08:27:50.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46716 (GCVE-0-2024-46716)
Vulnerability from cvelistv5 – Published: 2024-09-18 06:32 – Updated: 2026-01-05 10:52
VLAI?
EPSS
Title
dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor
Remove list_del call in msgdma_chan_desc_cleanup, this should be the role
of msgdma_free_descriptor. In consequence replace list_add_tail with
list_move_tail in msgdma_free_descriptor.
This fixes the path:
msgdma_free_chan_resources -> msgdma_free_descriptors ->
msgdma_free_desc_list -> msgdma_free_descriptor
which does not correctly free the descriptors as first nodes were not
removed from the list.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
a85c6f1b2921cbd2f54666a52804f407c4a064fe , < a3480e59fdbe5585d2d1eff0bed7671583acf725
(git)
Affected: a85c6f1b2921cbd2f54666a52804f407c4a064fe , < 20bf2920a869f9dbda0ef8c94c87d1901a64a716 (git) Affected: a85c6f1b2921cbd2f54666a52804f407c4a064fe , < db67686676c7becc1910bf1d6d51505876821863 (git) Affected: a85c6f1b2921cbd2f54666a52804f407c4a064fe , < 54e4ada1a4206f878e345ae01cf37347d803d1b1 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:58:09.271369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:58:23.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:16:48.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/altera-msgdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a3480e59fdbe5585d2d1eff0bed7671583acf725",
"status": "affected",
"version": "a85c6f1b2921cbd2f54666a52804f407c4a064fe",
"versionType": "git"
},
{
"lessThan": "20bf2920a869f9dbda0ef8c94c87d1901a64a716",
"status": "affected",
"version": "a85c6f1b2921cbd2f54666a52804f407c4a064fe",
"versionType": "git"
},
{
"lessThan": "db67686676c7becc1910bf1d6d51505876821863",
"status": "affected",
"version": "a85c6f1b2921cbd2f54666a52804f407c4a064fe",
"versionType": "git"
},
{
"lessThan": "54e4ada1a4206f878e345ae01cf37347d803d1b1",
"status": "affected",
"version": "a85c6f1b2921cbd2f54666a52804f407c4a064fe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/altera-msgdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.50",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.109",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.50",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor\n\nRemove list_del call in msgdma_chan_desc_cleanup, this should be the role\nof msgdma_free_descriptor. In consequence replace list_add_tail with\nlist_move_tail in msgdma_free_descriptor.\n\nThis fixes the path:\n msgdma_free_chan_resources -\u003e msgdma_free_descriptors -\u003e\n msgdma_free_desc_list -\u003e msgdma_free_descriptor\n\nwhich does not correctly free the descriptors as first nodes were not\nremoved from the list."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:52:51.496Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725"
},
{
"url": "https://git.kernel.org/stable/c/20bf2920a869f9dbda0ef8c94c87d1901a64a716"
},
{
"url": "https://git.kernel.org/stable/c/db67686676c7becc1910bf1d6d51505876821863"
},
{
"url": "https://git.kernel.org/stable/c/54e4ada1a4206f878e345ae01cf37347d803d1b1"
}
],
"title": "dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46716",
"datePublished": "2024-09-18T06:32:16.084Z",
"dateReserved": "2024-09-11T15:12:18.254Z",
"dateUpdated": "2026-01-05T10:52:51.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46815 (GCVE-0-2024-46815)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-11-03 22:18
VLAI?
EPSS
Title
drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]
[WHY & HOW]
num_valid_sets needs to be checked to avoid a negative index when
accessing reader_wm_sets[num_valid_sets - 1].
This fixes an OVERRUN issue reported by Coverity.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < a72d4996409569027b4609414a14a87679b12267
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 7c47dd2e92341f2989ab73dbed07f8894593ad7b (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < c4a7f7c0062fe2c73f70bb7e335199e25bd71492 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < b36e9b3104c4ba0f2f5dd083dcf6159cb316c996 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < b38a4815f79b87efb196cd5121579fc51e29a7fb (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:18:10.423569Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:18:21.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:18:59.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a72d4996409569027b4609414a14a87679b12267",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "7c47dd2e92341f2989ab73dbed07f8894593ad7b",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "c4a7f7c0062fe2c73f70bb7e335199e25bd71492",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "b36e9b3104c4ba0f2f5dd083dcf6159cb316c996",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "b38a4815f79b87efb196cd5121579fc51e29a7fb",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.50",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.109",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.50",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY \u0026 HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:20:39.741Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a72d4996409569027b4609414a14a87679b12267"
},
{
"url": "https://git.kernel.org/stable/c/7c47dd2e92341f2989ab73dbed07f8894593ad7b"
},
{
"url": "https://git.kernel.org/stable/c/c4a7f7c0062fe2c73f70bb7e335199e25bd71492"
},
{
"url": "https://git.kernel.org/stable/c/b36e9b3104c4ba0f2f5dd083dcf6159cb316c996"
},
{
"url": "https://git.kernel.org/stable/c/21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf"
},
{
"url": "https://git.kernel.org/stable/c/6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0"
},
{
"url": "https://git.kernel.org/stable/c/b38a4815f79b87efb196cd5121579fc51e29a7fb"
}
],
"title": "drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46815",
"datePublished": "2024-09-27T12:35:57.062Z",
"dateReserved": "2024-09-11T15:12:18.283Z",
"dateUpdated": "2025-11-03T22:18:59.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47672 (GCVE-0-2024-47672)
Vulnerability from cvelistv5 – Published: 2024-10-09 14:49 – Updated: 2026-01-05 11:10
VLAI?
EPSS
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2026-01-05T11:10:22.327Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47672",
"datePublished": "2024-10-09T14:49:13.646Z",
"dateRejected": "2026-01-05T11:10:22.327Z",
"dateReserved": "2024-09-30T16:00:12.936Z",
"dateUpdated": "2026-01-05T11:10:22.327Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48809 (GCVE-0-2022-48809)
Vulnerability from cvelistv5 – Published: 2024-07-16 11:43 – Updated: 2025-05-04 08:23
VLAI?
EPSS
Title
net: fix a memleak when uncloning an skb dst and its metadata
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: fix a memleak when uncloning an skb dst and its metadata
When uncloning an skb dst and its associated metadata, a new
dst+metadata is allocated and later replaces the old one in the skb.
This is helpful to have a non-shared dst+metadata attached to a specific
skb.
The issue is the uncloned dst+metadata is initialized with a refcount of
1, which is increased to 2 before attaching it to the skb. When
tun_dst_unclone returns, the dst+metadata is only referenced from a
single place (the skb) while its refcount is 2. Its refcount will never
drop to 0 (when the skb is consumed), leading to a memory leak.
Fix this by removing the call to dst_hold in tun_dst_unclone, as the
dst+metadata refcount is already 1.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
fc4099f17240767554ff3a73977acb78ef615404 , < 4ac84498fbe84a00e7aef185e2bb3e40ce71eca4
(git)
Affected: fc4099f17240767554ff3a73977acb78ef615404 , < c1ff27d100e2670b03cbfddb9117e5f9fc672540 (git) Affected: fc4099f17240767554ff3a73977acb78ef615404 , < 0be943916d781df2b652793bb2d3ae4f9624c10a (git) Affected: fc4099f17240767554ff3a73977acb78ef615404 , < a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88 (git) Affected: fc4099f17240767554ff3a73977acb78ef615404 , < 00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1 (git) Affected: fc4099f17240767554ff3a73977acb78ef615404 , < fdcb263fa5cda15b8cb24a641fa2718c47605314 (git) Affected: fc4099f17240767554ff3a73977acb78ef615404 , < 8b1087b998e273f07be13dcb5f3ca4c309c7f108 (git) Affected: fc4099f17240767554ff3a73977acb78ef615404 , < 9eeabdf17fa0ab75381045c867c370f4cc75a613 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:25:01.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4ac84498fbe84a00e7aef185e2bb3e40ce71eca4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c1ff27d100e2670b03cbfddb9117e5f9fc672540"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0be943916d781df2b652793bb2d3ae4f9624c10a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fdcb263fa5cda15b8cb24a641fa2718c47605314"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b1087b998e273f07be13dcb5f3ca4c309c7f108"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9eeabdf17fa0ab75381045c867c370f4cc75a613"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:58:37.940393Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:13.409Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/dst_metadata.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4ac84498fbe84a00e7aef185e2bb3e40ce71eca4",
"status": "affected",
"version": "fc4099f17240767554ff3a73977acb78ef615404",
"versionType": "git"
},
{
"lessThan": "c1ff27d100e2670b03cbfddb9117e5f9fc672540",
"status": "affected",
"version": "fc4099f17240767554ff3a73977acb78ef615404",
"versionType": "git"
},
{
"lessThan": "0be943916d781df2b652793bb2d3ae4f9624c10a",
"status": "affected",
"version": "fc4099f17240767554ff3a73977acb78ef615404",
"versionType": "git"
},
{
"lessThan": "a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88",
"status": "affected",
"version": "fc4099f17240767554ff3a73977acb78ef615404",
"versionType": "git"
},
{
"lessThan": "00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1",
"status": "affected",
"version": "fc4099f17240767554ff3a73977acb78ef615404",
"versionType": "git"
},
{
"lessThan": "fdcb263fa5cda15b8cb24a641fa2718c47605314",
"status": "affected",
"version": "fc4099f17240767554ff3a73977acb78ef615404",
"versionType": "git"
},
{
"lessThan": "8b1087b998e273f07be13dcb5f3ca4c309c7f108",
"status": "affected",
"version": "fc4099f17240767554ff3a73977acb78ef615404",
"versionType": "git"
},
{
"lessThan": "9eeabdf17fa0ab75381045c867c370f4cc75a613",
"status": "affected",
"version": "fc4099f17240767554ff3a73977acb78ef615404",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/dst_metadata.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.267",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.180",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.302",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.267",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.230",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.180",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.101",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.24",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.10",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix a memleak when uncloning an skb dst and its metadata\n\nWhen uncloning an skb dst and its associated metadata, a new\ndst+metadata is allocated and later replaces the old one in the skb.\nThis is helpful to have a non-shared dst+metadata attached to a specific\nskb.\n\nThe issue is the uncloned dst+metadata is initialized with a refcount of\n1, which is increased to 2 before attaching it to the skb. When\ntun_dst_unclone returns, the dst+metadata is only referenced from a\nsingle place (the skb) while its refcount is 2. Its refcount will never\ndrop to 0 (when the skb is consumed), leading to a memory leak.\n\nFix this by removing the call to dst_hold in tun_dst_unclone, as the\ndst+metadata refcount is already 1."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:23:32.834Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4ac84498fbe84a00e7aef185e2bb3e40ce71eca4"
},
{
"url": "https://git.kernel.org/stable/c/c1ff27d100e2670b03cbfddb9117e5f9fc672540"
},
{
"url": "https://git.kernel.org/stable/c/0be943916d781df2b652793bb2d3ae4f9624c10a"
},
{
"url": "https://git.kernel.org/stable/c/a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88"
},
{
"url": "https://git.kernel.org/stable/c/00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1"
},
{
"url": "https://git.kernel.org/stable/c/fdcb263fa5cda15b8cb24a641fa2718c47605314"
},
{
"url": "https://git.kernel.org/stable/c/8b1087b998e273f07be13dcb5f3ca4c309c7f108"
},
{
"url": "https://git.kernel.org/stable/c/9eeabdf17fa0ab75381045c867c370f4cc75a613"
}
],
"title": "net: fix a memleak when uncloning an skb dst and its metadata",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48809",
"datePublished": "2024-07-16T11:43:59.757Z",
"dateReserved": "2024-07-16T11:38:08.897Z",
"dateUpdated": "2025-05-04T08:23:32.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45026 (GCVE-0-2024-45026)
Vulnerability from cvelistv5 – Published: 2024-09-11 15:13 – Updated: 2025-11-03 22:15
VLAI?
EPSS
Title
s390/dasd: fix error recovery leading to data corruption on ESE devices
Summary
In the Linux kernel, the following vulnerability has been resolved:
s390/dasd: fix error recovery leading to data corruption on ESE devices
Extent Space Efficient (ESE) or thin provisioned volumes need to be
formatted on demand during usual IO processing.
The dasd_ese_needs_format function checks for error codes that signal
the non existence of a proper track format.
The check for incorrect length is to imprecise since other error cases
leading to transport of insufficient data also have this flag set.
This might lead to data corruption in certain error cases for example
during a storage server warmstart.
Fix by removing the check for incorrect length and replacing by
explicitly checking for invalid track format in transport mode.
Also remove the check for file protected since this is not a valid
ESE handling case.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9 , < 19f60a55b2fda49bc4f6134a5f6356ef62ee69d8
(git)
Affected: 5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9 , < e245a18281c252c8dbc467492e09bb5d4b012118 (git) Affected: 5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9 , < a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a (git) Affected: 5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9 , < 0a228896a1b3654cd461ff654f6a64e97a9c3246 (git) Affected: 5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9 , < 93a7e2856951680cd7fe6ebd705ac10c8a8a5efd (git) Affected: 5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9 , < 5d4a304338daf83ace2887aaacafd66fe99ed5cc (git) Affected: 5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9 , < 7db4042336580dfd75cb5faa82c12cd51098c90b (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:46:39.841573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:46:54.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:15:37.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/block/dasd.c",
"drivers/s390/block/dasd_3990_erp.c",
"drivers/s390/block/dasd_eckd.c",
"drivers/s390/block/dasd_int.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "19f60a55b2fda49bc4f6134a5f6356ef62ee69d8",
"status": "affected",
"version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
"versionType": "git"
},
{
"lessThan": "e245a18281c252c8dbc467492e09bb5d4b012118",
"status": "affected",
"version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
"versionType": "git"
},
{
"lessThan": "a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a",
"status": "affected",
"version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
"versionType": "git"
},
{
"lessThan": "0a228896a1b3654cd461ff654f6a64e97a9c3246",
"status": "affected",
"version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
"versionType": "git"
},
{
"lessThan": "93a7e2856951680cd7fe6ebd705ac10c8a8a5efd",
"status": "affected",
"version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
"versionType": "git"
},
{
"lessThan": "5d4a304338daf83ace2887aaacafd66fe99ed5cc",
"status": "affected",
"version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
"versionType": "git"
},
{
"lessThan": "7db4042336580dfd75cb5faa82c12cd51098c90b",
"status": "affected",
"version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/block/dasd.c",
"drivers/s390/block/dasd_3990_erp.c",
"drivers/s390/block/dasd_eckd.c",
"drivers/s390/block/dasd_int.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.283",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.225",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.48",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.7",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error recovery leading to data corruption on ESE devices\n\nExtent Space Efficient (ESE) or thin provisioned volumes need to be\nformatted on demand during usual IO processing.\n\nThe dasd_ese_needs_format function checks for error codes that signal\nthe non existence of a proper track format.\n\nThe check for incorrect length is to imprecise since other error cases\nleading to transport of insufficient data also have this flag set.\nThis might lead to data corruption in certain error cases for example\nduring a storage server warmstart.\n\nFix by removing the check for incorrect length and replacing by\nexplicitly checking for invalid track format in transport mode.\n\nAlso remove the check for file protected since this is not a valid\nESE handling case."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:31:22.388Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/19f60a55b2fda49bc4f6134a5f6356ef62ee69d8"
},
{
"url": "https://git.kernel.org/stable/c/e245a18281c252c8dbc467492e09bb5d4b012118"
},
{
"url": "https://git.kernel.org/stable/c/a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a"
},
{
"url": "https://git.kernel.org/stable/c/0a228896a1b3654cd461ff654f6a64e97a9c3246"
},
{
"url": "https://git.kernel.org/stable/c/93a7e2856951680cd7fe6ebd705ac10c8a8a5efd"
},
{
"url": "https://git.kernel.org/stable/c/5d4a304338daf83ace2887aaacafd66fe99ed5cc"
},
{
"url": "https://git.kernel.org/stable/c/7db4042336580dfd75cb5faa82c12cd51098c90b"
}
],
"title": "s390/dasd: fix error recovery leading to data corruption on ESE devices",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45026",
"datePublished": "2024-09-11T15:13:58.396Z",
"dateReserved": "2024-08-21T05:34:56.685Z",
"dateUpdated": "2025-11-03T22:15:37.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49929 (GCVE-0-2024-49929)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 20:42
VLAI?
EPSS
Title
wifi: iwlwifi: mvm: avoid NULL pointer dereference
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: avoid NULL pointer dereference
iwl_mvm_tx_skb_sta() and iwl_mvm_tx_mpdu() verify that the mvmvsta
pointer is not NULL.
It retrieves this pointer using iwl_mvm_sta_from_mac80211, which is
dereferencing the ieee80211_sta pointer.
If sta is NULL, iwl_mvm_sta_from_mac80211 will dereference a NULL
pointer.
Fix this by checking the sta pointer before retrieving the mvmsta
from it. If sta is not NULL, then mvmsta isn't either.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
5b577a90fb3d86447ee86f8e0c6ddbd5da2ef8c9 , < cbc6fc9cfcde151ff5eadaefdc6155f99579384f
(git)
Affected: 5b577a90fb3d86447ee86f8e0c6ddbd5da2ef8c9 , < 6dcadb2ed3b76623ab96e3e7fbeda1a374d01c28 (git) Affected: 5b577a90fb3d86447ee86f8e0c6ddbd5da2ef8c9 , < cdbf51bfa4b0411820806777da36d93d49bc49a1 (git) Affected: 5b577a90fb3d86447ee86f8e0c6ddbd5da2ef8c9 , < c0b4f5d94934c290479180868a32c15ba36a6d9e (git) Affected: 5b577a90fb3d86447ee86f8e0c6ddbd5da2ef8c9 , < 557a6cd847645e667f3b362560bd7e7c09aac284 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:39:18.933944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:43.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:42:04.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/mvm/tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cbc6fc9cfcde151ff5eadaefdc6155f99579384f",
"status": "affected",
"version": "5b577a90fb3d86447ee86f8e0c6ddbd5da2ef8c9",
"versionType": "git"
},
{
"lessThan": "6dcadb2ed3b76623ab96e3e7fbeda1a374d01c28",
"status": "affected",
"version": "5b577a90fb3d86447ee86f8e0c6ddbd5da2ef8c9",
"versionType": "git"
},
{
"lessThan": "cdbf51bfa4b0411820806777da36d93d49bc49a1",
"status": "affected",
"version": "5b577a90fb3d86447ee86f8e0c6ddbd5da2ef8c9",
"versionType": "git"
},
{
"lessThan": "c0b4f5d94934c290479180868a32c15ba36a6d9e",
"status": "affected",
"version": "5b577a90fb3d86447ee86f8e0c6ddbd5da2ef8c9",
"versionType": "git"
},
{
"lessThan": "557a6cd847645e667f3b362560bd7e7c09aac284",
"status": "affected",
"version": "5b577a90fb3d86447ee86f8e0c6ddbd5da2ef8c9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/mvm/tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.14"
},
{
"lessThan": "3.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: avoid NULL pointer dereference\n\niwl_mvm_tx_skb_sta() and iwl_mvm_tx_mpdu() verify that the mvmvsta\npointer is not NULL.\nIt retrieves this pointer using iwl_mvm_sta_from_mac80211, which is\ndereferencing the ieee80211_sta pointer.\nIf sta is NULL, iwl_mvm_sta_from_mac80211 will dereference a NULL\npointer.\nFix this by checking the sta pointer before retrieving the mvmsta\nfrom it. If sta is not NULL, then mvmsta isn\u0027t either."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:23.151Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cbc6fc9cfcde151ff5eadaefdc6155f99579384f"
},
{
"url": "https://git.kernel.org/stable/c/6dcadb2ed3b76623ab96e3e7fbeda1a374d01c28"
},
{
"url": "https://git.kernel.org/stable/c/cdbf51bfa4b0411820806777da36d93d49bc49a1"
},
{
"url": "https://git.kernel.org/stable/c/c0b4f5d94934c290479180868a32c15ba36a6d9e"
},
{
"url": "https://git.kernel.org/stable/c/557a6cd847645e667f3b362560bd7e7c09aac284"
}
],
"title": "wifi: iwlwifi: mvm: avoid NULL pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49929",
"datePublished": "2024-10-21T18:01:52.450Z",
"dateReserved": "2024-10-21T12:17:06.039Z",
"dateUpdated": "2025-11-03T20:42:04.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49959 (GCVE-0-2024-49959)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
Summary
In the Linux kernel, the following vulnerability has been resolved:
jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
In __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail()
to recover some journal space. But if an error occurs while executing
jbd2_cleanup_journal_tail() (e.g., an EIO), we don't stop waiting for free
space right away, we try other branches, and if j_committing_transaction
is NULL (i.e., the tid is 0), we will get the following complain:
============================================
JBD2: I/O error when updating journal superblock for sdd-8.
__jbd2_log_wait_for_space: needed 256 blocks and only had 217 space available
__jbd2_log_wait_for_space: no way to get more journal space in sdd-8
------------[ cut here ]------------
WARNING: CPU: 2 PID: 139804 at fs/jbd2/checkpoint.c:109 __jbd2_log_wait_for_space+0x251/0x2e0
Modules linked in:
CPU: 2 PID: 139804 Comm: kworker/u8:3 Not tainted 6.6.0+ #1
RIP: 0010:__jbd2_log_wait_for_space+0x251/0x2e0
Call Trace:
<TASK>
add_transaction_credits+0x5d1/0x5e0
start_this_handle+0x1ef/0x6a0
jbd2__journal_start+0x18b/0x340
ext4_dirty_inode+0x5d/0xb0
__mark_inode_dirty+0xe4/0x5d0
generic_update_time+0x60/0x70
[...]
============================================
So only if jbd2_cleanup_journal_tail() returns 1, i.e., there is nothing to
clean up at the moment, continue to try to reclaim free space in other ways.
Note that this fix relies on commit 6f6a6fda2945 ("jbd2: fix ocfs2 corrupt
when updating journal superblock fails") to make jbd2_cleanup_journal_tail
return the correct error code.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < 801a35dfef6996f3d5eaa96a59caf00440d9165e
(git)
Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < d5dc65370a746750dbb2f03eabcf86b18db65f32 (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < 481e8f18a290e39e04ddb7feb2bb2a2cc3b213ed (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < ec7f8337c98ad281020ad1f11ba492462d80737a (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < 70bae48377a2c4296fd3caf4caf8f11079111019 (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < 1c62dc0d82c62f0dc8fcdc4843208e522acccaf5 (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < 3ced0fe6c0eff032733ea8b38778b34707270138 (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < c6bf043b210eac67d35a114e345c4e5585672913 (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < f5cacdc6f2bb2a9bf214469dd7112b43dd2dd68a (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49959",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:35:21.788104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:47.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:39.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jbd2/checkpoint.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "801a35dfef6996f3d5eaa96a59caf00440d9165e",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "d5dc65370a746750dbb2f03eabcf86b18db65f32",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "481e8f18a290e39e04ddb7feb2bb2a2cc3b213ed",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "ec7f8337c98ad281020ad1f11ba492462d80737a",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "70bae48377a2c4296fd3caf4caf8f11079111019",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "1c62dc0d82c62f0dc8fcdc4843208e522acccaf5",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "3ced0fe6c0eff032733ea8b38778b34707270138",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "c6bf043b210eac67d35a114e345c4e5585672913",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "f5cacdc6f2bb2a9bf214469dd7112b43dd2dd68a",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jbd2/checkpoint.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.28"
},
{
"lessThan": "2.6.28",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error\n\nIn __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail()\nto recover some journal space. But if an error occurs while executing\njbd2_cleanup_journal_tail() (e.g., an EIO), we don\u0027t stop waiting for free\nspace right away, we try other branches, and if j_committing_transaction\nis NULL (i.e., the tid is 0), we will get the following complain:\n\n============================================\nJBD2: I/O error when updating journal superblock for sdd-8.\n__jbd2_log_wait_for_space: needed 256 blocks and only had 217 space available\n__jbd2_log_wait_for_space: no way to get more journal space in sdd-8\n------------[ cut here ]------------\nWARNING: CPU: 2 PID: 139804 at fs/jbd2/checkpoint.c:109 __jbd2_log_wait_for_space+0x251/0x2e0\nModules linked in:\nCPU: 2 PID: 139804 Comm: kworker/u8:3 Not tainted 6.6.0+ #1\nRIP: 0010:__jbd2_log_wait_for_space+0x251/0x2e0\nCall Trace:\n \u003cTASK\u003e\n add_transaction_credits+0x5d1/0x5e0\n start_this_handle+0x1ef/0x6a0\n jbd2__journal_start+0x18b/0x340\n ext4_dirty_inode+0x5d/0xb0\n __mark_inode_dirty+0xe4/0x5d0\n generic_update_time+0x60/0x70\n[...]\n============================================\n\nSo only if jbd2_cleanup_journal_tail() returns 1, i.e., there is nothing to\nclean up at the moment, continue to try to reclaim free space in other ways.\n\nNote that this fix relies on commit 6f6a6fda2945 (\"jbd2: fix ocfs2 corrupt\nwhen updating journal superblock fails\") to make jbd2_cleanup_journal_tail\nreturn the correct error code."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:42:22.577Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/801a35dfef6996f3d5eaa96a59caf00440d9165e"
},
{
"url": "https://git.kernel.org/stable/c/d5dc65370a746750dbb2f03eabcf86b18db65f32"
},
{
"url": "https://git.kernel.org/stable/c/481e8f18a290e39e04ddb7feb2bb2a2cc3b213ed"
},
{
"url": "https://git.kernel.org/stable/c/ec7f8337c98ad281020ad1f11ba492462d80737a"
},
{
"url": "https://git.kernel.org/stable/c/70bae48377a2c4296fd3caf4caf8f11079111019"
},
{
"url": "https://git.kernel.org/stable/c/1c62dc0d82c62f0dc8fcdc4843208e522acccaf5"
},
{
"url": "https://git.kernel.org/stable/c/3ced0fe6c0eff032733ea8b38778b34707270138"
},
{
"url": "https://git.kernel.org/stable/c/c6bf043b210eac67d35a114e345c4e5585672913"
},
{
"url": "https://git.kernel.org/stable/c/f5cacdc6f2bb2a9bf214469dd7112b43dd2dd68a"
}
],
"title": "jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49959",
"datePublished": "2024-10-21T18:02:12.355Z",
"dateReserved": "2024-10-21T12:17:06.049Z",
"dateUpdated": "2025-11-03T22:23:39.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35864 (GCVE-0-2024-35864)
Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2026-01-05 11:37
VLAI?
EPSS
Title
smb: client: fix potential UAF in smb2_is_valid_lease_break()
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in smb2_is_valid_lease_break()
Skip sessions that are being teared down (status == SES_EXITING) to
avoid UAF.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
7f48558e6489d032b1584b0cc9ac4bb11072c034 , < c868cabdf6fdd61bea54532271f4708254e57fc5
(git)
Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < f92739fdd4522c4291277136399353d7c341fae4 (git) Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < a8344e2b69bde63f713b0aa796d70dbeadffddfb (git) Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 705c76fbf726c7a2f6ff9143d4013b18daaaebf1 (git) Affected: a67172a013953664b1dad03c648200c70b90506c (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T18:32:19.453857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:05.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c868cabdf6fdd61bea54532271f4708254e57fc5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f92739fdd4522c4291277136399353d7c341fae4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a8344e2b69bde63f713b0aa796d70dbeadffddfb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/705c76fbf726c7a2f6ff9143d4013b18daaaebf1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/client/smb2misc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c868cabdf6fdd61bea54532271f4708254e57fc5",
"status": "affected",
"version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
"versionType": "git"
},
{
"lessThan": "f92739fdd4522c4291277136399353d7c341fae4",
"status": "affected",
"version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
"versionType": "git"
},
{
"lessThan": "a8344e2b69bde63f713b0aa796d70dbeadffddfb",
"status": "affected",
"version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
"versionType": "git"
},
{
"lessThan": "705c76fbf726c7a2f6ff9143d4013b18daaaebf1",
"status": "affected",
"version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
"versionType": "git"
},
{
"status": "affected",
"version": "a67172a013953664b1dad03c648200c70b90506c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/client/smb2misc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.13"
},
{
"lessThan": "3.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.12.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in smb2_is_valid_lease_break()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T11:37:28.946Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c868cabdf6fdd61bea54532271f4708254e57fc5"
},
{
"url": "https://git.kernel.org/stable/c/f92739fdd4522c4291277136399353d7c341fae4"
},
{
"url": "https://git.kernel.org/stable/c/a8344e2b69bde63f713b0aa796d70dbeadffddfb"
},
{
"url": "https://git.kernel.org/stable/c/705c76fbf726c7a2f6ff9143d4013b18daaaebf1"
}
],
"title": "smb: client: fix potential UAF in smb2_is_valid_lease_break()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35864",
"datePublished": "2024-05-19T08:34:22.936Z",
"dateReserved": "2024-05-17T13:50:33.107Z",
"dateUpdated": "2026-01-05T11:37:28.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36899 (GCVE-0-2024-36899)
Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2025-11-03 20:37
VLAI?
EPSS
Title
gpiolib: cdev: Fix use after free in lineinfo_changed_notify
Summary
In the Linux kernel, the following vulnerability has been resolved:
gpiolib: cdev: Fix use after free in lineinfo_changed_notify
The use-after-free issue occurs as follows: when the GPIO chip device file
is being closed by invoking gpio_chrdev_release(), watched_lines is freed
by bitmap_free(), but the unregistration of lineinfo_changed_nb notifier
chain failed due to waiting write rwsem. Additionally, one of the GPIO
chip's lines is also in the release process and holds the notifier chain's
read rwsem. Consequently, a race condition leads to the use-after-free of
watched_lines.
Here is the typical stack when issue happened:
[free]
gpio_chrdev_release()
--> bitmap_free(cdev->watched_lines) <-- freed
--> blocking_notifier_chain_unregister()
--> down_write(&nh->rwsem) <-- waiting rwsem
--> __down_write_common()
--> rwsem_down_write_slowpath()
--> schedule_preempt_disabled()
--> schedule()
[use]
st54spi_gpio_dev_release()
--> gpio_free()
--> gpiod_free()
--> gpiod_free_commit()
--> gpiod_line_state_notify()
--> blocking_notifier_call_chain()
--> down_read(&nh->rwsem); <-- held rwsem
--> notifier_call_chain()
--> lineinfo_changed_notify()
--> test_bit(xxxx, cdev->watched_lines) <-- use after free
The side effect of the use-after-free issue is that a GPIO line event is
being generated for userspace where it shouldn't. However, since the chrdev
is being closed, userspace won't have the chance to read that event anyway.
To fix the issue, call the bitmap_free() function after the unregistration
of lineinfo_changed_nb notifier chain.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
51c1064e82e77b39a49889287ca50709303e2f26 , < 2dfbb920a89bdc58087672ad5325dc6c588b6860
(git)
Affected: 51c1064e82e77b39a49889287ca50709303e2f26 , < 2d008d4961b039d2edce8976289773961b7e5fb5 (git) Affected: 51c1064e82e77b39a49889287ca50709303e2f26 , < d38c49f7bdf14381270736299e2ff68ec248a017 (git) Affected: 51c1064e82e77b39a49889287ca50709303e2f26 , < 95ca7c90eaf5ea8a8460536535101e3e81160e2a (git) Affected: 51c1064e82e77b39a49889287ca50709303e2f26 , < ca710b5f40b8b16fdcad50bebd47f50e4c62d239 (git) Affected: 51c1064e82e77b39a49889287ca50709303e2f26 , < 02f6b0e1ec7e0e7d059dddc893645816552039da (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T18:48:31.477532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:48:41.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:37:56.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/95ca7c90eaf5ea8a8460536535101e3e81160e2a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca710b5f40b8b16fdcad50bebd47f50e4c62d239"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/02f6b0e1ec7e0e7d059dddc893645816552039da"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpiolib-cdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2dfbb920a89bdc58087672ad5325dc6c588b6860",
"status": "affected",
"version": "51c1064e82e77b39a49889287ca50709303e2f26",
"versionType": "git"
},
{
"lessThan": "2d008d4961b039d2edce8976289773961b7e5fb5",
"status": "affected",
"version": "51c1064e82e77b39a49889287ca50709303e2f26",
"versionType": "git"
},
{
"lessThan": "d38c49f7bdf14381270736299e2ff68ec248a017",
"status": "affected",
"version": "51c1064e82e77b39a49889287ca50709303e2f26",
"versionType": "git"
},
{
"lessThan": "95ca7c90eaf5ea8a8460536535101e3e81160e2a",
"status": "affected",
"version": "51c1064e82e77b39a49889287ca50709303e2f26",
"versionType": "git"
},
{
"lessThan": "ca710b5f40b8b16fdcad50bebd47f50e4c62d239",
"status": "affected",
"version": "51c1064e82e77b39a49889287ca50709303e2f26",
"versionType": "git"
},
{
"lessThan": "02f6b0e1ec7e0e7d059dddc893645816552039da",
"status": "affected",
"version": "51c1064e82e77b39a49889287ca50709303e2f26",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpiolib-cdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.234",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.177",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.127",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.234",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.177",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.127",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: cdev: Fix use after free in lineinfo_changed_notify\n\nThe use-after-free issue occurs as follows: when the GPIO chip device file\nis being closed by invoking gpio_chrdev_release(), watched_lines is freed\nby bitmap_free(), but the unregistration of lineinfo_changed_nb notifier\nchain failed due to waiting write rwsem. Additionally, one of the GPIO\nchip\u0027s lines is also in the release process and holds the notifier chain\u0027s\nread rwsem. Consequently, a race condition leads to the use-after-free of\nwatched_lines.\n\nHere is the typical stack when issue happened:\n\n[free]\ngpio_chrdev_release()\n --\u003e bitmap_free(cdev-\u003ewatched_lines) \u003c-- freed\n --\u003e blocking_notifier_chain_unregister()\n --\u003e down_write(\u0026nh-\u003erwsem) \u003c-- waiting rwsem\n --\u003e __down_write_common()\n --\u003e rwsem_down_write_slowpath()\n --\u003e schedule_preempt_disabled()\n --\u003e schedule()\n\n[use]\nst54spi_gpio_dev_release()\n --\u003e gpio_free()\n --\u003e gpiod_free()\n --\u003e gpiod_free_commit()\n --\u003e gpiod_line_state_notify()\n --\u003e blocking_notifier_call_chain()\n --\u003e down_read(\u0026nh-\u003erwsem); \u003c-- held rwsem\n --\u003e notifier_call_chain()\n --\u003e lineinfo_changed_notify()\n --\u003e test_bit(xxxx, cdev-\u003ewatched_lines) \u003c-- use after free\n\nThe side effect of the use-after-free issue is that a GPIO line event is\nbeing generated for userspace where it shouldn\u0027t. However, since the chrdev\nis being closed, userspace won\u0027t have the chance to read that event anyway.\n\nTo fix the issue, call the bitmap_free() function after the unregistration\nof lineinfo_changed_nb notifier chain."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:11:39.914Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2dfbb920a89bdc58087672ad5325dc6c588b6860"
},
{
"url": "https://git.kernel.org/stable/c/2d008d4961b039d2edce8976289773961b7e5fb5"
},
{
"url": "https://git.kernel.org/stable/c/d38c49f7bdf14381270736299e2ff68ec248a017"
},
{
"url": "https://git.kernel.org/stable/c/95ca7c90eaf5ea8a8460536535101e3e81160e2a"
},
{
"url": "https://git.kernel.org/stable/c/ca710b5f40b8b16fdcad50bebd47f50e4c62d239"
},
{
"url": "https://git.kernel.org/stable/c/02f6b0e1ec7e0e7d059dddc893645816552039da"
}
],
"title": "gpiolib: cdev: Fix use after free in lineinfo_changed_notify",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36899",
"datePublished": "2024-05-30T15:29:02.591Z",
"dateReserved": "2024-05-30T15:25:07.066Z",
"dateUpdated": "2025-11-03T20:37:56.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52919 (GCVE-0-2023-52919)
Vulnerability from cvelistv5 – Published: 2024-10-22 07:37 – Updated: 2025-05-04 07:45
VLAI?
EPSS
Title
nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
Handle memory allocation failure from nci_skb_alloc() (calling
alloc_skb()) to avoid possible NULL pointer dereference.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
391d8a2da787257aeaf952c974405b53926e3fb3 , < 2b2edf089df3a69f0072c6e71563394c5a94e62e
(git)
Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < 5622592f8f74ae3e594379af02e64ea84772d0dd (git) Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < 76050b0cc5a72e0c7493287b7e18e1cb9e3c4612 (git) Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < c95fa5b20fe03609e0894656fa43c18045b5097e (git) Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < ffdc881f68073ff86bf21afb9bb954812e8278be (git) Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < d7dbdbe3800a908eecd4975c31be47dd45e2104a (git) Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < bb6cacc439ddd2cd51227ab193f4f91cfc7f014f (git) Affected: 391d8a2da787257aeaf952c974405b53926e3fb3 , < 7937609cd387246aed994e81aa4fa951358fba41 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:10:43.843732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:35.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/spi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2b2edf089df3a69f0072c6e71563394c5a94e62e",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "5622592f8f74ae3e594379af02e64ea84772d0dd",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "76050b0cc5a72e0c7493287b7e18e1cb9e3c4612",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "c95fa5b20fe03609e0894656fa43c18045b5097e",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "ffdc881f68073ff86bf21afb9bb954812e8278be",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "d7dbdbe3800a908eecd4975c31be47dd45e2104a",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "bb6cacc439ddd2cd51227ab193f4f91cfc7f014f",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "7937609cd387246aed994e81aa4fa951358fba41",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/spi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.11"
},
{
"lessThan": "3.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.328",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.297",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.259",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.137",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.328",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.297",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.259",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.199",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.137",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.60",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.9",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "3.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: fix possible NULL pointer dereference in send_acknowledge()\n\nHandle memory allocation failure from nci_skb_alloc() (calling\nalloc_skb()) to avoid possible NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:59.898Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2b2edf089df3a69f0072c6e71563394c5a94e62e"
},
{
"url": "https://git.kernel.org/stable/c/5622592f8f74ae3e594379af02e64ea84772d0dd"
},
{
"url": "https://git.kernel.org/stable/c/76050b0cc5a72e0c7493287b7e18e1cb9e3c4612"
},
{
"url": "https://git.kernel.org/stable/c/c95fa5b20fe03609e0894656fa43c18045b5097e"
},
{
"url": "https://git.kernel.org/stable/c/ffdc881f68073ff86bf21afb9bb954812e8278be"
},
{
"url": "https://git.kernel.org/stable/c/d7dbdbe3800a908eecd4975c31be47dd45e2104a"
},
{
"url": "https://git.kernel.org/stable/c/bb6cacc439ddd2cd51227ab193f4f91cfc7f014f"
},
{
"url": "https://git.kernel.org/stable/c/7937609cd387246aed994e81aa4fa951358fba41"
}
],
"title": "nfc: nci: fix possible NULL pointer dereference in send_acknowledge()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52919",
"datePublished": "2024-10-22T07:37:28.091Z",
"dateReserved": "2024-08-21T06:07:11.017Z",
"dateUpdated": "2025-05-04T07:45:59.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49936 (GCVE-0-2024-49936)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
net/xen-netback: prevent UAF in xenvif_flush_hash()
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/xen-netback: prevent UAF in xenvif_flush_hash()
During the list_for_each_entry_rcu iteration call of xenvif_flush_hash,
kfree_rcu does not exist inside the rcu read critical section, so if
kfree_rcu is called when the rcu grace period ends during the iteration,
UAF occurs when accessing head->next after the entry becomes free.
Therefore, to solve this, you need to change it to list_for_each_entry_safe.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
40d8abdee806d496a60ee607a6d01b1cd7fabaf0 , < 3c4423b0c4b98213b3438e15061e1d08220e6982
(git)
Affected: 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 , < a7f0073fcd12ed7de185ef2c0af9d0fa1ddef22c (git) Affected: 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 , < a0465723b8581cad27164c9073fd780904cd22d4 (git) Affected: 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 , < efcff6ce7467f01f0753609f420333f3f2ceceda (git) Affected: 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 , < 143edf098b80669d05245b2f2367dd156a83a2c5 (git) Affected: 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 , < d408889d4b54f5501e4becc4dbbb9065143fbf4e (git) Affected: 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 , < 54d8639af5568fc41c0e274fc3ec9cf86c59fcbb (git) Affected: 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 , < 0fa5e94a1811d68fbffa0725efe6d4ca62c03d12 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:38:23.774447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:51.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:20.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/xen-netback/hash.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3c4423b0c4b98213b3438e15061e1d08220e6982",
"status": "affected",
"version": "40d8abdee806d496a60ee607a6d01b1cd7fabaf0",
"versionType": "git"
},
{
"lessThan": "a7f0073fcd12ed7de185ef2c0af9d0fa1ddef22c",
"status": "affected",
"version": "40d8abdee806d496a60ee607a6d01b1cd7fabaf0",
"versionType": "git"
},
{
"lessThan": "a0465723b8581cad27164c9073fd780904cd22d4",
"status": "affected",
"version": "40d8abdee806d496a60ee607a6d01b1cd7fabaf0",
"versionType": "git"
},
{
"lessThan": "efcff6ce7467f01f0753609f420333f3f2ceceda",
"status": "affected",
"version": "40d8abdee806d496a60ee607a6d01b1cd7fabaf0",
"versionType": "git"
},
{
"lessThan": "143edf098b80669d05245b2f2367dd156a83a2c5",
"status": "affected",
"version": "40d8abdee806d496a60ee607a6d01b1cd7fabaf0",
"versionType": "git"
},
{
"lessThan": "d408889d4b54f5501e4becc4dbbb9065143fbf4e",
"status": "affected",
"version": "40d8abdee806d496a60ee607a6d01b1cd7fabaf0",
"versionType": "git"
},
{
"lessThan": "54d8639af5568fc41c0e274fc3ec9cf86c59fcbb",
"status": "affected",
"version": "40d8abdee806d496a60ee607a6d01b1cd7fabaf0",
"versionType": "git"
},
{
"lessThan": "0fa5e94a1811d68fbffa0725efe6d4ca62c03d12",
"status": "affected",
"version": "40d8abdee806d496a60ee607a6d01b1cd7fabaf0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/xen-netback/hash.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.290",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.290",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/xen-netback: prevent UAF in xenvif_flush_hash()\n\nDuring the list_for_each_entry_rcu iteration call of xenvif_flush_hash,\nkfree_rcu does not exist inside the rcu read critical section, so if\nkfree_rcu is called when the rcu grace period ends during the iteration,\nUAF occurs when accessing head-\u003enext after the entry becomes free.\n\nTherefore, to solve this, you need to change it to list_for_each_entry_safe."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T13:06:41.224Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3c4423b0c4b98213b3438e15061e1d08220e6982"
},
{
"url": "https://git.kernel.org/stable/c/a7f0073fcd12ed7de185ef2c0af9d0fa1ddef22c"
},
{
"url": "https://git.kernel.org/stable/c/a0465723b8581cad27164c9073fd780904cd22d4"
},
{
"url": "https://git.kernel.org/stable/c/efcff6ce7467f01f0753609f420333f3f2ceceda"
},
{
"url": "https://git.kernel.org/stable/c/143edf098b80669d05245b2f2367dd156a83a2c5"
},
{
"url": "https://git.kernel.org/stable/c/d408889d4b54f5501e4becc4dbbb9065143fbf4e"
},
{
"url": "https://git.kernel.org/stable/c/54d8639af5568fc41c0e274fc3ec9cf86c59fcbb"
},
{
"url": "https://git.kernel.org/stable/c/0fa5e94a1811d68fbffa0725efe6d4ca62c03d12"
}
],
"title": "net/xen-netback: prevent UAF in xenvif_flush_hash()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49936",
"datePublished": "2024-10-21T18:01:57.066Z",
"dateReserved": "2024-10-21T12:17:06.042Z",
"dateUpdated": "2025-11-03T22:23:20.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49029 (GCVE-0-2022-49029)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
Summary
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
Smatch report warning as follows:
drivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn:
'&data->list' not removed from list
If ibmpex_find_sensors() fails in ibmpex_register_bmc(), data will
be freed, but data->list will not be removed from driver_data.bmc_data,
then list traversal may cause UAF.
Fix by removeing it from driver_data.bmc_data before free().
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab , < f2a13196ad41c6c2ab058279dffe6c97292e753a
(git)
Affected: 57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab , < 798198273bf86673b970b51acdb35e57f42b3fcb (git) Affected: 57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab , < 24b9633f7db7f4809be7053df1d2e117e7c2de10 (git) Affected: 57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab , < 7b2b67fe1339389e0bf3c37c7a677a004ac0e4e3 (git) Affected: 57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab , < 90907cd4d11351ff76c9a447bcb5db0e264c47cd (git) Affected: 57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab , < 45f6e81863747c0d7bc6a95ec51129900e71467a (git) Affected: 57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab , < e65cfd1f9cd27d9c27ee5cb88128a9f79f25d863 (git) Affected: 57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab , < e2a87785aab0dac190ac89be6a9ba955e2c634f2 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:11:29.003244Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:36.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hwmon/ibmpex.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f2a13196ad41c6c2ab058279dffe6c97292e753a",
"status": "affected",
"version": "57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab",
"versionType": "git"
},
{
"lessThan": "798198273bf86673b970b51acdb35e57f42b3fcb",
"status": "affected",
"version": "57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab",
"versionType": "git"
},
{
"lessThan": "24b9633f7db7f4809be7053df1d2e117e7c2de10",
"status": "affected",
"version": "57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab",
"versionType": "git"
},
{
"lessThan": "7b2b67fe1339389e0bf3c37c7a677a004ac0e4e3",
"status": "affected",
"version": "57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab",
"versionType": "git"
},
{
"lessThan": "90907cd4d11351ff76c9a447bcb5db0e264c47cd",
"status": "affected",
"version": "57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab",
"versionType": "git"
},
{
"lessThan": "45f6e81863747c0d7bc6a95ec51129900e71467a",
"status": "affected",
"version": "57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab",
"versionType": "git"
},
{
"lessThan": "e65cfd1f9cd27d9c27ee5cb88128a9f79f25d863",
"status": "affected",
"version": "57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab",
"versionType": "git"
},
{
"lessThan": "e2a87785aab0dac190ac89be6a9ba955e2c634f2",
"status": "affected",
"version": "57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hwmon/ibmpex.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.24"
},
{
"lessThan": "2.6.24",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.335",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.301",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.335",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.301",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.268",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "2.6.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails\n\nSmatch report warning as follows:\n\ndrivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn:\n \u0027\u0026data-\u003elist\u0027 not removed from list\n\nIf ibmpex_find_sensors() fails in ibmpex_register_bmc(), data will\nbe freed, but data-\u003elist will not be removed from driver_data.bmc_data,\nthen list traversal may cause UAF.\n\nFix by removeing it from driver_data.bmc_data before free()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:24.683Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f2a13196ad41c6c2ab058279dffe6c97292e753a"
},
{
"url": "https://git.kernel.org/stable/c/798198273bf86673b970b51acdb35e57f42b3fcb"
},
{
"url": "https://git.kernel.org/stable/c/24b9633f7db7f4809be7053df1d2e117e7c2de10"
},
{
"url": "https://git.kernel.org/stable/c/7b2b67fe1339389e0bf3c37c7a677a004ac0e4e3"
},
{
"url": "https://git.kernel.org/stable/c/90907cd4d11351ff76c9a447bcb5db0e264c47cd"
},
{
"url": "https://git.kernel.org/stable/c/45f6e81863747c0d7bc6a95ec51129900e71467a"
},
{
"url": "https://git.kernel.org/stable/c/e65cfd1f9cd27d9c27ee5cb88128a9f79f25d863"
},
{
"url": "https://git.kernel.org/stable/c/e2a87785aab0dac190ac89be6a9ba955e2c634f2"
}
],
"title": "hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49029",
"datePublished": "2024-10-21T20:06:33.918Z",
"dateReserved": "2024-08-22T01:27:53.651Z",
"dateUpdated": "2025-05-04T08:28:24.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48978 (GCVE-0-2022-48978)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
HID: core: fix shift-out-of-bounds in hid_report_raw_event
Summary
In the Linux kernel, the following vulnerability has been resolved:
HID: core: fix shift-out-of-bounds in hid_report_raw_event
Syzbot reported shift-out-of-bounds in hid_report_raw_event.
microsoft 0003:045E:07DA.0001: hid_field_extract() called with n (128) >
32! (swapper/0)
======================================================================
UBSAN: shift-out-of-bounds in drivers/hid/hid-core.c:1323:20
shift exponent 127 is too large for 32-bit type 'int'
CPU: 0 PID: 0 Comm: swapper/0 Not tainted
6.1.0-rc4-syzkaller-00159-g4bbf3422df78 #0
Hardware name: Google Compute Engine/Google Compute Engine, BIOS
Google 10/26/2022
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
ubsan_epilogue lib/ubsan.c:151 [inline]
__ubsan_handle_shift_out_of_bounds+0x3a6/0x420 lib/ubsan.c:322
snto32 drivers/hid/hid-core.c:1323 [inline]
hid_input_fetch_field drivers/hid/hid-core.c:1572 [inline]
hid_process_report drivers/hid/hid-core.c:1665 [inline]
hid_report_raw_event+0xd56/0x18b0 drivers/hid/hid-core.c:1998
hid_input_report+0x408/0x4f0 drivers/hid/hid-core.c:2066
hid_irq_in+0x459/0x690 drivers/hid/usbhid/hid-core.c:284
__usb_hcd_giveback_urb+0x369/0x530 drivers/usb/core/hcd.c:1671
dummy_timer+0x86b/0x3110 drivers/usb/gadget/udc/dummy_hcd.c:1988
call_timer_fn+0xf5/0x210 kernel/time/timer.c:1474
expire_timers kernel/time/timer.c:1519 [inline]
__run_timers+0x76a/0x980 kernel/time/timer.c:1790
run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1803
__do_softirq+0x277/0x75b kernel/softirq.c:571
__irq_exit_rcu+0xec/0x170 kernel/softirq.c:650
irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1107
======================================================================
If the size of the integer (unsigned n) is bigger than 32 in snto32(),
shift exponent will be too large for 32-bit type 'int', resulting in a
shift-out-of-bounds bug.
Fix this by adding a check on the size of the integer (unsigned n) in
snto32(). To add support for n greater than 32 bits, set n to 32, if n
is greater than 32.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
dde5845a529ff753364a6d1aea61180946270bfa , < 151493fe5a6ed1a88decc929a7368a3f2a246914
(git)
Affected: dde5845a529ff753364a6d1aea61180946270bfa , < 809783f8b4b600c7fb3bccb10fefef822601ea3b (git) Affected: dde5845a529ff753364a6d1aea61180946270bfa , < 8e14f20e12224ee2429f75a5c9418a700e26a8d3 (git) Affected: dde5845a529ff753364a6d1aea61180946270bfa , < db1ed1b3fb4ec0d19080a102956255769bc45c79 (git) Affected: dde5845a529ff753364a6d1aea61180946270bfa , < bc03f809da78fc79e4aee132d4e5c6a2b3aeec73 (git) Affected: dde5845a529ff753364a6d1aea61180946270bfa , < f755d11c55b29049b77da5cd9ab2faae96eb33c3 (git) Affected: dde5845a529ff753364a6d1aea61180946270bfa , < 2b3b4d7aadaa1b6b58d0f34823bf86cfe8a31b4d (git) Affected: dde5845a529ff753364a6d1aea61180946270bfa , < ec61b41918587be530398b0d1c9a0d16619397e5 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:18:13.670064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:44.244Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hid/hid-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "151493fe5a6ed1a88decc929a7368a3f2a246914",
"status": "affected",
"version": "dde5845a529ff753364a6d1aea61180946270bfa",
"versionType": "git"
},
{
"lessThan": "809783f8b4b600c7fb3bccb10fefef822601ea3b",
"status": "affected",
"version": "dde5845a529ff753364a6d1aea61180946270bfa",
"versionType": "git"
},
{
"lessThan": "8e14f20e12224ee2429f75a5c9418a700e26a8d3",
"status": "affected",
"version": "dde5845a529ff753364a6d1aea61180946270bfa",
"versionType": "git"
},
{
"lessThan": "db1ed1b3fb4ec0d19080a102956255769bc45c79",
"status": "affected",
"version": "dde5845a529ff753364a6d1aea61180946270bfa",
"versionType": "git"
},
{
"lessThan": "bc03f809da78fc79e4aee132d4e5c6a2b3aeec73",
"status": "affected",
"version": "dde5845a529ff753364a6d1aea61180946270bfa",
"versionType": "git"
},
{
"lessThan": "f755d11c55b29049b77da5cd9ab2faae96eb33c3",
"status": "affected",
"version": "dde5845a529ff753364a6d1aea61180946270bfa",
"versionType": "git"
},
{
"lessThan": "2b3b4d7aadaa1b6b58d0f34823bf86cfe8a31b4d",
"status": "affected",
"version": "dde5845a529ff753364a6d1aea61180946270bfa",
"versionType": "git"
},
{
"lessThan": "ec61b41918587be530398b0d1c9a0d16619397e5",
"status": "affected",
"version": "dde5845a529ff753364a6d1aea61180946270bfa",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hid/hid-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.20"
},
{
"lessThan": "2.6.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.336",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.336",
"versionStartIncluding": "2.6.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.302",
"versionStartIncluding": "2.6.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.269",
"versionStartIncluding": "2.6.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "2.6.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "2.6.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "2.6.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "2.6.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "2.6.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: fix shift-out-of-bounds in hid_report_raw_event\n\nSyzbot reported shift-out-of-bounds in hid_report_raw_event.\n\nmicrosoft 0003:045E:07DA.0001: hid_field_extract() called with n (128) \u003e\n32! (swapper/0)\n======================================================================\nUBSAN: shift-out-of-bounds in drivers/hid/hid-core.c:1323:20\nshift exponent 127 is too large for 32-bit type \u0027int\u0027\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted\n6.1.0-rc4-syzkaller-00159-g4bbf3422df78 #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS\nGoogle 10/26/2022\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:151 [inline]\n __ubsan_handle_shift_out_of_bounds+0x3a6/0x420 lib/ubsan.c:322\n snto32 drivers/hid/hid-core.c:1323 [inline]\n hid_input_fetch_field drivers/hid/hid-core.c:1572 [inline]\n hid_process_report drivers/hid/hid-core.c:1665 [inline]\n hid_report_raw_event+0xd56/0x18b0 drivers/hid/hid-core.c:1998\n hid_input_report+0x408/0x4f0 drivers/hid/hid-core.c:2066\n hid_irq_in+0x459/0x690 drivers/hid/usbhid/hid-core.c:284\n __usb_hcd_giveback_urb+0x369/0x530 drivers/usb/core/hcd.c:1671\n dummy_timer+0x86b/0x3110 drivers/usb/gadget/udc/dummy_hcd.c:1988\n call_timer_fn+0xf5/0x210 kernel/time/timer.c:1474\n expire_timers kernel/time/timer.c:1519 [inline]\n __run_timers+0x76a/0x980 kernel/time/timer.c:1790\n run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1803\n __do_softirq+0x277/0x75b kernel/softirq.c:571\n __irq_exit_rcu+0xec/0x170 kernel/softirq.c:650\n irq_exit_rcu+0x5/0x20 kernel/softirq.c:662\n sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1107\n======================================================================\n\nIf the size of the integer (unsigned n) is bigger than 32 in snto32(),\nshift exponent will be too large for 32-bit type \u0027int\u0027, resulting in a\nshift-out-of-bounds bug.\nFix this by adding a check on the size of the integer (unsigned n) in\nsnto32(). To add support for n greater than 32 bits, set n to 32, if n\nis greater than 32."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:18.594Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/151493fe5a6ed1a88decc929a7368a3f2a246914"
},
{
"url": "https://git.kernel.org/stable/c/809783f8b4b600c7fb3bccb10fefef822601ea3b"
},
{
"url": "https://git.kernel.org/stable/c/8e14f20e12224ee2429f75a5c9418a700e26a8d3"
},
{
"url": "https://git.kernel.org/stable/c/db1ed1b3fb4ec0d19080a102956255769bc45c79"
},
{
"url": "https://git.kernel.org/stable/c/bc03f809da78fc79e4aee132d4e5c6a2b3aeec73"
},
{
"url": "https://git.kernel.org/stable/c/f755d11c55b29049b77da5cd9ab2faae96eb33c3"
},
{
"url": "https://git.kernel.org/stable/c/2b3b4d7aadaa1b6b58d0f34823bf86cfe8a31b4d"
},
{
"url": "https://git.kernel.org/stable/c/ec61b41918587be530398b0d1c9a0d16619397e5"
}
],
"title": "HID: core: fix shift-out-of-bounds in hid_report_raw_event",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48978",
"datePublished": "2024-10-21T20:05:57.079Z",
"dateReserved": "2024-08-22T01:27:53.632Z",
"dateUpdated": "2025-05-04T08:27:18.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46840 (GCVE-0-2024-46840)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:39 – Updated: 2026-01-05 10:53
VLAI?
EPSS
Title
btrfs: clean up our handling of refs == 0 in snapshot delete
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: clean up our handling of refs == 0 in snapshot delete
In reada we BUG_ON(refs == 0), which could be unkind since we aren't
holding a lock on the extent leaf and thus could get a transient
incorrect answer. In walk_down_proc we also BUG_ON(refs == 0), which
could happen if we have extent tree corruption. Change that to return
-EUCLEAN. In do_walk_down() we catch this case and handle it correctly,
however we return -EIO, which -EUCLEAN is a more appropriate error code.
Finally in walk_up_proc we have the same BUG_ON(refs == 0), so convert
that to proper error handling. Also adjust the error message so we can
actually do something with the information.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
2c47e605a91dde6b0514f689645e7ab336c8592a , < c847b28a799733b04574060ab9d00f215970627d
(git)
Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 71291aa7246645ef622621934d2067400380645e (git) Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < c60676b81fab456b672796830f6d8057058f029c (git) Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 728d4d045b628e006b48a448f3326a7194c88d32 (git) Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 9cc887ac24b7a0598f4042ae9af6b9a33072f75b (git) Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 7d1df13bf078ffebfedd361d714ff6cee1ff01b9 (git) Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 03804641ec2d0da4fa088ad21c88e703d151ce16 (git) Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < b8ccef048354074a548f108e51d0557d6adfd3a3 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46840",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T13:59:36.735049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T13:59:41.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:19:28.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/extent-tree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c847b28a799733b04574060ab9d00f215970627d",
"status": "affected",
"version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
"versionType": "git"
},
{
"lessThan": "71291aa7246645ef622621934d2067400380645e",
"status": "affected",
"version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
"versionType": "git"
},
{
"lessThan": "c60676b81fab456b672796830f6d8057058f029c",
"status": "affected",
"version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
"versionType": "git"
},
{
"lessThan": "728d4d045b628e006b48a448f3326a7194c88d32",
"status": "affected",
"version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
"versionType": "git"
},
{
"lessThan": "9cc887ac24b7a0598f4042ae9af6b9a33072f75b",
"status": "affected",
"version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
"versionType": "git"
},
{
"lessThan": "7d1df13bf078ffebfedd361d714ff6cee1ff01b9",
"status": "affected",
"version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
"versionType": "git"
},
{
"lessThan": "03804641ec2d0da4fa088ad21c88e703d151ce16",
"status": "affected",
"version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
"versionType": "git"
},
{
"lessThan": "b8ccef048354074a548f108e51d0557d6adfd3a3",
"status": "affected",
"version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/extent-tree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.31"
},
{
"lessThan": "2.6.31",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.322",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.322",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.110",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: clean up our handling of refs == 0 in snapshot delete\n\nIn reada we BUG_ON(refs == 0), which could be unkind since we aren\u0027t\nholding a lock on the extent leaf and thus could get a transient\nincorrect answer. In walk_down_proc we also BUG_ON(refs == 0), which\ncould happen if we have extent tree corruption. Change that to return\n-EUCLEAN. In do_walk_down() we catch this case and handle it correctly,\nhowever we return -EIO, which -EUCLEAN is a more appropriate error code.\nFinally in walk_up_proc we have the same BUG_ON(refs == 0), so convert\nthat to proper error handling. Also adjust the error message so we can\nactually do something with the information."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:53:35.228Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c847b28a799733b04574060ab9d00f215970627d"
},
{
"url": "https://git.kernel.org/stable/c/71291aa7246645ef622621934d2067400380645e"
},
{
"url": "https://git.kernel.org/stable/c/c60676b81fab456b672796830f6d8057058f029c"
},
{
"url": "https://git.kernel.org/stable/c/728d4d045b628e006b48a448f3326a7194c88d32"
},
{
"url": "https://git.kernel.org/stable/c/9cc887ac24b7a0598f4042ae9af6b9a33072f75b"
},
{
"url": "https://git.kernel.org/stable/c/7d1df13bf078ffebfedd361d714ff6cee1ff01b9"
},
{
"url": "https://git.kernel.org/stable/c/03804641ec2d0da4fa088ad21c88e703d151ce16"
},
{
"url": "https://git.kernel.org/stable/c/b8ccef048354074a548f108e51d0557d6adfd3a3"
}
],
"title": "btrfs: clean up our handling of refs == 0 in snapshot delete",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46840",
"datePublished": "2024-09-27T12:39:34.998Z",
"dateReserved": "2024-09-11T15:12:18.288Z",
"dateUpdated": "2026-01-05T10:53:35.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49969 (GCVE-0-2024-49969)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
drm/amd/display: Fix index out of bounds in DCN30 color transformation
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix index out of bounds in DCN30 color transformation
This commit addresses a potential index out of bounds issue in the
`cm3_helper_translate_curve_to_hw_format` function in the DCN30 color
management module. The issue could occur when the index 'i' exceeds the
number of transfer function points (TRANSFER_FUNC_POINTS).
The fix adds a check to ensure 'i' is within bounds before accessing the
transfer function points. If 'i' is out of bounds, the function returns
false to indicate an error.
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:180 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:181 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:182 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < 7ab69af56a23859b647dee69fa1052c689343621
(git)
Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < c13f9c62015c56a938304cef6d507227ea3e0039 (git) Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < 0f1e222a4b41d77c442901d166fbdca967af0d86 (git) Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < 929506d5671419cffd8d01e9a7f5eae53682a838 (git) Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < 578422ddae3d13362b64e77ef9bab98780641631 (git) Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < b9d8b94ec7e67f0cae228c054f77b73967c389a3 (git) Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < d81873f9e715b72d4f8d391c8eb243946f784dfc (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:34:03.408240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:46.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:51.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7ab69af56a23859b647dee69fa1052c689343621",
"status": "affected",
"version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
"versionType": "git"
},
{
"lessThan": "c13f9c62015c56a938304cef6d507227ea3e0039",
"status": "affected",
"version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
"versionType": "git"
},
{
"lessThan": "0f1e222a4b41d77c442901d166fbdca967af0d86",
"status": "affected",
"version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
"versionType": "git"
},
{
"lessThan": "929506d5671419cffd8d01e9a7f5eae53682a838",
"status": "affected",
"version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
"versionType": "git"
},
{
"lessThan": "578422ddae3d13362b64e77ef9bab98780641631",
"status": "affected",
"version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
"versionType": "git"
},
{
"lessThan": "b9d8b94ec7e67f0cae228c054f77b73967c389a3",
"status": "affected",
"version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
"versionType": "git"
},
{
"lessThan": "d81873f9e715b72d4f8d391c8eb243946f784dfc",
"status": "affected",
"version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in DCN30 color transformation\n\nThis commit addresses a potential index out of bounds issue in the\n`cm3_helper_translate_curve_to_hw_format` function in the DCN30 color\nmanagement module. The issue could occur when the index \u0027i\u0027 exceeds the\nnumber of transfer function points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\ntransfer function points. If \u0027i\u0027 is out of bounds, the function returns\nfalse to indicate an error.\n\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:180 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:181 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:182 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:32.855Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7ab69af56a23859b647dee69fa1052c689343621"
},
{
"url": "https://git.kernel.org/stable/c/c13f9c62015c56a938304cef6d507227ea3e0039"
},
{
"url": "https://git.kernel.org/stable/c/0f1e222a4b41d77c442901d166fbdca967af0d86"
},
{
"url": "https://git.kernel.org/stable/c/929506d5671419cffd8d01e9a7f5eae53682a838"
},
{
"url": "https://git.kernel.org/stable/c/578422ddae3d13362b64e77ef9bab98780641631"
},
{
"url": "https://git.kernel.org/stable/c/b9d8b94ec7e67f0cae228c054f77b73967c389a3"
},
{
"url": "https://git.kernel.org/stable/c/d81873f9e715b72d4f8d391c8eb243946f784dfc"
}
],
"title": "drm/amd/display: Fix index out of bounds in DCN30 color transformation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49969",
"datePublished": "2024-10-21T18:02:19.044Z",
"dateReserved": "2024-10-21T12:17:06.051Z",
"dateUpdated": "2025-11-03T22:23:51.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47697 (GCVE-0-2024-47697)
Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
Summary
In the Linux kernel, the following vulnerability has been resolved:
drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
Ensure index in rtl2830_pid_filter does not exceed 31 to prevent
out-of-bounds access.
dev->filters is a 32-bit value, so set_bit and clear_bit functions should
only operate on indices from 0 to 31. If index is 32, it will attempt to
access a non-existent 33rd bit, leading to out-of-bounds access.
Change the boundary check from index > 32 to index >= 32 to resolve this
issue.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
df70ddad81b47c57bcccffc805fbd75f2f1b2dc6 , < 8ffbe7d07b8e76193b151107878ddc1ccc94deb5
(git)
Affected: df70ddad81b47c57bcccffc805fbd75f2f1b2dc6 , < 883f794c6e498ae24680aead55c16f66b06cfc30 (git) Affected: df70ddad81b47c57bcccffc805fbd75f2f1b2dc6 , < badbd736e6649c4e6d7b4ff7e2b9857acfa9ea94 (git) Affected: df70ddad81b47c57bcccffc805fbd75f2f1b2dc6 , < 86d920d2600c3a48efc2775c1666c1017eec6956 (git) Affected: df70ddad81b47c57bcccffc805fbd75f2f1b2dc6 , < 3dba83d3c81de1368d15a39f22df7b53e306052f (git) Affected: df70ddad81b47c57bcccffc805fbd75f2f1b2dc6 , < 58f31be7dfbc0c84a6497ad51924949cf64b86a2 (git) Affected: df70ddad81b47c57bcccffc805fbd75f2f1b2dc6 , < 7fd6aae7e53b94f4035b1bfce28b8dfa0d0ae470 (git) Affected: df70ddad81b47c57bcccffc805fbd75f2f1b2dc6 , < 042b101d7bf70616c4967c286ffa6fcca65babfb (git) Affected: df70ddad81b47c57bcccffc805fbd75f2f1b2dc6 , < 46d7ebfe6a75a454a5fa28604f0ef1491f9d8d14 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47697",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:05:04.931797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:14:14.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:02.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-frontends/rtl2830.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8ffbe7d07b8e76193b151107878ddc1ccc94deb5",
"status": "affected",
"version": "df70ddad81b47c57bcccffc805fbd75f2f1b2dc6",
"versionType": "git"
},
{
"lessThan": "883f794c6e498ae24680aead55c16f66b06cfc30",
"status": "affected",
"version": "df70ddad81b47c57bcccffc805fbd75f2f1b2dc6",
"versionType": "git"
},
{
"lessThan": "badbd736e6649c4e6d7b4ff7e2b9857acfa9ea94",
"status": "affected",
"version": "df70ddad81b47c57bcccffc805fbd75f2f1b2dc6",
"versionType": "git"
},
{
"lessThan": "86d920d2600c3a48efc2775c1666c1017eec6956",
"status": "affected",
"version": "df70ddad81b47c57bcccffc805fbd75f2f1b2dc6",
"versionType": "git"
},
{
"lessThan": "3dba83d3c81de1368d15a39f22df7b53e306052f",
"status": "affected",
"version": "df70ddad81b47c57bcccffc805fbd75f2f1b2dc6",
"versionType": "git"
},
{
"lessThan": "58f31be7dfbc0c84a6497ad51924949cf64b86a2",
"status": "affected",
"version": "df70ddad81b47c57bcccffc805fbd75f2f1b2dc6",
"versionType": "git"
},
{
"lessThan": "7fd6aae7e53b94f4035b1bfce28b8dfa0d0ae470",
"status": "affected",
"version": "df70ddad81b47c57bcccffc805fbd75f2f1b2dc6",
"versionType": "git"
},
{
"lessThan": "042b101d7bf70616c4967c286ffa6fcca65babfb",
"status": "affected",
"version": "df70ddad81b47c57bcccffc805fbd75f2f1b2dc6",
"versionType": "git"
},
{
"lessThan": "46d7ebfe6a75a454a5fa28604f0ef1491f9d8d14",
"status": "affected",
"version": "df70ddad81b47c57bcccffc805fbd75f2f1b2dc6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-frontends/rtl2830.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"lessThan": "4.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error\n\nEnsure index in rtl2830_pid_filter does not exceed 31 to prevent\nout-of-bounds access.\n\ndev-\u003efilters is a 32-bit value, so set_bit and clear_bit functions should\nonly operate on indices from 0 to 31. If index is 32, it will attempt to\naccess a non-existent 33rd bit, leading to out-of-bounds access.\nChange the boundary check from index \u003e 32 to index \u003e= 32 to resolve this\nissue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:37:37.837Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8ffbe7d07b8e76193b151107878ddc1ccc94deb5"
},
{
"url": "https://git.kernel.org/stable/c/883f794c6e498ae24680aead55c16f66b06cfc30"
},
{
"url": "https://git.kernel.org/stable/c/badbd736e6649c4e6d7b4ff7e2b9857acfa9ea94"
},
{
"url": "https://git.kernel.org/stable/c/86d920d2600c3a48efc2775c1666c1017eec6956"
},
{
"url": "https://git.kernel.org/stable/c/3dba83d3c81de1368d15a39f22df7b53e306052f"
},
{
"url": "https://git.kernel.org/stable/c/58f31be7dfbc0c84a6497ad51924949cf64b86a2"
},
{
"url": "https://git.kernel.org/stable/c/7fd6aae7e53b94f4035b1bfce28b8dfa0d0ae470"
},
{
"url": "https://git.kernel.org/stable/c/042b101d7bf70616c4967c286ffa6fcca65babfb"
},
{
"url": "https://git.kernel.org/stable/c/46d7ebfe6a75a454a5fa28604f0ef1491f9d8d14"
}
],
"title": "drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47697",
"datePublished": "2024-10-21T11:53:34.630Z",
"dateReserved": "2024-09-30T16:00:12.942Z",
"dateUpdated": "2025-11-03T22:21:02.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48981 (GCVE-0-2022-48981)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
drm/shmem-helper: Remove errant put in error path
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/shmem-helper: Remove errant put in error path
drm_gem_shmem_mmap() doesn't own this reference, resulting in the GEM
object getting prematurely freed leading to a later use-after-free.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
2194a63a818db71065ebe09c8104f5f021ca4e7b , < 585a07b820059462e0c93b76c7de2cd946b26b40
(git)
Affected: 2194a63a818db71065ebe09c8104f5f021ca4e7b , < 6a4da05acd062ae7774b6b19cef2b7d922902d36 (git) Affected: 2194a63a818db71065ebe09c8104f5f021ca4e7b , < 83e3da8bb92fcfa7a1d232cf55f9e6c49bb84942 (git) Affected: 2194a63a818db71065ebe09c8104f5f021ca4e7b , < 586847b98e20ab02212ca5c1fc46680384e68a28 (git) Affected: 2194a63a818db71065ebe09c8104f5f021ca4e7b , < 24013314be6ee4ee456114a671e9fa3461323de8 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48981",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:17:51.238868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:43.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/drm_gem_shmem_helper.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "585a07b820059462e0c93b76c7de2cd946b26b40",
"status": "affected",
"version": "2194a63a818db71065ebe09c8104f5f021ca4e7b",
"versionType": "git"
},
{
"lessThan": "6a4da05acd062ae7774b6b19cef2b7d922902d36",
"status": "affected",
"version": "2194a63a818db71065ebe09c8104f5f021ca4e7b",
"versionType": "git"
},
{
"lessThan": "83e3da8bb92fcfa7a1d232cf55f9e6c49bb84942",
"status": "affected",
"version": "2194a63a818db71065ebe09c8104f5f021ca4e7b",
"versionType": "git"
},
{
"lessThan": "586847b98e20ab02212ca5c1fc46680384e68a28",
"status": "affected",
"version": "2194a63a818db71065ebe09c8104f5f021ca4e7b",
"versionType": "git"
},
{
"lessThan": "24013314be6ee4ee456114a671e9fa3461323de8",
"status": "affected",
"version": "2194a63a818db71065ebe09c8104f5f021ca4e7b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/drm_gem_shmem_helper.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/shmem-helper: Remove errant put in error path\n\ndrm_gem_shmem_mmap() doesn\u0027t own this reference, resulting in the GEM\nobject getting prematurely freed leading to a later use-after-free."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:22.023Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/585a07b820059462e0c93b76c7de2cd946b26b40"
},
{
"url": "https://git.kernel.org/stable/c/6a4da05acd062ae7774b6b19cef2b7d922902d36"
},
{
"url": "https://git.kernel.org/stable/c/83e3da8bb92fcfa7a1d232cf55f9e6c49bb84942"
},
{
"url": "https://git.kernel.org/stable/c/586847b98e20ab02212ca5c1fc46680384e68a28"
},
{
"url": "https://git.kernel.org/stable/c/24013314be6ee4ee456114a671e9fa3461323de8"
}
],
"title": "drm/shmem-helper: Remove errant put in error path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48981",
"datePublished": "2024-10-21T20:05:59.043Z",
"dateReserved": "2024-08-22T01:27:53.633Z",
"dateUpdated": "2025-05-04T08:27:22.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48991 (GCVE-0-2022-48991)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
Any codepath that zaps page table entries must invoke MMU notifiers to
ensure that secondary MMUs (like KVM) don't keep accessing pages which
aren't mapped anymore. Secondary MMUs don't hold their own references to
pages that are mirrored over, so failing to notify them can lead to page
use-after-free.
I'm marking this as addressing an issue introduced in commit f3f0e1d2150b
("khugepaged: add support of collapse for tmpfs/shmem pages"), but most of
the security impact of this only came in commit 27e1f8273113 ("khugepaged:
enable collapse pmd for pte-mapped THP"), which actually omitted flushes
for the removal of present PTEs, not just for the removal of empty page
tables.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
f3f0e1d2150b2b99da2cbdfaad000089efe9bf30 , < 275c626c131cfe141beeb6c575e31fa53d32da19
(git)
Affected: f3f0e1d2150b2b99da2cbdfaad000089efe9bf30 , < c23105673228c349739e958fa33955ed8faddcaf (git) Affected: f3f0e1d2150b2b99da2cbdfaad000089efe9bf30 , < ff2a1a6f869650aec99e9d070b5ab625bfbc5bc3 (git) Affected: f3f0e1d2150b2b99da2cbdfaad000089efe9bf30 , < 5ffc2a75534d9d74d49760f983f8eb675fa63d69 (git) Affected: f3f0e1d2150b2b99da2cbdfaad000089efe9bf30 , < 7f445ca2e0e59c7971d0b7b853465e50844ab596 (git) Affected: f3f0e1d2150b2b99da2cbdfaad000089efe9bf30 , < 1a3f8c6cd29d9078cc81b29d39d0e9ae1d6a03c3 (git) Affected: f3f0e1d2150b2b99da2cbdfaad000089efe9bf30 , < 5450535901d89a5dcca5fbbc59a24fe89caeb465 (git) Affected: f3f0e1d2150b2b99da2cbdfaad000089efe9bf30 , < f268f6cf875f3220afc77bdd0bf1bb136eb54db9 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48991",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:16:32.481668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:42.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/khugepaged.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "275c626c131cfe141beeb6c575e31fa53d32da19",
"status": "affected",
"version": "f3f0e1d2150b2b99da2cbdfaad000089efe9bf30",
"versionType": "git"
},
{
"lessThan": "c23105673228c349739e958fa33955ed8faddcaf",
"status": "affected",
"version": "f3f0e1d2150b2b99da2cbdfaad000089efe9bf30",
"versionType": "git"
},
{
"lessThan": "ff2a1a6f869650aec99e9d070b5ab625bfbc5bc3",
"status": "affected",
"version": "f3f0e1d2150b2b99da2cbdfaad000089efe9bf30",
"versionType": "git"
},
{
"lessThan": "5ffc2a75534d9d74d49760f983f8eb675fa63d69",
"status": "affected",
"version": "f3f0e1d2150b2b99da2cbdfaad000089efe9bf30",
"versionType": "git"
},
{
"lessThan": "7f445ca2e0e59c7971d0b7b853465e50844ab596",
"status": "affected",
"version": "f3f0e1d2150b2b99da2cbdfaad000089efe9bf30",
"versionType": "git"
},
{
"lessThan": "1a3f8c6cd29d9078cc81b29d39d0e9ae1d6a03c3",
"status": "affected",
"version": "f3f0e1d2150b2b99da2cbdfaad000089efe9bf30",
"versionType": "git"
},
{
"lessThan": "5450535901d89a5dcca5fbbc59a24fe89caeb465",
"status": "affected",
"version": "f3f0e1d2150b2b99da2cbdfaad000089efe9bf30",
"versionType": "git"
},
{
"lessThan": "f268f6cf875f3220afc77bdd0bf1bb136eb54db9",
"status": "affected",
"version": "f3f0e1d2150b2b99da2cbdfaad000089efe9bf30",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/khugepaged.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.337",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.303",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.337",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.303",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/khugepaged: invoke MMU notifiers in shmem/file collapse paths\n\nAny codepath that zaps page table entries must invoke MMU notifiers to\nensure that secondary MMUs (like KVM) don\u0027t keep accessing pages which\naren\u0027t mapped anymore. Secondary MMUs don\u0027t hold their own references to\npages that are mirrored over, so failing to notify them can lead to page\nuse-after-free.\n\nI\u0027m marking this as addressing an issue introduced in commit f3f0e1d2150b\n(\"khugepaged: add support of collapse for tmpfs/shmem pages\"), but most of\nthe security impact of this only came in commit 27e1f8273113 (\"khugepaged:\nenable collapse pmd for pte-mapped THP\"), which actually omitted flushes\nfor the removal of present PTEs, not just for the removal of empty page\ntables."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:39.085Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/275c626c131cfe141beeb6c575e31fa53d32da19"
},
{
"url": "https://git.kernel.org/stable/c/c23105673228c349739e958fa33955ed8faddcaf"
},
{
"url": "https://git.kernel.org/stable/c/ff2a1a6f869650aec99e9d070b5ab625bfbc5bc3"
},
{
"url": "https://git.kernel.org/stable/c/5ffc2a75534d9d74d49760f983f8eb675fa63d69"
},
{
"url": "https://git.kernel.org/stable/c/7f445ca2e0e59c7971d0b7b853465e50844ab596"
},
{
"url": "https://git.kernel.org/stable/c/1a3f8c6cd29d9078cc81b29d39d0e9ae1d6a03c3"
},
{
"url": "https://git.kernel.org/stable/c/5450535901d89a5dcca5fbbc59a24fe89caeb465"
},
{
"url": "https://git.kernel.org/stable/c/f268f6cf875f3220afc77bdd0bf1bb136eb54db9"
}
],
"title": "mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48991",
"datePublished": "2024-10-21T20:06:08.312Z",
"dateReserved": "2024-08-22T01:27:53.636Z",
"dateUpdated": "2025-05-04T08:27:39.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52846 (GCVE-0-2023-52846)
Vulnerability from cvelistv5 – Published: 2024-05-21 15:31 – Updated: 2025-05-04 07:44
VLAI?
EPSS
Title
hsr: Prevent use after free in prp_create_tagged_frame()
Summary
In the Linux kernel, the following vulnerability has been resolved:
hsr: Prevent use after free in prp_create_tagged_frame()
The prp_fill_rct() function can fail. In that situation, it frees the
skb and returns NULL. Meanwhile on the success path, it returns the
original skb. So it's straight forward to fix bug by using the returned
value.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
451d8123f89791bb628277c0bdb4cae34a3563e6 , < ddf4e04e946aaa6c458b8b6829617cc44af2bffd
(git)
Affected: 451d8123f89791bb628277c0bdb4cae34a3563e6 , < a1a485e45d24b1cd8fe834fd6f1b06e2903827da (git) Affected: 451d8123f89791bb628277c0bdb4cae34a3563e6 , < 6086258bd5ea7b5c706ff62da42b8e271b2401db (git) Affected: 451d8123f89791bb628277c0bdb4cae34a3563e6 , < 1787b9f0729d318d67cf7c5a95f0c3dba9a7cc18 (git) Affected: 451d8123f89791bb628277c0bdb4cae34a3563e6 , < d103fb6726904e353b4773188ee3d3acb4078363 (git) Affected: 451d8123f89791bb628277c0bdb4cae34a3563e6 , < 876f8ab52363f649bcc74072157dfd7adfbabc0d (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:22:52.516858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:53.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ddf4e04e946aaa6c458b8b6829617cc44af2bffd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a1a485e45d24b1cd8fe834fd6f1b06e2903827da"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6086258bd5ea7b5c706ff62da42b8e271b2401db"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1787b9f0729d318d67cf7c5a95f0c3dba9a7cc18"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d103fb6726904e353b4773188ee3d3acb4078363"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/876f8ab52363f649bcc74072157dfd7adfbabc0d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/hsr/hsr_forward.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ddf4e04e946aaa6c458b8b6829617cc44af2bffd",
"status": "affected",
"version": "451d8123f89791bb628277c0bdb4cae34a3563e6",
"versionType": "git"
},
{
"lessThan": "a1a485e45d24b1cd8fe834fd6f1b06e2903827da",
"status": "affected",
"version": "451d8123f89791bb628277c0bdb4cae34a3563e6",
"versionType": "git"
},
{
"lessThan": "6086258bd5ea7b5c706ff62da42b8e271b2401db",
"status": "affected",
"version": "451d8123f89791bb628277c0bdb4cae34a3563e6",
"versionType": "git"
},
{
"lessThan": "1787b9f0729d318d67cf7c5a95f0c3dba9a7cc18",
"status": "affected",
"version": "451d8123f89791bb628277c0bdb4cae34a3563e6",
"versionType": "git"
},
{
"lessThan": "d103fb6726904e353b4773188ee3d3acb4078363",
"status": "affected",
"version": "451d8123f89791bb628277c0bdb4cae34a3563e6",
"versionType": "git"
},
{
"lessThan": "876f8ab52363f649bcc74072157dfd7adfbabc0d",
"status": "affected",
"version": "451d8123f89791bb628277c0bdb4cae34a3563e6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/hsr/hsr_forward.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhsr: Prevent use after free in prp_create_tagged_frame()\n\nThe prp_fill_rct() function can fail. In that situation, it frees the\nskb and returns NULL. Meanwhile on the success path, it returns the\noriginal skb. So it\u0027s straight forward to fix bug by using the returned\nvalue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:12.923Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ddf4e04e946aaa6c458b8b6829617cc44af2bffd"
},
{
"url": "https://git.kernel.org/stable/c/a1a485e45d24b1cd8fe834fd6f1b06e2903827da"
},
{
"url": "https://git.kernel.org/stable/c/6086258bd5ea7b5c706ff62da42b8e271b2401db"
},
{
"url": "https://git.kernel.org/stable/c/1787b9f0729d318d67cf7c5a95f0c3dba9a7cc18"
},
{
"url": "https://git.kernel.org/stable/c/d103fb6726904e353b4773188ee3d3acb4078363"
},
{
"url": "https://git.kernel.org/stable/c/876f8ab52363f649bcc74072157dfd7adfbabc0d"
}
],
"title": "hsr: Prevent use after free in prp_create_tagged_frame()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52846",
"datePublished": "2024-05-21T15:31:43.863Z",
"dateReserved": "2024-05-21T15:19:24.254Z",
"dateUpdated": "2025-05-04T07:44:12.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49028 (GCVE-0-2022-49028)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
ixgbevf: Fix resource leak in ixgbevf_init_module()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ixgbevf: Fix resource leak in ixgbevf_init_module()
ixgbevf_init_module() won't destroy the workqueue created by
create_singlethread_workqueue() when pci_register_driver() failed. Add
destroy_workqueue() in fail path to prevent the resource leak.
Similar to the handling of u132_hcd_init in commit f276e002793c
("usb: u132-hcd: fix resource leak")
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
40a13e2493c9882cb4d09054d81a5063cd1589a2 , < f166c62cad798c53300b4b327e44300c73ec492d
(git)
Affected: 40a13e2493c9882cb4d09054d81a5063cd1589a2 , < 7109e941099244cc876a4b3cb7a3ec79f104374a (git) Affected: 40a13e2493c9882cb4d09054d81a5063cd1589a2 , < c99671d4699dcf90d6939923c8fe8a8918e140b2 (git) Affected: 40a13e2493c9882cb4d09054d81a5063cd1589a2 , < 8cfa238a48f34038464b99d0b4825238c2687181 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49028",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:11:38.668001Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:36.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f166c62cad798c53300b4b327e44300c73ec492d",
"status": "affected",
"version": "40a13e2493c9882cb4d09054d81a5063cd1589a2",
"versionType": "git"
},
{
"lessThan": "7109e941099244cc876a4b3cb7a3ec79f104374a",
"status": "affected",
"version": "40a13e2493c9882cb4d09054d81a5063cd1589a2",
"versionType": "git"
},
{
"lessThan": "c99671d4699dcf90d6939923c8fe8a8918e140b2",
"status": "affected",
"version": "40a13e2493c9882cb4d09054d81a5063cd1589a2",
"versionType": "git"
},
{
"lessThan": "8cfa238a48f34038464b99d0b4825238c2687181",
"status": "affected",
"version": "40a13e2493c9882cb4d09054d81a5063cd1589a2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.5"
},
{
"lessThan": "4.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbevf: Fix resource leak in ixgbevf_init_module()\n\nixgbevf_init_module() won\u0027t destroy the workqueue created by\ncreate_singlethread_workqueue() when pci_register_driver() failed. Add\ndestroy_workqueue() in fail path to prevent the resource leak.\n\nSimilar to the handling of u132_hcd_init in commit f276e002793c\n(\"usb: u132-hcd: fix resource leak\")"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:23.255Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f166c62cad798c53300b4b327e44300c73ec492d"
},
{
"url": "https://git.kernel.org/stable/c/7109e941099244cc876a4b3cb7a3ec79f104374a"
},
{
"url": "https://git.kernel.org/stable/c/c99671d4699dcf90d6939923c8fe8a8918e140b2"
},
{
"url": "https://git.kernel.org/stable/c/8cfa238a48f34038464b99d0b4825238c2687181"
}
],
"title": "ixgbevf: Fix resource leak in ixgbevf_init_module()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49028",
"datePublished": "2024-10-21T20:06:33.205Z",
"dateReserved": "2024-08-22T01:27:53.651Z",
"dateUpdated": "2025-05-04T08:28:23.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49920 (GCVE-0-2024-49920)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-07-11 17:21
VLAI?
EPSS
Title
drm/amd/display: Check null pointers before multiple uses
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check null pointers before multiple uses
[WHAT & HOW]
Poniters, such as stream_enc and dc->bw_vbios, are null checked previously
in the same function, so Coverity warns "implies that stream_enc and
dc->bw_vbios might be null". They are used multiple times in the
subsequent code and need to be checked.
This fixes 10 FORWARD_NULL issues reported by Coverity.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:40:29.310714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:44.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c",
"drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c",
"drivers/gpu/drm/amd/display/dc/link/accessories/link_dp_cts.c",
"drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_dio.c",
"drivers/gpu/drm/amd/display/dc/resource/dce112/dce112_resource.c",
"drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c",
"drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource_helpers.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "26787fb6c2b2ee0d1a7e1574b36f4711ae40fe27",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "fdd5ecbbff751c3b9061d8ebb08e5c96119915b4",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c",
"drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c",
"drivers/gpu/drm/amd/display/dc/link/accessories/link_dp_cts.c",
"drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_dio.c",
"drivers/gpu/drm/amd/display/dc/resource/dce112/dce112_resource.c",
"drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c",
"drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource_helpers.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before multiple uses\n\n[WHAT \u0026 HOW]\nPoniters, such as stream_enc and dc-\u003ebw_vbios, are null checked previously\nin the same function, so Coverity warns \"implies that stream_enc and\ndc-\u003ebw_vbios might be null\". They are used multiple times in the\nsubsequent code and need to be checked.\n\nThis fixes 10 FORWARD_NULL issues reported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:21:19.261Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/26787fb6c2b2ee0d1a7e1574b36f4711ae40fe27"
},
{
"url": "https://git.kernel.org/stable/c/fdd5ecbbff751c3b9061d8ebb08e5c96119915b4"
}
],
"title": "drm/amd/display: Check null pointers before multiple uses",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49920",
"datePublished": "2024-10-21T18:01:46.437Z",
"dateReserved": "2024-10-21T12:17:06.034Z",
"dateUpdated": "2025-07-11T17:21:19.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50007 (GCVE-0-2024-50007)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:54 – Updated: 2026-01-05 10:54
VLAI?
EPSS
Title
ALSA: asihpi: Fix potential OOB array access
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: asihpi: Fix potential OOB array access
ASIHPI driver stores some values in the static array upon a response
from the driver, and its index depends on the firmware. We shouldn't
trust it blindly.
This patch adds a sanity check of the array index to fit in the array
size.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
719f82d3987aad4cc9f46d19c35f362672545cad , < a6bdb691cf7b66dcd929de1a253c5c42edd2e522
(git)
Affected: 719f82d3987aad4cc9f46d19c35f362672545cad , < ce2953e44829ec54bcbb57e9d890fc8af0900c80 (git) Affected: 719f82d3987aad4cc9f46d19c35f362672545cad , < 219587bca2678e31700ef09ecec178ba1f735674 (git) Affected: 719f82d3987aad4cc9f46d19c35f362672545cad , < 36ee4021bcc37b834996e79740d095d6f8dd948f (git) Affected: 719f82d3987aad4cc9f46d19c35f362672545cad , < e658227d9d4f4e122d81690fdbc0d438b10288f5 (git) Affected: 719f82d3987aad4cc9f46d19c35f362672545cad , < 7a55740996701f7b2bc46dc988b60ef2e416a747 (git) Affected: 719f82d3987aad4cc9f46d19c35f362672545cad , < ad7248a5e92587b9266c62db8bcc4e58de53e372 (git) Affected: 719f82d3987aad4cc9f46d19c35f362672545cad , < 876d04bf5a8ac1d6af5afd258cd37ab83ab2cf3d (git) Affected: 719f82d3987aad4cc9f46d19c35f362672545cad , < 7b986c7430a6bb68d523dac7bfc74cbd5b44ef96 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:29:11.400121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:40.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:24:23.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/pci/asihpi/hpimsgx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a6bdb691cf7b66dcd929de1a253c5c42edd2e522",
"status": "affected",
"version": "719f82d3987aad4cc9f46d19c35f362672545cad",
"versionType": "git"
},
{
"lessThan": "ce2953e44829ec54bcbb57e9d890fc8af0900c80",
"status": "affected",
"version": "719f82d3987aad4cc9f46d19c35f362672545cad",
"versionType": "git"
},
{
"lessThan": "219587bca2678e31700ef09ecec178ba1f735674",
"status": "affected",
"version": "719f82d3987aad4cc9f46d19c35f362672545cad",
"versionType": "git"
},
{
"lessThan": "36ee4021bcc37b834996e79740d095d6f8dd948f",
"status": "affected",
"version": "719f82d3987aad4cc9f46d19c35f362672545cad",
"versionType": "git"
},
{
"lessThan": "e658227d9d4f4e122d81690fdbc0d438b10288f5",
"status": "affected",
"version": "719f82d3987aad4cc9f46d19c35f362672545cad",
"versionType": "git"
},
{
"lessThan": "7a55740996701f7b2bc46dc988b60ef2e416a747",
"status": "affected",
"version": "719f82d3987aad4cc9f46d19c35f362672545cad",
"versionType": "git"
},
{
"lessThan": "ad7248a5e92587b9266c62db8bcc4e58de53e372",
"status": "affected",
"version": "719f82d3987aad4cc9f46d19c35f362672545cad",
"versionType": "git"
},
{
"lessThan": "876d04bf5a8ac1d6af5afd258cd37ab83ab2cf3d",
"status": "affected",
"version": "719f82d3987aad4cc9f46d19c35f362672545cad",
"versionType": "git"
},
{
"lessThan": "7b986c7430a6bb68d523dac7bfc74cbd5b44ef96",
"status": "affected",
"version": "719f82d3987aad4cc9f46d19c35f362672545cad",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/pci/asihpi/hpimsgx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: asihpi: Fix potential OOB array access\n\nASIHPI driver stores some values in the static array upon a response\nfrom the driver, and its index depends on the firmware. We shouldn\u0027t\ntrust it blindly.\n\nThis patch adds a sanity check of the array index to fit in the array\nsize."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:54:39.749Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a6bdb691cf7b66dcd929de1a253c5c42edd2e522"
},
{
"url": "https://git.kernel.org/stable/c/ce2953e44829ec54bcbb57e9d890fc8af0900c80"
},
{
"url": "https://git.kernel.org/stable/c/219587bca2678e31700ef09ecec178ba1f735674"
},
{
"url": "https://git.kernel.org/stable/c/36ee4021bcc37b834996e79740d095d6f8dd948f"
},
{
"url": "https://git.kernel.org/stable/c/e658227d9d4f4e122d81690fdbc0d438b10288f5"
},
{
"url": "https://git.kernel.org/stable/c/7a55740996701f7b2bc46dc988b60ef2e416a747"
},
{
"url": "https://git.kernel.org/stable/c/ad7248a5e92587b9266c62db8bcc4e58de53e372"
},
{
"url": "https://git.kernel.org/stable/c/876d04bf5a8ac1d6af5afd258cd37ab83ab2cf3d"
},
{
"url": "https://git.kernel.org/stable/c/7b986c7430a6bb68d523dac7bfc74cbd5b44ef96"
}
],
"title": "ALSA: asihpi: Fix potential OOB array access",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50007",
"datePublished": "2024-10-21T18:54:00.611Z",
"dateReserved": "2024-10-21T12:17:06.060Z",
"dateUpdated": "2026-01-05T10:54:39.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48962 (GCVE-0-2022-48962)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
The skb is delivered to napi_gro_receive() which may free it, after
calling this, dereferencing skb may trigger use-after-free.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
542ae60af24f02e130e62cb3b7c23163a2350056 , < 3501da8eb6d0f5f114a09ec953c54423f6f35885
(git)
Affected: 542ae60af24f02e130e62cb3b7c23163a2350056 , < 196e12671cb629d9f3b77b4d8bec854fc445533a (git) Affected: 542ae60af24f02e130e62cb3b7c23163a2350056 , < aceec8ab752428d8e151321479e82cc1a40fee2e (git) Affected: 542ae60af24f02e130e62cb3b7c23163a2350056 , < e71a46cc8c9ad75f3bb0e4b361e81f79c0214cca (git) Affected: 542ae60af24f02e130e62cb3b7c23163a2350056 , < 296a50aa8b2982117520713edc1375777a9f8506 (git) Affected: 542ae60af24f02e130e62cb3b7c23163a2350056 , < 6f4798ac9c9e98f41553c4f5e6c832c8860a6942 (git) Affected: 542ae60af24f02e130e62cb3b7c23163a2350056 , < 8595a2db8eb0ffcbb466eb9f4a7507a5ba06ebb9 (git) Affected: 542ae60af24f02e130e62cb3b7c23163a2350056 , < 4640177049549de1a43e9bc49265f0cdfce08cfd (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:20:14.894557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:38.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hisi_femac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3501da8eb6d0f5f114a09ec953c54423f6f35885",
"status": "affected",
"version": "542ae60af24f02e130e62cb3b7c23163a2350056",
"versionType": "git"
},
{
"lessThan": "196e12671cb629d9f3b77b4d8bec854fc445533a",
"status": "affected",
"version": "542ae60af24f02e130e62cb3b7c23163a2350056",
"versionType": "git"
},
{
"lessThan": "aceec8ab752428d8e151321479e82cc1a40fee2e",
"status": "affected",
"version": "542ae60af24f02e130e62cb3b7c23163a2350056",
"versionType": "git"
},
{
"lessThan": "e71a46cc8c9ad75f3bb0e4b361e81f79c0214cca",
"status": "affected",
"version": "542ae60af24f02e130e62cb3b7c23163a2350056",
"versionType": "git"
},
{
"lessThan": "296a50aa8b2982117520713edc1375777a9f8506",
"status": "affected",
"version": "542ae60af24f02e130e62cb3b7c23163a2350056",
"versionType": "git"
},
{
"lessThan": "6f4798ac9c9e98f41553c4f5e6c832c8860a6942",
"status": "affected",
"version": "542ae60af24f02e130e62cb3b7c23163a2350056",
"versionType": "git"
},
{
"lessThan": "8595a2db8eb0ffcbb466eb9f4a7507a5ba06ebb9",
"status": "affected",
"version": "542ae60af24f02e130e62cb3b7c23163a2350056",
"versionType": "git"
},
{
"lessThan": "4640177049549de1a43e9bc49265f0cdfce08cfd",
"status": "affected",
"version": "542ae60af24f02e130e62cb3b7c23163a2350056",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hisi_femac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.336",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.336",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.302",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.269",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hisilicon: Fix potential use-after-free in hisi_femac_rx()\n\nThe skb is delivered to napi_gro_receive() which may free it, after\ncalling this, dereferencing skb may trigger use-after-free."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:00.793Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3501da8eb6d0f5f114a09ec953c54423f6f35885"
},
{
"url": "https://git.kernel.org/stable/c/196e12671cb629d9f3b77b4d8bec854fc445533a"
},
{
"url": "https://git.kernel.org/stable/c/aceec8ab752428d8e151321479e82cc1a40fee2e"
},
{
"url": "https://git.kernel.org/stable/c/e71a46cc8c9ad75f3bb0e4b361e81f79c0214cca"
},
{
"url": "https://git.kernel.org/stable/c/296a50aa8b2982117520713edc1375777a9f8506"
},
{
"url": "https://git.kernel.org/stable/c/6f4798ac9c9e98f41553c4f5e6c832c8860a6942"
},
{
"url": "https://git.kernel.org/stable/c/8595a2db8eb0ffcbb466eb9f4a7507a5ba06ebb9"
},
{
"url": "https://git.kernel.org/stable/c/4640177049549de1a43e9bc49265f0cdfce08cfd"
}
],
"title": "net: hisilicon: Fix potential use-after-free in hisi_femac_rx()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48962",
"datePublished": "2024-10-21T20:05:46.514Z",
"dateReserved": "2024-08-22T01:27:53.628Z",
"dateUpdated": "2025-05-04T08:27:00.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42133 (GCVE-0-2024-42133)
Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-05-04 12:57
VLAI?
EPSS
Title
Bluetooth: Ignore too large handle values in BIG
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Ignore too large handle values in BIG
hci_le_big_sync_established_evt is necessary to filter out cases where the
handle value is belonging to ida id range, otherwise ida will be erroneously
released in hci_conn_cleanup.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
84cb0143fb8a03bf941c7aaedd56c938c99dafad , < 38263088b845abeeeb98dda5b87c0de3063b6dbb
(git)
Affected: 181a42edddf51d5d9697ecdf365d72ebeab5afb0 , < dad0003ccc68457baf005a6ed75b4d321463fe3d (git) Affected: 181a42edddf51d5d9697ecdf365d72ebeab5afb0 , < 015d79c96d62cd8a4a359fcf5be40d58088c936b (git) Affected: e9f708beada55426c8d678e2f46af659eb5bf4f0 (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/38263088b845abeeeb98dda5b87c0de3063b6dbb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dad0003ccc68457baf005a6ed75b4d321463fe3d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/015d79c96d62cd8a4a359fcf5be40d58088c936b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:16:19.014130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:36.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_event.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "38263088b845abeeeb98dda5b87c0de3063b6dbb",
"status": "affected",
"version": "84cb0143fb8a03bf941c7aaedd56c938c99dafad",
"versionType": "git"
},
{
"lessThan": "dad0003ccc68457baf005a6ed75b4d321463fe3d",
"status": "affected",
"version": "181a42edddf51d5d9697ecdf365d72ebeab5afb0",
"versionType": "git"
},
{
"lessThan": "015d79c96d62cd8a4a359fcf5be40d58088c936b",
"status": "affected",
"version": "181a42edddf51d5d9697ecdf365d72ebeab5afb0",
"versionType": "git"
},
{
"status": "affected",
"version": "e9f708beada55426c8d678e2f46af659eb5bf4f0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_event.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "6.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Ignore too large handle values in BIG\n\nhci_le_big_sync_established_evt is necessary to filter out cases where the\nhandle value is belonging to ida id range, otherwise ida will be erroneously\nreleased in hci_conn_cleanup."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:57:43.780Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/38263088b845abeeeb98dda5b87c0de3063b6dbb"
},
{
"url": "https://git.kernel.org/stable/c/dad0003ccc68457baf005a6ed75b4d321463fe3d"
},
{
"url": "https://git.kernel.org/stable/c/015d79c96d62cd8a4a359fcf5be40d58088c936b"
}
],
"title": "Bluetooth: Ignore too large handle values in BIG",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42133",
"datePublished": "2024-07-30T07:46:28.632Z",
"dateReserved": "2024-07-29T15:50:41.186Z",
"dateUpdated": "2025-05-04T12:57:43.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47696 (GCVE-0-2024-47696)
Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
In the commit aee2424246f9 ("RDMA/iwcm: Fix a use-after-free related to
destroying CM IDs"), the function flush_workqueue is invoked to flush the
work queue iwcm_wq.
But at that time, the work queue iwcm_wq was created via the function
alloc_ordered_workqueue without the flag WQ_MEM_RECLAIM.
Because the current process is trying to flush the whole iwcm_wq, if
iwcm_wq doesn't have the flag WQ_MEM_RECLAIM, verify that the current
process is not reclaiming memory or running on a workqueue which doesn't
have the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee
leading to a deadlock.
The call trace is as below:
[ 125.350876][ T1430] Call Trace:
[ 125.356281][ T1430] <TASK>
[ 125.361285][ T1430] ? __warn (kernel/panic.c:693)
[ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))
[ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219)
[ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239)
[ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))
[ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)
[ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))
[ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))
[ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970)
[ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151)
[ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm
[ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910)
[ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)
[ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161)
[ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm
[ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma
[ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma
[ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231)
[ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393)
[ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339)
[ 125.531837][ T1430] kthread (kernel/kthread.c:389)
[ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342)
[ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147)
[ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342)
[ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)
[ 125.566487][ T1430] </TASK>
[ 125.566488][ T1430] ---[ end trace 0000000000000000 ]---
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
d91d253c87fd1efece521ff2612078a35af673c6 , < da2708a19f45b4a7278adf523837c8db21d1e2b5
(git)
Affected: 7f25f296fc9bd0435be14e89bf657cd615a23574 , < 29b3bbd912b8db86df7a3c180b910ccb621f5635 (git) Affected: 94ee7ff99b87435ec63211f632918dc7f44dac79 , < 2efe8da2ddbf873385b4bc55366d09350b408df6 (git) Affected: 557d035fe88d78dd51664f4dc0e1896c04c97cf6 , < da0392698c62397c19deb1b9e9bdf2fbb5a9420e (git) Affected: dc8074b8901caabb97c2d353abd6b4e7fa5a59a5 , < a64f30db12bdc937c5108158d98c8eab1925c548 (git) Affected: ff5bbbdee08287d75d72e65b72a2b76d9637892a , < 8b7df76356d098f85f3bd2c7cf6fb43f531893d7 (git) Affected: ee39384ee787e86e9db4efb843818ef0ea9cb8ae , < c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58 (git) Affected: aee2424246f9f1dadc33faa78990c1e2eb7826e4 , < a09dc967b3c58899e259c0aea092f421d22a0b04 (git) Affected: aee2424246f9f1dadc33faa78990c1e2eb7826e4 , < 86dfdd8288907f03c18b7fb462e0e232c4f98d89 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47696",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:05:12.849051Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:14:14.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:01.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/iwcm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "da2708a19f45b4a7278adf523837c8db21d1e2b5",
"status": "affected",
"version": "d91d253c87fd1efece521ff2612078a35af673c6",
"versionType": "git"
},
{
"lessThan": "29b3bbd912b8db86df7a3c180b910ccb621f5635",
"status": "affected",
"version": "7f25f296fc9bd0435be14e89bf657cd615a23574",
"versionType": "git"
},
{
"lessThan": "2efe8da2ddbf873385b4bc55366d09350b408df6",
"status": "affected",
"version": "94ee7ff99b87435ec63211f632918dc7f44dac79",
"versionType": "git"
},
{
"lessThan": "da0392698c62397c19deb1b9e9bdf2fbb5a9420e",
"status": "affected",
"version": "557d035fe88d78dd51664f4dc0e1896c04c97cf6",
"versionType": "git"
},
{
"lessThan": "a64f30db12bdc937c5108158d98c8eab1925c548",
"status": "affected",
"version": "dc8074b8901caabb97c2d353abd6b4e7fa5a59a5",
"versionType": "git"
},
{
"lessThan": "8b7df76356d098f85f3bd2c7cf6fb43f531893d7",
"status": "affected",
"version": "ff5bbbdee08287d75d72e65b72a2b76d9637892a",
"versionType": "git"
},
{
"lessThan": "c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58",
"status": "affected",
"version": "ee39384ee787e86e9db4efb843818ef0ea9cb8ae",
"versionType": "git"
},
{
"lessThan": "a09dc967b3c58899e259c0aea092f421d22a0b04",
"status": "affected",
"version": "aee2424246f9f1dadc33faa78990c1e2eb7826e4",
"versionType": "git"
},
{
"lessThan": "86dfdd8288907f03c18b7fb462e0e232c4f98d89",
"status": "affected",
"version": "aee2424246f9f1dadc33faa78990c1e2eb7826e4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/iwcm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.11"
},
{
"lessThan": "6.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.19.320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "5.4.282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.10.224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.15.165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "6.1.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "6.6.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "6.10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "6.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency\n\nIn the commit aee2424246f9 (\"RDMA/iwcm: Fix a use-after-free related to\ndestroying CM IDs\"), the function flush_workqueue is invoked to flush the\nwork queue iwcm_wq.\n\nBut at that time, the work queue iwcm_wq was created via the function\nalloc_ordered_workqueue without the flag WQ_MEM_RECLAIM.\n\nBecause the current process is trying to flush the whole iwcm_wq, if\niwcm_wq doesn\u0027t have the flag WQ_MEM_RECLAIM, verify that the current\nprocess is not reclaiming memory or running on a workqueue which doesn\u0027t\nhave the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee\nleading to a deadlock.\n\nThe call trace is as below:\n\n[ 125.350876][ T1430] Call Trace:\n[ 125.356281][ T1430] \u003cTASK\u003e\n[ 125.361285][ T1430] ? __warn (kernel/panic.c:693)\n[ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219)\n[ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239)\n[ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\n[ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970)\n[ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151)\n[ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm\n[ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910)\n[ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161)\n[ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm\n[ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma\n[ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma\n[ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231)\n[ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393)\n[ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339)\n[ 125.531837][ T1430] kthread (kernel/kthread.c:389)\n[ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\n[ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147)\n[ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\n[ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)\n[ 125.566487][ T1430] \u003c/TASK\u003e\n[ 125.566488][ T1430] ---[ end trace 0000000000000000 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:37:36.111Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/da2708a19f45b4a7278adf523837c8db21d1e2b5"
},
{
"url": "https://git.kernel.org/stable/c/29b3bbd912b8db86df7a3c180b910ccb621f5635"
},
{
"url": "https://git.kernel.org/stable/c/2efe8da2ddbf873385b4bc55366d09350b408df6"
},
{
"url": "https://git.kernel.org/stable/c/da0392698c62397c19deb1b9e9bdf2fbb5a9420e"
},
{
"url": "https://git.kernel.org/stable/c/a64f30db12bdc937c5108158d98c8eab1925c548"
},
{
"url": "https://git.kernel.org/stable/c/8b7df76356d098f85f3bd2c7cf6fb43f531893d7"
},
{
"url": "https://git.kernel.org/stable/c/c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58"
},
{
"url": "https://git.kernel.org/stable/c/a09dc967b3c58899e259c0aea092f421d22a0b04"
},
{
"url": "https://git.kernel.org/stable/c/86dfdd8288907f03c18b7fb462e0e232c4f98d89"
}
],
"title": "RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47696",
"datePublished": "2024-10-21T11:53:33.950Z",
"dateReserved": "2024-09-30T16:00:12.942Z",
"dateUpdated": "2025-11-03T22:21:01.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47713 (GCVE-0-2024-47713)
Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
Since '__dev_queue_xmit()' should be called with interrupts enabled,
the following backtrace:
ieee80211_do_stop()
...
spin_lock_irqsave(&local->queue_stop_reason_lock, flags)
...
ieee80211_free_txskb()
ieee80211_report_used_skb()
ieee80211_report_ack_skb()
cfg80211_mgmt_tx_status_ext()
nl80211_frame_tx_status()
genlmsg_multicast_netns()
genlmsg_multicast_netns_filtered()
nlmsg_multicast_filtered()
netlink_broadcast_filtered()
do_one_broadcast()
netlink_broadcast_deliver()
__netlink_sendskb()
netlink_deliver_tap()
__netlink_deliver_tap_skb()
dev_queue_xmit()
__dev_queue_xmit() ; with IRQS disabled
...
spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags)
issues the warning (as reported by syzbot reproducer):
WARNING: CPU: 2 PID: 5128 at kernel/softirq.c:362 __local_bh_enable_ip+0xc3/0x120
Fix this by implementing a two-phase skb reclamation in
'ieee80211_do_stop()', where actual work is performed
outside of a section with interrupts disabled.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
5061b0c2b9066de426fbc63f1278d2210e789412 , < 07eb0bd7b0a8abed9d45e0f567c9af1dc83e5268
(git)
Affected: 5061b0c2b9066de426fbc63f1278d2210e789412 , < 04f75f5bae33349283d6886901d9acd2f110c024 (git) Affected: 5061b0c2b9066de426fbc63f1278d2210e789412 , < f232916fab67ca1c3425926df4a866e59ff26908 (git) Affected: 5061b0c2b9066de426fbc63f1278d2210e789412 , < acb53a716e492a02479345157c43f21edc8bc64b (git) Affected: 5061b0c2b9066de426fbc63f1278d2210e789412 , < db5ca4b42ccfa42d2af7b335ff12578e57775c02 (git) Affected: 5061b0c2b9066de426fbc63f1278d2210e789412 , < 058c9026ad79dc98572442fd4c7e9a36aba6f596 (git) Affected: 5061b0c2b9066de426fbc63f1278d2210e789412 , < eab272972cffff9cd973b8e4055a8e81c64f7e6a (git) Affected: 5061b0c2b9066de426fbc63f1278d2210e789412 , < ad4b7068b101fbbb4a9ca4b99b25eb051a9482ec (git) Affected: 5061b0c2b9066de426fbc63f1278d2210e789412 , < 9d301de12da6e1bb069a9835c38359b8e8135121 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47713",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:02:59.793791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:18.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:17.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mac80211/iface.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "07eb0bd7b0a8abed9d45e0f567c9af1dc83e5268",
"status": "affected",
"version": "5061b0c2b9066de426fbc63f1278d2210e789412",
"versionType": "git"
},
{
"lessThan": "04f75f5bae33349283d6886901d9acd2f110c024",
"status": "affected",
"version": "5061b0c2b9066de426fbc63f1278d2210e789412",
"versionType": "git"
},
{
"lessThan": "f232916fab67ca1c3425926df4a866e59ff26908",
"status": "affected",
"version": "5061b0c2b9066de426fbc63f1278d2210e789412",
"versionType": "git"
},
{
"lessThan": "acb53a716e492a02479345157c43f21edc8bc64b",
"status": "affected",
"version": "5061b0c2b9066de426fbc63f1278d2210e789412",
"versionType": "git"
},
{
"lessThan": "db5ca4b42ccfa42d2af7b335ff12578e57775c02",
"status": "affected",
"version": "5061b0c2b9066de426fbc63f1278d2210e789412",
"versionType": "git"
},
{
"lessThan": "058c9026ad79dc98572442fd4c7e9a36aba6f596",
"status": "affected",
"version": "5061b0c2b9066de426fbc63f1278d2210e789412",
"versionType": "git"
},
{
"lessThan": "eab272972cffff9cd973b8e4055a8e81c64f7e6a",
"status": "affected",
"version": "5061b0c2b9066de426fbc63f1278d2210e789412",
"versionType": "git"
},
{
"lessThan": "ad4b7068b101fbbb4a9ca4b99b25eb051a9482ec",
"status": "affected",
"version": "5061b0c2b9066de426fbc63f1278d2210e789412",
"versionType": "git"
},
{
"lessThan": "9d301de12da6e1bb069a9835c38359b8e8135121",
"status": "affected",
"version": "5061b0c2b9066de426fbc63f1278d2210e789412",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mac80211/iface.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.32"
},
{
"lessThan": "2.6.32",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()\n\nSince \u0027__dev_queue_xmit()\u0027 should be called with interrupts enabled,\nthe following backtrace:\n\nieee80211_do_stop()\n ...\n spin_lock_irqsave(\u0026local-\u003equeue_stop_reason_lock, flags)\n ...\n ieee80211_free_txskb()\n ieee80211_report_used_skb()\n ieee80211_report_ack_skb()\n cfg80211_mgmt_tx_status_ext()\n nl80211_frame_tx_status()\n genlmsg_multicast_netns()\n genlmsg_multicast_netns_filtered()\n nlmsg_multicast_filtered()\n\t netlink_broadcast_filtered()\n\t do_one_broadcast()\n\t netlink_broadcast_deliver()\n\t __netlink_sendskb()\n\t netlink_deliver_tap()\n\t __netlink_deliver_tap_skb()\n\t dev_queue_xmit()\n\t __dev_queue_xmit() ; with IRQS disabled\n ...\n spin_unlock_irqrestore(\u0026local-\u003equeue_stop_reason_lock, flags)\n\nissues the warning (as reported by syzbot reproducer):\n\nWARNING: CPU: 2 PID: 5128 at kernel/softirq.c:362 __local_bh_enable_ip+0xc3/0x120\n\nFix this by implementing a two-phase skb reclamation in\n\u0027ieee80211_do_stop()\u0027, where actual work is performed\noutside of a section with interrupts disabled."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:38:06.138Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/07eb0bd7b0a8abed9d45e0f567c9af1dc83e5268"
},
{
"url": "https://git.kernel.org/stable/c/04f75f5bae33349283d6886901d9acd2f110c024"
},
{
"url": "https://git.kernel.org/stable/c/f232916fab67ca1c3425926df4a866e59ff26908"
},
{
"url": "https://git.kernel.org/stable/c/acb53a716e492a02479345157c43f21edc8bc64b"
},
{
"url": "https://git.kernel.org/stable/c/db5ca4b42ccfa42d2af7b335ff12578e57775c02"
},
{
"url": "https://git.kernel.org/stable/c/058c9026ad79dc98572442fd4c7e9a36aba6f596"
},
{
"url": "https://git.kernel.org/stable/c/eab272972cffff9cd973b8e4055a8e81c64f7e6a"
},
{
"url": "https://git.kernel.org/stable/c/ad4b7068b101fbbb4a9ca4b99b25eb051a9482ec"
},
{
"url": "https://git.kernel.org/stable/c/9d301de12da6e1bb069a9835c38359b8e8135121"
}
],
"title": "wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47713",
"datePublished": "2024-10-21T11:53:45.433Z",
"dateReserved": "2024-09-30T16:00:12.948Z",
"dateUpdated": "2025-11-03T22:21:17.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-43854 (GCVE-0-2024-43854)
Vulnerability from cvelistv5 – Published: 2024-08-17 09:22 – Updated: 2025-11-03 22:05
VLAI?
EPSS
Title
block: initialize integrity buffer to zero before writing it to media
Summary
In the Linux kernel, the following vulnerability has been resolved:
block: initialize integrity buffer to zero before writing it to media
Metadata added by bio_integrity_prep is using plain kmalloc, which leads
to random kernel memory being written media. For PI metadata this is
limited to the app tag that isn't used by kernel generated metadata,
but for non-PI metadata the entire buffer leaks kernel memory.
Fix this by adding the __GFP_ZERO flag to allocations for writes.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
7ba1ba12eeef0aa7113beb16410ef8b7c748e18b , < 9f4af4cf08f9a0329ade3d938f55d2220c40d0a6
(git)
Affected: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b , < 129f95948a96105c1fad8e612c9097763e88ac5f (git) Affected: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b , < 3fd11fe4f20756b4c0847f755a64cd96f8c6a005 (git) Affected: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b , < cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2 (git) Affected: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b , < d418313bd8f55c079a7da12651951b489a638ac1 (git) Affected: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b , < 23a19655fb56f241e592041156dfb1c6d04da644 (git) Affected: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b , < ebc0e91ba76dc6544fff9f5b66408b1982806a00 (git) Affected: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b , < 899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:07:14.517245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:20.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:05:51.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/bio-integrity.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9f4af4cf08f9a0329ade3d938f55d2220c40d0a6",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "129f95948a96105c1fad8e612c9097763e88ac5f",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "3fd11fe4f20756b4c0847f755a64cd96f8c6a005",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "d418313bd8f55c079a7da12651951b489a638ac1",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "23a19655fb56f241e592041156dfb1c6d04da644",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "ebc0e91ba76dc6544fff9f5b66408b1982806a00",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/bio-integrity.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.27"
},
{
"lessThan": "2.6.27",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.322",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.322",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: initialize integrity buffer to zero before writing it to media\n\nMetadata added by bio_integrity_prep is using plain kmalloc, which leads\nto random kernel memory being written media. For PI metadata this is\nlimited to the app tag that isn\u0027t used by kernel generated metadata,\nbut for non-PI metadata the entire buffer leaks kernel memory.\n\nFix this by adding the __GFP_ZERO flag to allocations for writes."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:27:45.701Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9f4af4cf08f9a0329ade3d938f55d2220c40d0a6"
},
{
"url": "https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f"
},
{
"url": "https://git.kernel.org/stable/c/3fd11fe4f20756b4c0847f755a64cd96f8c6a005"
},
{
"url": "https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2"
},
{
"url": "https://git.kernel.org/stable/c/d418313bd8f55c079a7da12651951b489a638ac1"
},
{
"url": "https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644"
},
{
"url": "https://git.kernel.org/stable/c/ebc0e91ba76dc6544fff9f5b66408b1982806a00"
},
{
"url": "https://git.kernel.org/stable/c/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f"
}
],
"title": "block: initialize integrity buffer to zero before writing it to media",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43854",
"datePublished": "2024-08-17T09:22:11.297Z",
"dateReserved": "2024-08-17T09:11:59.278Z",
"dateUpdated": "2025-11-03T22:05:51.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47745 (GCVE-0-2024-47745)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2026-01-05 10:54
VLAI?
EPSS
Title
mm: call the security_mmap_file() LSM hook in remap_file_pages()
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm: call the security_mmap_file() LSM hook in remap_file_pages()
The remap_file_pages syscall handler calls do_mmap() directly, which
doesn't contain the LSM security check. And if the process has called
personality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for
RW pages, this will actually result in remapping the pages to RWX,
bypassing a W^X policy enforced by SELinux.
So we should check prot by security_mmap_file LSM hook in the
remap_file_pages syscall handler before do_mmap() is called. Otherwise, it
potentially permits an attacker to bypass a W^X policy enforced by
SELinux.
The bypass is similar to CVE-2016-10044, which bypass the same thing via
AIO and can be found in [1].
The PoC:
$ cat > test.c
int main(void) {
size_t pagesz = sysconf(_SC_PAGE_SIZE);
int mfd = syscall(SYS_memfd_create, "test", 0);
const char *buf = mmap(NULL, 4 * pagesz, PROT_READ | PROT_WRITE,
MAP_SHARED, mfd, 0);
unsigned int old = syscall(SYS_personality, 0xffffffff);
syscall(SYS_personality, READ_IMPLIES_EXEC | old);
syscall(SYS_remap_file_pages, buf, pagesz, 0, 2, 0);
syscall(SYS_personality, old);
// show the RWX page exists even if W^X policy is enforced
int fd = open("/proc/self/maps", O_RDONLY);
unsigned char buf2[1024];
while (1) {
int ret = read(fd, buf2, 1024);
if (ret <= 0) break;
write(1, buf2, ret);
}
close(fd);
}
$ gcc test.c -o test
$ ./test | grep rwx
7f1836c34000-7f1836c35000 rwxs 00002000 00:01 2050 /memfd:test (deleted)
[PM: subject line tweaks]
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
c8d78c1823f46519473949d33f0d1d33fe21ea16 , < 0f910dbf2f2a4a7820ba4bac7b280f7108aa05b1
(git)
Affected: c8d78c1823f46519473949d33f0d1d33fe21ea16 , < 49d3a4ad57c57227c3b0fd6cd4188b2a5ebd6178 (git) Affected: c8d78c1823f46519473949d33f0d1d33fe21ea16 , < 3393fddbfa947c8e1fdcc4509226905ffffd8b89 (git) Affected: c8d78c1823f46519473949d33f0d1d33fe21ea16 , < ce14f38d6ee9e88e37ec28427b4b93a7c33c70d3 (git) Affected: c8d78c1823f46519473949d33f0d1d33fe21ea16 , < ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 (git) Affected: 097f98edde717ce09f217d8a285fe357dcd29fd1 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:58:41.257228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:13.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:40:38.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/mmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0f910dbf2f2a4a7820ba4bac7b280f7108aa05b1",
"status": "affected",
"version": "c8d78c1823f46519473949d33f0d1d33fe21ea16",
"versionType": "git"
},
{
"lessThan": "49d3a4ad57c57227c3b0fd6cd4188b2a5ebd6178",
"status": "affected",
"version": "c8d78c1823f46519473949d33f0d1d33fe21ea16",
"versionType": "git"
},
{
"lessThan": "3393fddbfa947c8e1fdcc4509226905ffffd8b89",
"status": "affected",
"version": "c8d78c1823f46519473949d33f0d1d33fe21ea16",
"versionType": "git"
},
{
"lessThan": "ce14f38d6ee9e88e37ec28427b4b93a7c33c70d3",
"status": "affected",
"version": "c8d78c1823f46519473949d33f0d1d33fe21ea16",
"versionType": "git"
},
{
"lessThan": "ea7e2d5e49c05e5db1922387b09ca74aa40f46e2",
"status": "affected",
"version": "c8d78c1823f46519473949d33f0d1d33fe21ea16",
"versionType": "git"
},
{
"status": "affected",
"version": "097f98edde717ce09f217d8a285fe357dcd29fd1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/mmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"lessThan": "4.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16.59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: call the security_mmap_file() LSM hook in remap_file_pages()\n\nThe remap_file_pages syscall handler calls do_mmap() directly, which\ndoesn\u0027t contain the LSM security check. And if the process has called\npersonality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for\nRW pages, this will actually result in remapping the pages to RWX,\nbypassing a W^X policy enforced by SELinux.\n\nSo we should check prot by security_mmap_file LSM hook in the\nremap_file_pages syscall handler before do_mmap() is called. Otherwise, it\npotentially permits an attacker to bypass a W^X policy enforced by\nSELinux.\n\nThe bypass is similar to CVE-2016-10044, which bypass the same thing via\nAIO and can be found in [1].\n\nThe PoC:\n\n$ cat \u003e test.c\n\nint main(void) {\n\tsize_t pagesz = sysconf(_SC_PAGE_SIZE);\n\tint mfd = syscall(SYS_memfd_create, \"test\", 0);\n\tconst char *buf = mmap(NULL, 4 * pagesz, PROT_READ | PROT_WRITE,\n\t\tMAP_SHARED, mfd, 0);\n\tunsigned int old = syscall(SYS_personality, 0xffffffff);\n\tsyscall(SYS_personality, READ_IMPLIES_EXEC | old);\n\tsyscall(SYS_remap_file_pages, buf, pagesz, 0, 2, 0);\n\tsyscall(SYS_personality, old);\n\t// show the RWX page exists even if W^X policy is enforced\n\tint fd = open(\"/proc/self/maps\", O_RDONLY);\n\tunsigned char buf2[1024];\n\twhile (1) {\n\t\tint ret = read(fd, buf2, 1024);\n\t\tif (ret \u003c= 0) break;\n\t\twrite(1, buf2, ret);\n\t}\n\tclose(fd);\n}\n\n$ gcc test.c -o test\n$ ./test | grep rwx\n7f1836c34000-7f1836c35000 rwxs 00002000 00:01 2050 /memfd:test (deleted)\n\n[PM: subject line tweaks]"
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:54:03.184Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f910dbf2f2a4a7820ba4bac7b280f7108aa05b1"
},
{
"url": "https://git.kernel.org/stable/c/49d3a4ad57c57227c3b0fd6cd4188b2a5ebd6178"
},
{
"url": "https://git.kernel.org/stable/c/3393fddbfa947c8e1fdcc4509226905ffffd8b89"
},
{
"url": "https://git.kernel.org/stable/c/ce14f38d6ee9e88e37ec28427b4b93a7c33c70d3"
},
{
"url": "https://git.kernel.org/stable/c/ea7e2d5e49c05e5db1922387b09ca74aa40f46e2"
}
],
"title": "mm: call the security_mmap_file() LSM hook in remap_file_pages()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47745",
"datePublished": "2024-10-21T12:14:12.488Z",
"dateReserved": "2024-09-30T16:00:12.960Z",
"dateUpdated": "2026-01-05T10:54:03.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47749 (GCVE-0-2024-47749)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
RDMA/cxgb4: Added NULL check for lookup_atid
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cxgb4: Added NULL check for lookup_atid
The lookup_atid() function can return NULL if the ATID is
invalid or does not exist in the identifier table, which
could lead to dereferencing a null pointer without a
check in the `act_establish()` and `act_open_rpl()` functions.
Add a NULL check to prevent null pointer dereferencing.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
cfdda9d764362ab77b11a410bb928400e6520d57 , < b12e25d91c7f97958341538c7dc63ee49d01548f
(git)
Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < 4e1fe68d695af367506ea3c794c5969630f21697 (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < dd598ac57dcae796cb58551074660c39b43fb155 (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < b11318dc8a1ec565300bb1a9073095af817cc508 (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < 39cb9f39913566ec5865581135f3e8123ad1aee1 (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < 0d50ae281a1712b9b2ca72830a96b8f11882358d (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < 54aaa3ed40972511e423b604324b881425b9ff1e (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < b9c94c8ba5a713817cffd74c4bacc05187469624 (git) Affected: cfdda9d764362ab77b11a410bb928400e6520d57 , < e766e6a92410ca269161de059fff0843b8ddd65f (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:58:09.975914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:13.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:44.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/cxgb4/cm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b12e25d91c7f97958341538c7dc63ee49d01548f",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "4e1fe68d695af367506ea3c794c5969630f21697",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "dd598ac57dcae796cb58551074660c39b43fb155",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "b11318dc8a1ec565300bb1a9073095af817cc508",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "39cb9f39913566ec5865581135f3e8123ad1aee1",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "0d50ae281a1712b9b2ca72830a96b8f11882358d",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "54aaa3ed40972511e423b604324b881425b9ff1e",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "b9c94c8ba5a713817cffd74c4bacc05187469624",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
},
{
"lessThan": "e766e6a92410ca269161de059fff0843b8ddd65f",
"status": "affected",
"version": "cfdda9d764362ab77b11a410bb928400e6520d57",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/cxgb4/cm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cxgb4: Added NULL check for lookup_atid\n\nThe lookup_atid() function can return NULL if the ATID is\ninvalid or does not exist in the identifier table, which\ncould lead to dereferencing a null pointer without a\ncheck in the `act_establish()` and `act_open_rpl()` functions.\nAdd a NULL check to prevent null pointer dereferencing.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:39:03.439Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b12e25d91c7f97958341538c7dc63ee49d01548f"
},
{
"url": "https://git.kernel.org/stable/c/4e1fe68d695af367506ea3c794c5969630f21697"
},
{
"url": "https://git.kernel.org/stable/c/dd598ac57dcae796cb58551074660c39b43fb155"
},
{
"url": "https://git.kernel.org/stable/c/b11318dc8a1ec565300bb1a9073095af817cc508"
},
{
"url": "https://git.kernel.org/stable/c/39cb9f39913566ec5865581135f3e8123ad1aee1"
},
{
"url": "https://git.kernel.org/stable/c/0d50ae281a1712b9b2ca72830a96b8f11882358d"
},
{
"url": "https://git.kernel.org/stable/c/54aaa3ed40972511e423b604324b881425b9ff1e"
},
{
"url": "https://git.kernel.org/stable/c/b9c94c8ba5a713817cffd74c4bacc05187469624"
},
{
"url": "https://git.kernel.org/stable/c/e766e6a92410ca269161de059fff0843b8ddd65f"
}
],
"title": "RDMA/cxgb4: Added NULL check for lookup_atid",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47749",
"datePublished": "2024-10-21T12:14:15.126Z",
"dateReserved": "2024-09-30T16:00:12.961Z",
"dateUpdated": "2025-11-03T22:21:44.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48662 (GCVE-0-2022-48662)
Vulnerability from cvelistv5 – Published: 2024-04-28 13:01 – Updated: 2025-05-04 08:20
VLAI?
EPSS
Title
drm/i915/gem: Really move i915_gem_context.link under ref protection
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gem: Really move i915_gem_context.link under ref protection
i915_perf assumes that it can use the i915_gem_context reference to
protect its i915->gem.contexts.list iteration. However, this requires
that we do not remove the context from the list until after we drop the
final reference and release the struct. If, as currently, we remove the
context from the list during context_close(), the link.next pointer may
be poisoned while we are holding the context reference and cause a GPF:
[ 4070.573157] i915 0000:00:02.0: [drm:i915_perf_open_ioctl [i915]] filtering on ctx_id=0x1fffff ctx_id_mask=0x1fffff
[ 4070.574881] general protection fault, probably for non-canonical address 0xdead000000000100: 0000 [#1] PREEMPT SMP
[ 4070.574897] CPU: 1 PID: 284392 Comm: amd_performance Tainted: G E 5.17.9 #180
[ 4070.574903] Hardware name: Intel Corporation NUC7i5BNK/NUC7i5BNB, BIOS BNKBL357.86A.0052.2017.0918.1346 09/18/2017
[ 4070.574907] RIP: 0010:oa_configure_all_contexts.isra.0+0x222/0x350 [i915]
[ 4070.574982] Code: 08 e8 32 6e 10 e1 4d 8b 6d 50 b8 ff ff ff ff 49 83 ed 50 f0 41 0f c1 04 24 83 f8 01 0f 84 e3 00 00 00 85 c0 0f 8e fa 00 00 00 <49> 8b 45 50 48 8d 70 b0 49 8d 45 50 48 39 44 24 10 0f 85 34 fe ff
[ 4070.574990] RSP: 0018:ffffc90002077b78 EFLAGS: 00010202
[ 4070.574995] RAX: 0000000000000002 RBX: 0000000000000002 RCX: 0000000000000000
[ 4070.575000] RDX: 0000000000000001 RSI: ffffc90002077b20 RDI: ffff88810ddc7c68
[ 4070.575004] RBP: 0000000000000001 R08: ffff888103242648 R09: fffffffffffffffc
[ 4070.575008] R10: ffffffff82c50bc0 R11: 0000000000025c80 R12: ffff888101bf1860
[ 4070.575012] R13: dead0000000000b0 R14: ffffc90002077c04 R15: ffff88810be5cabc
[ 4070.575016] FS: 00007f1ed50c0780(0000) GS:ffff88885ec80000(0000) knlGS:0000000000000000
[ 4070.575021] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4070.575025] CR2: 00007f1ed5590280 CR3: 000000010ef6f005 CR4: 00000000003706e0
[ 4070.575029] Call Trace:
[ 4070.575033] <TASK>
[ 4070.575037] lrc_configure_all_contexts+0x13e/0x150 [i915]
[ 4070.575103] gen8_enable_metric_set+0x4d/0x90 [i915]
[ 4070.575164] i915_perf_open_ioctl+0xbc0/0x1500 [i915]
[ 4070.575224] ? asm_common_interrupt+0x1e/0x40
[ 4070.575232] ? i915_oa_init_reg_state+0x110/0x110 [i915]
[ 4070.575290] drm_ioctl_kernel+0x85/0x110
[ 4070.575296] ? update_load_avg+0x5f/0x5e0
[ 4070.575302] drm_ioctl+0x1d3/0x370
[ 4070.575307] ? i915_oa_init_reg_state+0x110/0x110 [i915]
[ 4070.575382] ? gen8_gt_irq_handler+0x46/0x130 [i915]
[ 4070.575445] __x64_sys_ioctl+0x3c4/0x8d0
[ 4070.575451] ? __do_softirq+0xaa/0x1d2
[ 4070.575456] do_syscall_64+0x35/0x80
[ 4070.575461] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 4070.575467] RIP: 0033:0x7f1ed5c10397
[ 4070.575471] Code: 3c 1c e8 1c ff ff ff 85 c0 79 87 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a9 da 0d 00 f7 d8 64 89 01 48
[ 4070.575478] RSP: 002b:00007ffd65c8d7a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 4070.575484] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f1ed5c10397
[ 4070.575488] RDX: 00007ffd65c8d7c0 RSI: 0000000040106476 RDI: 0000000000000006
[ 4070.575492] RBP: 00005620972f9c60 R08: 000000000000000a R09: 0000000000000005
[ 4070.575496] R10: 000000000000000d R11: 0000000000000246 R12: 000000000000000a
[ 4070.575500] R13: 000000000000000d R14: 0000000000000000 R15: 00007ffd65c8d7c0
[ 4070.575505] </TASK>
[ 4070.575507] Modules linked in: nls_ascii(E) nls_cp437(E) vfat(E) fat(E) i915(E) x86_pkg_temp_thermal(E) intel_powerclamp(E) crct10dif_pclmul(E) crc32_pclmul(E) crc32c_intel(E) aesni_intel(E) crypto_simd(E) intel_gtt(E) cryptd(E) ttm(E) rapl(E) intel_cstate(E) drm_kms_helper(E) cfbfillrect(E) syscopyarea(E) cfbimgblt(E) intel_uncore(E) sysfillrect(E) mei_me(E) sysimgblt(E) i2c_i801(E) fb_sys_fops(E) mei(E) intel_pch_thermal(E) i2c_smbus
---truncated---
Severity ?
7.8 (High)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
f8246cf4d9a9025d26c609bb2195e7c0a9ce5c40 , < 713fa3e4591f65f804bdc88e8648e219fabc9ee1
(git)
Affected: f8246cf4d9a9025d26c609bb2195e7c0a9ce5c40 , < f799e0568d6c153368b177e0bbbde7dcc4ce7f1d (git) Affected: f8246cf4d9a9025d26c609bb2195e7c0a9ce5c40 , < d119888b09bd567e07c6b93a07f175df88857e02 (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/713fa3e4591f65f804bdc88e8648e219fabc9ee1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f799e0568d6c153368b177e0bbbde7dcc4ce7f1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d119888b09bd567e07c6b93a07f175df88857e02"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "713fa3e4591f",
"status": "affected",
"version": "f8246cf4d9a9",
"versionType": "custom"
},
{
"lessThan": "f799e0568d6c",
"status": "affected",
"version": "f8246cf4d9a9",
"versionType": "custom"
},
{
"lessThan": "d119888b09bd",
"status": "affected",
"version": "f8246cf4d9a9",
"versionType": "custom"
},
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.72",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.20",
"status": "unaffected",
"version": "5.19.12",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48662",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-30T19:37:36.638845Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T15:29:08.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/gem/i915_gem_context.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "713fa3e4591f65f804bdc88e8648e219fabc9ee1",
"status": "affected",
"version": "f8246cf4d9a9025d26c609bb2195e7c0a9ce5c40",
"versionType": "git"
},
{
"lessThan": "f799e0568d6c153368b177e0bbbde7dcc4ce7f1d",
"status": "affected",
"version": "f8246cf4d9a9025d26c609bb2195e7c0a9ce5c40",
"versionType": "git"
},
{
"lessThan": "d119888b09bd567e07c6b93a07f175df88857e02",
"status": "affected",
"version": "f8246cf4d9a9025d26c609bb2195e7c0a9ce5c40",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/gem/i915_gem_context.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.72",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.72",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19.12",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: Really move i915_gem_context.link under ref protection\n\ni915_perf assumes that it can use the i915_gem_context reference to\nprotect its i915-\u003egem.contexts.list iteration. However, this requires\nthat we do not remove the context from the list until after we drop the\nfinal reference and release the struct. If, as currently, we remove the\ncontext from the list during context_close(), the link.next pointer may\nbe poisoned while we are holding the context reference and cause a GPF:\n\n[ 4070.573157] i915 0000:00:02.0: [drm:i915_perf_open_ioctl [i915]] filtering on ctx_id=0x1fffff ctx_id_mask=0x1fffff\n[ 4070.574881] general protection fault, probably for non-canonical address 0xdead000000000100: 0000 [#1] PREEMPT SMP\n[ 4070.574897] CPU: 1 PID: 284392 Comm: amd_performance Tainted: G E 5.17.9 #180\n[ 4070.574903] Hardware name: Intel Corporation NUC7i5BNK/NUC7i5BNB, BIOS BNKBL357.86A.0052.2017.0918.1346 09/18/2017\n[ 4070.574907] RIP: 0010:oa_configure_all_contexts.isra.0+0x222/0x350 [i915]\n[ 4070.574982] Code: 08 e8 32 6e 10 e1 4d 8b 6d 50 b8 ff ff ff ff 49 83 ed 50 f0 41 0f c1 04 24 83 f8 01 0f 84 e3 00 00 00 85 c0 0f 8e fa 00 00 00 \u003c49\u003e 8b 45 50 48 8d 70 b0 49 8d 45 50 48 39 44 24 10 0f 85 34 fe ff\n[ 4070.574990] RSP: 0018:ffffc90002077b78 EFLAGS: 00010202\n[ 4070.574995] RAX: 0000000000000002 RBX: 0000000000000002 RCX: 0000000000000000\n[ 4070.575000] RDX: 0000000000000001 RSI: ffffc90002077b20 RDI: ffff88810ddc7c68\n[ 4070.575004] RBP: 0000000000000001 R08: ffff888103242648 R09: fffffffffffffffc\n[ 4070.575008] R10: ffffffff82c50bc0 R11: 0000000000025c80 R12: ffff888101bf1860\n[ 4070.575012] R13: dead0000000000b0 R14: ffffc90002077c04 R15: ffff88810be5cabc\n[ 4070.575016] FS: 00007f1ed50c0780(0000) GS:ffff88885ec80000(0000) knlGS:0000000000000000\n[ 4070.575021] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4070.575025] CR2: 00007f1ed5590280 CR3: 000000010ef6f005 CR4: 00000000003706e0\n[ 4070.575029] Call Trace:\n[ 4070.575033] \u003cTASK\u003e\n[ 4070.575037] lrc_configure_all_contexts+0x13e/0x150 [i915]\n[ 4070.575103] gen8_enable_metric_set+0x4d/0x90 [i915]\n[ 4070.575164] i915_perf_open_ioctl+0xbc0/0x1500 [i915]\n[ 4070.575224] ? asm_common_interrupt+0x1e/0x40\n[ 4070.575232] ? i915_oa_init_reg_state+0x110/0x110 [i915]\n[ 4070.575290] drm_ioctl_kernel+0x85/0x110\n[ 4070.575296] ? update_load_avg+0x5f/0x5e0\n[ 4070.575302] drm_ioctl+0x1d3/0x370\n[ 4070.575307] ? i915_oa_init_reg_state+0x110/0x110 [i915]\n[ 4070.575382] ? gen8_gt_irq_handler+0x46/0x130 [i915]\n[ 4070.575445] __x64_sys_ioctl+0x3c4/0x8d0\n[ 4070.575451] ? __do_softirq+0xaa/0x1d2\n[ 4070.575456] do_syscall_64+0x35/0x80\n[ 4070.575461] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 4070.575467] RIP: 0033:0x7f1ed5c10397\n[ 4070.575471] Code: 3c 1c e8 1c ff ff ff 85 c0 79 87 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d a9 da 0d 00 f7 d8 64 89 01 48\n[ 4070.575478] RSP: 002b:00007ffd65c8d7a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n[ 4070.575484] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f1ed5c10397\n[ 4070.575488] RDX: 00007ffd65c8d7c0 RSI: 0000000040106476 RDI: 0000000000000006\n[ 4070.575492] RBP: 00005620972f9c60 R08: 000000000000000a R09: 0000000000000005\n[ 4070.575496] R10: 000000000000000d R11: 0000000000000246 R12: 000000000000000a\n[ 4070.575500] R13: 000000000000000d R14: 0000000000000000 R15: 00007ffd65c8d7c0\n[ 4070.575505] \u003c/TASK\u003e\n[ 4070.575507] Modules linked in: nls_ascii(E) nls_cp437(E) vfat(E) fat(E) i915(E) x86_pkg_temp_thermal(E) intel_powerclamp(E) crct10dif_pclmul(E) crc32_pclmul(E) crc32c_intel(E) aesni_intel(E) crypto_simd(E) intel_gtt(E) cryptd(E) ttm(E) rapl(E) intel_cstate(E) drm_kms_helper(E) cfbfillrect(E) syscopyarea(E) cfbimgblt(E) intel_uncore(E) sysfillrect(E) mei_me(E) sysimgblt(E) i2c_i801(E) fb_sys_fops(E) mei(E) intel_pch_thermal(E) i2c_smbus\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:20:48.153Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/713fa3e4591f65f804bdc88e8648e219fabc9ee1"
},
{
"url": "https://git.kernel.org/stable/c/f799e0568d6c153368b177e0bbbde7dcc4ce7f1d"
},
{
"url": "https://git.kernel.org/stable/c/d119888b09bd567e07c6b93a07f175df88857e02"
}
],
"title": "drm/i915/gem: Really move i915_gem_context.link under ref protection",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48662",
"datePublished": "2024-04-28T13:01:31.373Z",
"dateReserved": "2024-02-25T13:44:28.319Z",
"dateUpdated": "2025-05-04T08:20:48.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48879 (GCVE-0-2022-48879)
Vulnerability from cvelistv5 – Published: 2024-08-21 06:10 – Updated: 2025-05-04 12:43
VLAI?
EPSS
Title
efi: fix NULL-deref in init error path
Summary
In the Linux kernel, the following vulnerability has been resolved:
efi: fix NULL-deref in init error path
In cases where runtime services are not supported or have been disabled,
the runtime services workqueue will never have been allocated.
Do not try to destroy the workqueue unconditionally in the unlikely
event that EFI initialisation fails to avoid dereferencing a NULL
pointer.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
2ff3c97b47521d6700cc6485c7935908dcd2c27c , < 585a0b2b3ae7903c6abee3087d09c69e955a7794
(git)
Affected: 5167f194da6947e19a3e970485ee3ccb44f7958d , < 5fcf75a8a4c3e7ee9122d143684083c9faf20452 (git) Affected: 98086df8b70c06234a8f4290c46064e44dafa0ed , < 4ca71bc0e1995d15486cd7b60845602a28399cb5 (git) Affected: 98086df8b70c06234a8f4290c46064e44dafa0ed , < e2ea55564229e4bea1474af15b111b3a3043b76f (git) Affected: 98086df8b70c06234a8f4290c46064e44dafa0ed , < adc96d30f6503d30dc68670c013716f1d9fcc747 (git) Affected: 98086df8b70c06234a8f4290c46064e44dafa0ed , < 703c13fe3c9af557d312f5895ed6a5fda2711104 (git) Affected: f591a42b8f9a9d20e01d0462f4f55d2176ac52ec (git) Affected: e6584124b9823151ef586d10dedf565ade50cea6 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:05:03.005794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:51.607Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/efi/efi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "585a0b2b3ae7903c6abee3087d09c69e955a7794",
"status": "affected",
"version": "2ff3c97b47521d6700cc6485c7935908dcd2c27c",
"versionType": "git"
},
{
"lessThan": "5fcf75a8a4c3e7ee9122d143684083c9faf20452",
"status": "affected",
"version": "5167f194da6947e19a3e970485ee3ccb44f7958d",
"versionType": "git"
},
{
"lessThan": "4ca71bc0e1995d15486cd7b60845602a28399cb5",
"status": "affected",
"version": "98086df8b70c06234a8f4290c46064e44dafa0ed",
"versionType": "git"
},
{
"lessThan": "e2ea55564229e4bea1474af15b111b3a3043b76f",
"status": "affected",
"version": "98086df8b70c06234a8f4290c46064e44dafa0ed",
"versionType": "git"
},
{
"lessThan": "adc96d30f6503d30dc68670c013716f1d9fcc747",
"status": "affected",
"version": "98086df8b70c06234a8f4290c46064e44dafa0ed",
"versionType": "git"
},
{
"lessThan": "703c13fe3c9af557d312f5895ed6a5fda2711104",
"status": "affected",
"version": "98086df8b70c06234a8f4290c46064e44dafa0ed",
"versionType": "git"
},
{
"status": "affected",
"version": "f591a42b8f9a9d20e01d0462f4f55d2176ac52ec",
"versionType": "git"
},
{
"status": "affected",
"version": "e6584124b9823151ef586d10dedf565ade50cea6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/efi/efi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.89",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"versionStartIncluding": "4.19.142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"versionStartIncluding": "5.4.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.164",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.89",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.7.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: fix NULL-deref in init error path\n\nIn cases where runtime services are not supported or have been disabled,\nthe runtime services workqueue will never have been allocated.\n\nDo not try to destroy the workqueue unconditionally in the unlikely\nevent that EFI initialisation fails to avoid dereferencing a NULL\npointer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:43:57.666Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/585a0b2b3ae7903c6abee3087d09c69e955a7794"
},
{
"url": "https://git.kernel.org/stable/c/5fcf75a8a4c3e7ee9122d143684083c9faf20452"
},
{
"url": "https://git.kernel.org/stable/c/4ca71bc0e1995d15486cd7b60845602a28399cb5"
},
{
"url": "https://git.kernel.org/stable/c/e2ea55564229e4bea1474af15b111b3a3043b76f"
},
{
"url": "https://git.kernel.org/stable/c/adc96d30f6503d30dc68670c013716f1d9fcc747"
},
{
"url": "https://git.kernel.org/stable/c/703c13fe3c9af557d312f5895ed6a5fda2711104"
}
],
"title": "efi: fix NULL-deref in init error path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48879",
"datePublished": "2024-08-21T06:10:10.454Z",
"dateReserved": "2024-07-16T11:38:08.923Z",
"dateUpdated": "2025-05-04T12:43:57.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49024 (GCVE-0-2022-49024)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods
In m_can_pci_remove() and error handling path of m_can_pci_probe(),
m_can_class_free_dev() should be called to free resource allocated by
m_can_class_allocate_dev(), otherwise there will be memleak.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
cab7ffc0324f053c8fb56c821cdd63dc0383270d , < ea8dc27bb044e19868155e500ce397007be98656
(git)
Affected: cab7ffc0324f053c8fb56c821cdd63dc0383270d , < 0bbb88651ef6b7fbb1bf75ec7ba69add632e834b (git) Affected: cab7ffc0324f053c8fb56c821cdd63dc0383270d , < 1eca1d4cc21b6d0fc5f9a390339804c0afce9439 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:12:11.525912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:36.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/can/m_can/m_can_pci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ea8dc27bb044e19868155e500ce397007be98656",
"status": "affected",
"version": "cab7ffc0324f053c8fb56c821cdd63dc0383270d",
"versionType": "git"
},
{
"lessThan": "0bbb88651ef6b7fbb1bf75ec7ba69add632e834b",
"status": "affected",
"version": "cab7ffc0324f053c8fb56c821cdd63dc0383270d",
"versionType": "git"
},
{
"lessThan": "1eca1d4cc21b6d0fc5f9a390339804c0afce9439",
"status": "affected",
"version": "cab7ffc0324f053c8fb56c821cdd63dc0383270d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/can/m_can/m_can_pci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods\n\nIn m_can_pci_remove() and error handling path of m_can_pci_probe(),\nm_can_class_free_dev() should be called to free resource allocated by\nm_can_class_allocate_dev(), otherwise there will be memleak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:17.801Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ea8dc27bb044e19868155e500ce397007be98656"
},
{
"url": "https://git.kernel.org/stable/c/0bbb88651ef6b7fbb1bf75ec7ba69add632e834b"
},
{
"url": "https://git.kernel.org/stable/c/1eca1d4cc21b6d0fc5f9a390339804c0afce9439"
}
],
"title": "can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49024",
"datePublished": "2024-10-21T20:06:30.544Z",
"dateReserved": "2024-08-22T01:27:53.650Z",
"dateUpdated": "2025-05-04T08:28:17.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41016 (GCVE-0-2024-41016)
Vulnerability from cvelistv5 – Published: 2024-07-29 06:37 – Updated: 2026-01-05 10:37
VLAI?
EPSS
Title
ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
xattr in ocfs2 maybe 'non-indexed', which saved with additional space
requested. It's better to check if the memory is out of bound before
memcmp, although this possibility mainly comes from crafted poisonous
images.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
cf1d6c763fbcb115263114302485ad17e7933d87 , < e2b3d7a9d019d4d1a0da6c3ea64a1ff79c99c090
(git)
Affected: cf1d6c763fbcb115263114302485ad17e7933d87 , < e8f9c4af7af7e9e4cd09c0251c7936593147419f (git) Affected: cf1d6c763fbcb115263114302485ad17e7933d87 , < 57a3d89831fcaa2cdbe024b47c7c36d5a56c3637 (git) Affected: cf1d6c763fbcb115263114302485ad17e7933d87 , < c031d286eceb82f72f8623b7f4abd2aa491bfb5e (git) Affected: cf1d6c763fbcb115263114302485ad17e7933d87 , < cfb926051fab19b10d1e65976211f364aa820180 (git) Affected: cf1d6c763fbcb115263114302485ad17e7933d87 , < c726dea9d0c806d64c26fcef483b1fb9474d8c5e (git) Affected: cf1d6c763fbcb115263114302485ad17e7933d87 , < e4ffea01adf3323c821b6f37e9577d2d400adbaa (git) Affected: cf1d6c763fbcb115263114302485ad17e7933d87 , < af77c4fc1871847b528d58b7fdafb4aa1f6a9262 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:59:18.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:24:43.120825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:05.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e2b3d7a9d019d4d1a0da6c3ea64a1ff79c99c090",
"status": "affected",
"version": "cf1d6c763fbcb115263114302485ad17e7933d87",
"versionType": "git"
},
{
"lessThan": "e8f9c4af7af7e9e4cd09c0251c7936593147419f",
"status": "affected",
"version": "cf1d6c763fbcb115263114302485ad17e7933d87",
"versionType": "git"
},
{
"lessThan": "57a3d89831fcaa2cdbe024b47c7c36d5a56c3637",
"status": "affected",
"version": "cf1d6c763fbcb115263114302485ad17e7933d87",
"versionType": "git"
},
{
"lessThan": "c031d286eceb82f72f8623b7f4abd2aa491bfb5e",
"status": "affected",
"version": "cf1d6c763fbcb115263114302485ad17e7933d87",
"versionType": "git"
},
{
"lessThan": "cfb926051fab19b10d1e65976211f364aa820180",
"status": "affected",
"version": "cf1d6c763fbcb115263114302485ad17e7933d87",
"versionType": "git"
},
{
"lessThan": "c726dea9d0c806d64c26fcef483b1fb9474d8c5e",
"status": "affected",
"version": "cf1d6c763fbcb115263114302485ad17e7933d87",
"versionType": "git"
},
{
"lessThan": "e4ffea01adf3323c821b6f37e9577d2d400adbaa",
"status": "affected",
"version": "cf1d6c763fbcb115263114302485ad17e7933d87",
"versionType": "git"
},
{
"lessThan": "af77c4fc1871847b528d58b7fdafb4aa1f6a9262",
"status": "affected",
"version": "cf1d6c763fbcb115263114302485ad17e7933d87",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.28"
},
{
"lessThan": "2.6.28",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.112",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.53",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.112",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.53",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.12",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe \u0027non-indexed\u0027, which saved with additional space\nrequested. It\u0027s better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:37:24.038Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e2b3d7a9d019d4d1a0da6c3ea64a1ff79c99c090"
},
{
"url": "https://git.kernel.org/stable/c/e8f9c4af7af7e9e4cd09c0251c7936593147419f"
},
{
"url": "https://git.kernel.org/stable/c/57a3d89831fcaa2cdbe024b47c7c36d5a56c3637"
},
{
"url": "https://git.kernel.org/stable/c/c031d286eceb82f72f8623b7f4abd2aa491bfb5e"
},
{
"url": "https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180"
},
{
"url": "https://git.kernel.org/stable/c/c726dea9d0c806d64c26fcef483b1fb9474d8c5e"
},
{
"url": "https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa"
},
{
"url": "https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262"
}
],
"title": "ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41016",
"datePublished": "2024-07-29T06:37:02.530Z",
"dateReserved": "2024-07-12T12:17:45.612Z",
"dateUpdated": "2026-01-05T10:37:24.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49007 (GCVE-0-2022-49007)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-12-23 13:21
VLAI?
EPSS
Title
nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
Syzbot reported a null-ptr-deref bug:
NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP
frequency < 30 seconds
general protection fault, probably for non-canonical address
0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 1 PID: 3603 Comm: segctord Not tainted
6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0
Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google
10/11/2022
RIP: 0010:nilfs_palloc_commit_free_entry+0xe5/0x6b0
fs/nilfs2/alloc.c:608
Code: 00 00 00 00 fc ff df 80 3c 02 00 0f 85 cd 05 00 00 48 b8 00 00 00
00 00 fc ff df 4c 8b 73 08 49 8d 7e 10 48 89 fa 48 c1 ea 03 <80> 3c 02
00 0f 85 26 05 00 00 49 8b 46 10 be a6 00 00 00 48 c7 c7
RSP: 0018:ffffc90003dff830 EFLAGS: 00010212
RAX: dffffc0000000000 RBX: ffff88802594e218 RCX: 000000000000000d
RDX: 0000000000000002 RSI: 0000000000002000 RDI: 0000000000000010
RBP: ffff888071880222 R08: 0000000000000005 R09: 000000000000003f
R10: 000000000000000d R11: 0000000000000000 R12: ffff888071880158
R13: ffff88802594e220 R14: 0000000000000000 R15: 0000000000000004
FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb1c08316a8 CR3: 0000000018560000 CR4: 0000000000350ee0
Call Trace:
<TASK>
nilfs_dat_commit_free fs/nilfs2/dat.c:114 [inline]
nilfs_dat_commit_end+0x464/0x5f0 fs/nilfs2/dat.c:193
nilfs_dat_commit_update+0x26/0x40 fs/nilfs2/dat.c:236
nilfs_btree_commit_update_v+0x87/0x4a0 fs/nilfs2/btree.c:1940
nilfs_btree_commit_propagate_v fs/nilfs2/btree.c:2016 [inline]
nilfs_btree_propagate_v fs/nilfs2/btree.c:2046 [inline]
nilfs_btree_propagate+0xa00/0xd60 fs/nilfs2/btree.c:2088
nilfs_bmap_propagate+0x73/0x170 fs/nilfs2/bmap.c:337
nilfs_collect_file_data+0x45/0xd0 fs/nilfs2/segment.c:568
nilfs_segctor_apply_buffers+0x14a/0x470 fs/nilfs2/segment.c:1018
nilfs_segctor_scan_file+0x3f4/0x6f0 fs/nilfs2/segment.c:1067
nilfs_segctor_collect_blocks fs/nilfs2/segment.c:1197 [inline]
nilfs_segctor_collect fs/nilfs2/segment.c:1503 [inline]
nilfs_segctor_do_construct+0x12fc/0x6af0 fs/nilfs2/segment.c:2045
nilfs_segctor_construct+0x8e3/0xb30 fs/nilfs2/segment.c:2379
nilfs_segctor_thread_construct fs/nilfs2/segment.c:2487 [inline]
nilfs_segctor_thread+0x3c3/0xf30 fs/nilfs2/segment.c:2570
kthread+0x2e4/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
...
If DAT metadata file is corrupted on disk, there is a case where
req->pr_desc_bh is NULL and blocknr is 0 at nilfs_dat_commit_end() during
a b-tree operation that cascadingly updates ancestor nodes of the b-tree,
because nilfs_dat_commit_alloc() for a lower level block can initialize
the blocknr on the same DAT entry between nilfs_dat_prepare_end() and
nilfs_dat_commit_end().
If this happens, nilfs_dat_commit_end() calls nilfs_dat_commit_free()
without valid buffer heads in req->pr_desc_bh and req->pr_bitmap_bh, and
causes the NULL pointer dereference above in
nilfs_palloc_commit_free_entry() function, which leads to a crash.
Fix this by adding a NULL check on req->pr_desc_bh and req->pr_bitmap_bh
before nilfs_palloc_commit_free_entry() in nilfs_dat_commit_free().
This also calls nilfs_error() in that case to notify that there is a fatal
flaw in the filesystem metadata and prevent further operations.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
a17564f58b11476c011d623fa1f268602a81c27c , < 2f2c59506ae39496588ceb8b88bdbdbaed895d63
(git)
Affected: a17564f58b11476c011d623fa1f268602a81c27c , < 165c7a3b27a3857ebf57f626b9f38b48b6792e68 (git) Affected: a17564f58b11476c011d623fa1f268602a81c27c , < bc3fd3293887b4cf84a9109700faeb82de533c89 (git) Affected: a17564f58b11476c011d623fa1f268602a81c27c , < 9a130b72e6bd1fb07fc3cde839dc6fb53da76f07 (git) Affected: a17564f58b11476c011d623fa1f268602a81c27c , < e858917ab785afe83c14f5ac141301216ccda847 (git) Affected: a17564f58b11476c011d623fa1f268602a81c27c , < 33021419fd81efd3d729a7f19341ba4b98fe66ce (git) Affected: a17564f58b11476c011d623fa1f268602a81c27c , < 381b84f60e549ea98cec4666c6c728b1b3318756 (git) Affected: a17564f58b11476c011d623fa1f268602a81c27c , < f0a0ccda18d6fd826d7c7e7ad48a6ed61c20f8b4 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:14:21.732997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:39.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/dat.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2f2c59506ae39496588ceb8b88bdbdbaed895d63",
"status": "affected",
"version": "a17564f58b11476c011d623fa1f268602a81c27c",
"versionType": "git"
},
{
"lessThan": "165c7a3b27a3857ebf57f626b9f38b48b6792e68",
"status": "affected",
"version": "a17564f58b11476c011d623fa1f268602a81c27c",
"versionType": "git"
},
{
"lessThan": "bc3fd3293887b4cf84a9109700faeb82de533c89",
"status": "affected",
"version": "a17564f58b11476c011d623fa1f268602a81c27c",
"versionType": "git"
},
{
"lessThan": "9a130b72e6bd1fb07fc3cde839dc6fb53da76f07",
"status": "affected",
"version": "a17564f58b11476c011d623fa1f268602a81c27c",
"versionType": "git"
},
{
"lessThan": "e858917ab785afe83c14f5ac141301216ccda847",
"status": "affected",
"version": "a17564f58b11476c011d623fa1f268602a81c27c",
"versionType": "git"
},
{
"lessThan": "33021419fd81efd3d729a7f19341ba4b98fe66ce",
"status": "affected",
"version": "a17564f58b11476c011d623fa1f268602a81c27c",
"versionType": "git"
},
{
"lessThan": "381b84f60e549ea98cec4666c6c728b1b3318756",
"status": "affected",
"version": "a17564f58b11476c011d623fa1f268602a81c27c",
"versionType": "git"
},
{
"lessThan": "f0a0ccda18d6fd826d7c7e7ad48a6ed61c20f8b4",
"status": "affected",
"version": "a17564f58b11476c011d623fa1f268602a81c27c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/dat.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.335",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.301",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.335",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.301",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.268",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()\n\nSyzbot reported a null-ptr-deref bug:\n\n NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP\n frequency \u003c 30 seconds\n general protection fault, probably for non-canonical address\n 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 1 PID: 3603 Comm: segctord Not tainted\n 6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google\n 10/11/2022\n RIP: 0010:nilfs_palloc_commit_free_entry+0xe5/0x6b0\n fs/nilfs2/alloc.c:608\n Code: 00 00 00 00 fc ff df 80 3c 02 00 0f 85 cd 05 00 00 48 b8 00 00 00\n 00 00 fc ff df 4c 8b 73 08 49 8d 7e 10 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02\n 00 0f 85 26 05 00 00 49 8b 46 10 be a6 00 00 00 48 c7 c7\n RSP: 0018:ffffc90003dff830 EFLAGS: 00010212\n RAX: dffffc0000000000 RBX: ffff88802594e218 RCX: 000000000000000d\n RDX: 0000000000000002 RSI: 0000000000002000 RDI: 0000000000000010\n RBP: ffff888071880222 R08: 0000000000000005 R09: 000000000000003f\n R10: 000000000000000d R11: 0000000000000000 R12: ffff888071880158\n R13: ffff88802594e220 R14: 0000000000000000 R15: 0000000000000004\n FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000)\n knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fb1c08316a8 CR3: 0000000018560000 CR4: 0000000000350ee0\n Call Trace:\n \u003cTASK\u003e\n nilfs_dat_commit_free fs/nilfs2/dat.c:114 [inline]\n nilfs_dat_commit_end+0x464/0x5f0 fs/nilfs2/dat.c:193\n nilfs_dat_commit_update+0x26/0x40 fs/nilfs2/dat.c:236\n nilfs_btree_commit_update_v+0x87/0x4a0 fs/nilfs2/btree.c:1940\n nilfs_btree_commit_propagate_v fs/nilfs2/btree.c:2016 [inline]\n nilfs_btree_propagate_v fs/nilfs2/btree.c:2046 [inline]\n nilfs_btree_propagate+0xa00/0xd60 fs/nilfs2/btree.c:2088\n nilfs_bmap_propagate+0x73/0x170 fs/nilfs2/bmap.c:337\n nilfs_collect_file_data+0x45/0xd0 fs/nilfs2/segment.c:568\n nilfs_segctor_apply_buffers+0x14a/0x470 fs/nilfs2/segment.c:1018\n nilfs_segctor_scan_file+0x3f4/0x6f0 fs/nilfs2/segment.c:1067\n nilfs_segctor_collect_blocks fs/nilfs2/segment.c:1197 [inline]\n nilfs_segctor_collect fs/nilfs2/segment.c:1503 [inline]\n nilfs_segctor_do_construct+0x12fc/0x6af0 fs/nilfs2/segment.c:2045\n nilfs_segctor_construct+0x8e3/0xb30 fs/nilfs2/segment.c:2379\n nilfs_segctor_thread_construct fs/nilfs2/segment.c:2487 [inline]\n nilfs_segctor_thread+0x3c3/0xf30 fs/nilfs2/segment.c:2570\n kthread+0x2e4/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306\n \u003c/TASK\u003e\n ...\n\nIf DAT metadata file is corrupted on disk, there is a case where\nreq-\u003epr_desc_bh is NULL and blocknr is 0 at nilfs_dat_commit_end() during\na b-tree operation that cascadingly updates ancestor nodes of the b-tree,\nbecause nilfs_dat_commit_alloc() for a lower level block can initialize\nthe blocknr on the same DAT entry between nilfs_dat_prepare_end() and\nnilfs_dat_commit_end().\n\nIf this happens, nilfs_dat_commit_end() calls nilfs_dat_commit_free()\nwithout valid buffer heads in req-\u003epr_desc_bh and req-\u003epr_bitmap_bh, and\ncauses the NULL pointer dereference above in\nnilfs_palloc_commit_free_entry() function, which leads to a crash.\n\nFix this by adding a NULL check on req-\u003epr_desc_bh and req-\u003epr_bitmap_bh\nbefore nilfs_palloc_commit_free_entry() in nilfs_dat_commit_free().\n\nThis also calls nilfs_error() in that case to notify that there is a fatal\nflaw in the filesystem metadata and prevent further operations."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T13:21:27.209Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2f2c59506ae39496588ceb8b88bdbdbaed895d63"
},
{
"url": "https://git.kernel.org/stable/c/165c7a3b27a3857ebf57f626b9f38b48b6792e68"
},
{
"url": "https://git.kernel.org/stable/c/bc3fd3293887b4cf84a9109700faeb82de533c89"
},
{
"url": "https://git.kernel.org/stable/c/9a130b72e6bd1fb07fc3cde839dc6fb53da76f07"
},
{
"url": "https://git.kernel.org/stable/c/e858917ab785afe83c14f5ac141301216ccda847"
},
{
"url": "https://git.kernel.org/stable/c/33021419fd81efd3d729a7f19341ba4b98fe66ce"
},
{
"url": "https://git.kernel.org/stable/c/381b84f60e549ea98cec4666c6c728b1b3318756"
},
{
"url": "https://git.kernel.org/stable/c/f0a0ccda18d6fd826d7c7e7ad48a6ed61c20f8b4"
}
],
"title": "nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49007",
"datePublished": "2024-10-21T20:06:19.506Z",
"dateReserved": "2024-08-22T01:27:53.643Z",
"dateUpdated": "2025-12-23T13:21:27.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49026 (GCVE-0-2022-49026)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
e100: Fix possible use after free in e100_xmit_prepare
Summary
In the Linux kernel, the following vulnerability has been resolved:
e100: Fix possible use after free in e100_xmit_prepare
In e100_xmit_prepare(), if we can't map the skb, then return -ENOMEM, so
e100_xmit_frame() will return NETDEV_TX_BUSY and the upper layer will
resend the skb. But the skb is already freed, which will cause UAF bug
when the upper layer resends the skb.
Remove the harmful free.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
5e5d49422dfb035ca9e280cd61d434095c151272 , < b775f37d943966f6f77dca402f5a9dedce502c25
(git)
Affected: 5e5d49422dfb035ca9e280cd61d434095c151272 , < 9fc27d22cdb9b1fcd754599d216a8992fed280cd (git) Affected: 5e5d49422dfb035ca9e280cd61d434095c151272 , < b46f6144ab89d3d757ead940759c505091626a7d (git) Affected: 5e5d49422dfb035ca9e280cd61d434095c151272 , < 45605c75c52c7ae7bfe902214343aabcfe5ba0ff (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:11:54.975076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:36.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/e100.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b775f37d943966f6f77dca402f5a9dedce502c25",
"status": "affected",
"version": "5e5d49422dfb035ca9e280cd61d434095c151272",
"versionType": "git"
},
{
"lessThan": "9fc27d22cdb9b1fcd754599d216a8992fed280cd",
"status": "affected",
"version": "5e5d49422dfb035ca9e280cd61d434095c151272",
"versionType": "git"
},
{
"lessThan": "b46f6144ab89d3d757ead940759c505091626a7d",
"status": "affected",
"version": "5e5d49422dfb035ca9e280cd61d434095c151272",
"versionType": "git"
},
{
"lessThan": "45605c75c52c7ae7bfe902214343aabcfe5ba0ff",
"status": "affected",
"version": "5e5d49422dfb035ca9e280cd61d434095c151272",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/e100.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ne100: Fix possible use after free in e100_xmit_prepare\n\nIn e100_xmit_prepare(), if we can\u0027t map the skb, then return -ENOMEM, so\ne100_xmit_frame() will return NETDEV_TX_BUSY and the upper layer will\nresend the skb. But the skb is already freed, which will cause UAF bug\nwhen the upper layer resends the skb.\n\nRemove the harmful free."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:20.354Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b775f37d943966f6f77dca402f5a9dedce502c25"
},
{
"url": "https://git.kernel.org/stable/c/9fc27d22cdb9b1fcd754599d216a8992fed280cd"
},
{
"url": "https://git.kernel.org/stable/c/b46f6144ab89d3d757ead940759c505091626a7d"
},
{
"url": "https://git.kernel.org/stable/c/45605c75c52c7ae7bfe902214343aabcfe5ba0ff"
}
],
"title": "e100: Fix possible use after free in e100_xmit_prepare",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49026",
"datePublished": "2024-10-21T20:06:31.876Z",
"dateReserved": "2024-08-22T01:27:53.651Z",
"dateUpdated": "2025-05-04T08:28:20.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47673 (GCVE-0-2024-47673)
Vulnerability from cvelistv5 – Published: 2024-10-09 14:49 – Updated: 2026-01-05 10:53
VLAI?
EPSS
Title
wifi: iwlwifi: mvm: pause TCM when the firmware is stopped
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: pause TCM when the firmware is stopped
Not doing so will make us send a host command to the transport while the
firmware is not alive, which will trigger a WARNING.
bad state = 0
WARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]
RIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]
Call Trace:
<TASK>
iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm]
iwl_mvm_config_scan+0x198/0x260 [iwlmvm]
iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm]
iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm]
process_one_work+0x29e/0x640
worker_thread+0x2df/0x690
? rescuer_thread+0x540/0x540
kthread+0x192/0x1e0
? set_kthread_struct+0x90/0x90
ret_from_fork+0x22/0x30
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
7d9d0d562b54d2953304693f76bc2bbfbe318c27 , < a15df5f37fa3a8b7a8ec7a339d1e897bc524e28f
(git)
Affected: 7d9d0d562b54d2953304693f76bc2bbfbe318c27 , < 5948a191906b54e10f02f6b7a7670243a39f99f4 (git) Affected: 7d9d0d562b54d2953304693f76bc2bbfbe318c27 , < 2c61b561baf92a2860c76c2302a62169e22c21cc (git) Affected: 7d9d0d562b54d2953304693f76bc2bbfbe318c27 , < 55086c97a55d781b04a2667401c75ffde190135c (git) Affected: 7d9d0d562b54d2953304693f76bc2bbfbe318c27 , < 0668ebc8c2282ca1e7eb96092a347baefffb5fe7 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47673",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T13:19:40.477321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T13:19:54.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:20:40.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/mvm/ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a15df5f37fa3a8b7a8ec7a339d1e897bc524e28f",
"status": "affected",
"version": "7d9d0d562b54d2953304693f76bc2bbfbe318c27",
"versionType": "git"
},
{
"lessThan": "5948a191906b54e10f02f6b7a7670243a39f99f4",
"status": "affected",
"version": "7d9d0d562b54d2953304693f76bc2bbfbe318c27",
"versionType": "git"
},
{
"lessThan": "2c61b561baf92a2860c76c2302a62169e22c21cc",
"status": "affected",
"version": "7d9d0d562b54d2953304693f76bc2bbfbe318c27",
"versionType": "git"
},
{
"lessThan": "55086c97a55d781b04a2667401c75ffde190135c",
"status": "affected",
"version": "7d9d0d562b54d2953304693f76bc2bbfbe318c27",
"versionType": "git"
},
{
"lessThan": "0668ebc8c2282ca1e7eb96092a347baefffb5fe7",
"status": "affected",
"version": "7d9d0d562b54d2953304693f76bc2bbfbe318c27",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/mvm/ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.112",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.53",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.112",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.53",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.12",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: pause TCM when the firmware is stopped\n\nNot doing so will make us send a host command to the transport while the\nfirmware is not alive, which will trigger a WARNING.\n\nbad state = 0\nWARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nRIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nCall Trace:\n \u003cTASK\u003e\n iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm]\n iwl_mvm_config_scan+0x198/0x260 [iwlmvm]\n iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm]\n iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm]\n process_one_work+0x29e/0x640\n worker_thread+0x2df/0x690\n ? rescuer_thread+0x540/0x540\n kthread+0x192/0x1e0\n ? set_kthread_struct+0x90/0x90\n ret_from_fork+0x22/0x30"
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:53:59.916Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a15df5f37fa3a8b7a8ec7a339d1e897bc524e28f"
},
{
"url": "https://git.kernel.org/stable/c/5948a191906b54e10f02f6b7a7670243a39f99f4"
},
{
"url": "https://git.kernel.org/stable/c/2c61b561baf92a2860c76c2302a62169e22c21cc"
},
{
"url": "https://git.kernel.org/stable/c/55086c97a55d781b04a2667401c75ffde190135c"
},
{
"url": "https://git.kernel.org/stable/c/0668ebc8c2282ca1e7eb96092a347baefffb5fe7"
}
],
"title": "wifi: iwlwifi: mvm: pause TCM when the firmware is stopped",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47673",
"datePublished": "2024-10-09T14:49:14.315Z",
"dateReserved": "2024-09-30T16:00:12.937Z",
"dateUpdated": "2026-01-05T10:53:59.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35861 (GCVE-0-2024-35861)
Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2026-01-05 10:35
VLAI?
EPSS
Title
smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()
Skip sessions that are being teared down (status == SES_EXITING) to
avoid UAF.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
dca65818c80cf06e0f08ba2cf94060a5236e73c2 , < 7e8360ac8774e19b0b25f44fff84a105bb2417e4
(git)
Affected: dca65818c80cf06e0f08ba2cf94060a5236e73c2 , < 2cfff21732132e363b4cc275d63ea98f1af726c1 (git) Affected: dca65818c80cf06e0f08ba2cf94060a5236e73c2 , < f9a96a7ad1e8d25dc6662bc7552e0752de74a20d (git) Affected: dca65818c80cf06e0f08ba2cf94060a5236e73c2 , < e0e50401cc3921c9eaf1b0e667db174519ea939f (git) Affected: dd9ccff8c8980bf9ea7f25e83eeb28154f902920 (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e8360ac8774e19b0b25f44fff84a105bb2417e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2cfff21732132e363b4cc275d63ea98f1af726c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f9a96a7ad1e8d25dc6662bc7552e0752de74a20d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e0e50401cc3921c9eaf1b0e667db174519ea939f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:41:30.759863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:17.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/client/connect.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7e8360ac8774e19b0b25f44fff84a105bb2417e4",
"status": "affected",
"version": "dca65818c80cf06e0f08ba2cf94060a5236e73c2",
"versionType": "git"
},
{
"lessThan": "2cfff21732132e363b4cc275d63ea98f1af726c1",
"status": "affected",
"version": "dca65818c80cf06e0f08ba2cf94060a5236e73c2",
"versionType": "git"
},
{
"lessThan": "f9a96a7ad1e8d25dc6662bc7552e0752de74a20d",
"status": "affected",
"version": "dca65818c80cf06e0f08ba2cf94060a5236e73c2",
"versionType": "git"
},
{
"lessThan": "e0e50401cc3921c9eaf1b0e667db174519ea939f",
"status": "affected",
"version": "dca65818c80cf06e0f08ba2cf94060a5236e73c2",
"versionType": "git"
},
{
"status": "affected",
"version": "dd9ccff8c8980bf9ea7f25e83eeb28154f902920",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/client/connect.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:35:26.900Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7e8360ac8774e19b0b25f44fff84a105bb2417e4"
},
{
"url": "https://git.kernel.org/stable/c/2cfff21732132e363b4cc275d63ea98f1af726c1"
},
{
"url": "https://git.kernel.org/stable/c/f9a96a7ad1e8d25dc6662bc7552e0752de74a20d"
},
{
"url": "https://git.kernel.org/stable/c/e0e50401cc3921c9eaf1b0e667db174519ea939f"
}
],
"title": "smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35861",
"datePublished": "2024-05-19T08:34:20.364Z",
"dateReserved": "2024-05-17T13:50:33.107Z",
"dateUpdated": "2026-01-05T10:35:26.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49949 (GCVE-0-2024-49949)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
net: avoid potential underflow in qdisc_pkt_len_init() with UFO
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: avoid potential underflow in qdisc_pkt_len_init() with UFO
After commit 7c6d2ecbda83 ("net: be more gentle about silly gso
requests coming from user") virtio_net_hdr_to_skb() had sanity check
to detect malicious attempts from user space to cook a bad GSO packet.
Then commit cf9acc90c80ec ("net: virtio_net_hdr_to_skb: count
transport header in UFO") while fixing one issue, allowed user space
to cook a GSO packet with the following characteristic :
IPv4 SKB_GSO_UDP, gso_size=3, skb->len = 28.
When this packet arrives in qdisc_pkt_len_init(), we end up
with hdr_len = 28 (IPv4 header + UDP header), matching skb->len
Then the following sets gso_segs to 0 :
gso_segs = DIV_ROUND_UP(skb->len - hdr_len,
shinfo->gso_size);
Then later we set qdisc_skb_cb(skb)->pkt_len to back to zero :/
qdisc_skb_cb(skb)->pkt_len += (gso_segs - 1) * hdr_len;
This leads to the following crash in fq_codel [1]
qdisc_pkt_len_init() is best effort, we only want an estimation
of the bytes sent on the wire, not crashing the kernel.
This patch is fixing this particular issue, a following one
adds more sanity checks for another potential bug.
[1]
[ 70.724101] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 70.724561] #PF: supervisor read access in kernel mode
[ 70.724561] #PF: error_code(0x0000) - not-present page
[ 70.724561] PGD 10ac61067 P4D 10ac61067 PUD 107ee2067 PMD 0
[ 70.724561] Oops: Oops: 0000 [#1] SMP NOPTI
[ 70.724561] CPU: 11 UID: 0 PID: 2163 Comm: b358537762 Not tainted 6.11.0-virtme #991
[ 70.724561] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 70.724561] RIP: 0010:fq_codel_enqueue (net/sched/sch_fq_codel.c:120 net/sched/sch_fq_codel.c:168 net/sched/sch_fq_codel.c:230) sch_fq_codel
[ 70.724561] Code: 24 08 49 c1 e1 06 44 89 7c 24 18 45 31 ed 45 31 c0 31 ff 89 44 24 14 4c 03 8b 90 01 00 00 eb 04 39 ca 73 37 4d 8b 39 83 c7 01 <49> 8b 17 49 89 11 41 8b 57 28 45 8b 5f 34 49 c7 07 00 00 00 00 49
All code
========
0: 24 08 and $0x8,%al
2: 49 c1 e1 06 shl $0x6,%r9
6: 44 89 7c 24 18 mov %r15d,0x18(%rsp)
b: 45 31 ed xor %r13d,%r13d
e: 45 31 c0 xor %r8d,%r8d
11: 31 ff xor %edi,%edi
13: 89 44 24 14 mov %eax,0x14(%rsp)
17: 4c 03 8b 90 01 00 00 add 0x190(%rbx),%r9
1e: eb 04 jmp 0x24
20: 39 ca cmp %ecx,%edx
22: 73 37 jae 0x5b
24: 4d 8b 39 mov (%r9),%r15
27: 83 c7 01 add $0x1,%edi
2a:* 49 8b 17 mov (%r15),%rdx <-- trapping instruction
2d: 49 89 11 mov %rdx,(%r9)
30: 41 8b 57 28 mov 0x28(%r15),%edx
34: 45 8b 5f 34 mov 0x34(%r15),%r11d
38: 49 c7 07 00 00 00 00 movq $0x0,(%r15)
3f: 49 rex.WB
Code starting with the faulting instruction
===========================================
0: 49 8b 17 mov (%r15),%rdx
3: 49 89 11 mov %rdx,(%r9)
6: 41 8b 57 28 mov 0x28(%r15),%edx
a: 45 8b 5f 34 mov 0x34(%r15),%r11d
e: 49 c7 07 00 00 00 00 movq $0x0,(%r15)
15: 49 rex.WB
[ 70.724561] RSP: 0018:ffff95ae85e6fb90 EFLAGS: 00000202
[ 70.724561] RAX: 0000000002000000 RBX: ffff95ae841de000 RCX: 0000000000000000
[ 70.724561] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
[ 70.724561] RBP: ffff95ae85e6fbf8 R08: 0000000000000000 R09: ffff95b710a30000
[ 70.724561] R10: 0000000000000000 R11: bdf289445ce31881 R12: ffff95ae85e6fc58
[ 70.724561] R13: 0000000000000000 R14: 0000000000000040 R15: 0000000000000000
[ 70.724561] FS: 000000002c5c1380(0000) GS:ffff95bd7fcc0000(0000) knlGS:0000000000000000
[ 70.724561] CS: 0010 DS: 0000 ES: 0000 C
---truncated---
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
960b360ca7463921c1a6b72e7066a706d6406223 , < d70ca7598943572d5e384227bd268acb5109bf72
(git)
Affected: fb2dbc124a7f800cd0e4f901a1bbb769a017104c , < 1598d70ad9c7d0a4d9d54b82094e9f45908fda6d (git) Affected: 8e6bae950da9dc2d2c6c18b1c6b206dc00dc8772 , < ba26060a29d3ca1bfc737aa79f7125128f35147c (git) Affected: 0f810d06b507aa40fef8d1ac0a88e6d0590dbfc3 , < 939c88cbdc668dadd8cfa7a35d9066331239041c (git) Affected: cf9acc90c80ecbee00334aa85d92f4e74014bcff , < d6114993e0a89fde84a60a60a8329a571580b174 (git) Affected: cf9acc90c80ecbee00334aa85d92f4e74014bcff , < 25ab0b87dbd89cecef8a9c60a02bb97832e471d1 (git) Affected: cf9acc90c80ecbee00334aa85d92f4e74014bcff , < f959cce8a2a04ce776aa8b78e83ce339e0d7fbac (git) Affected: cf9acc90c80ecbee00334aa85d92f4e74014bcff , < 81fd007dcd47c34471766249853e4d4bce8eea4b (git) Affected: cf9acc90c80ecbee00334aa85d92f4e74014bcff , < c20029db28399ecc50e556964eaba75c43b1e2f1 (git) Affected: 2128303bff700c857739a0af8cc39c1a41840650 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:36:39.259120Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:49.361Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:29.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d70ca7598943572d5e384227bd268acb5109bf72",
"status": "affected",
"version": "960b360ca7463921c1a6b72e7066a706d6406223",
"versionType": "git"
},
{
"lessThan": "1598d70ad9c7d0a4d9d54b82094e9f45908fda6d",
"status": "affected",
"version": "fb2dbc124a7f800cd0e4f901a1bbb769a017104c",
"versionType": "git"
},
{
"lessThan": "ba26060a29d3ca1bfc737aa79f7125128f35147c",
"status": "affected",
"version": "8e6bae950da9dc2d2c6c18b1c6b206dc00dc8772",
"versionType": "git"
},
{
"lessThan": "939c88cbdc668dadd8cfa7a35d9066331239041c",
"status": "affected",
"version": "0f810d06b507aa40fef8d1ac0a88e6d0590dbfc3",
"versionType": "git"
},
{
"lessThan": "d6114993e0a89fde84a60a60a8329a571580b174",
"status": "affected",
"version": "cf9acc90c80ecbee00334aa85d92f4e74014bcff",
"versionType": "git"
},
{
"lessThan": "25ab0b87dbd89cecef8a9c60a02bb97832e471d1",
"status": "affected",
"version": "cf9acc90c80ecbee00334aa85d92f4e74014bcff",
"versionType": "git"
},
{
"lessThan": "f959cce8a2a04ce776aa8b78e83ce339e0d7fbac",
"status": "affected",
"version": "cf9acc90c80ecbee00334aa85d92f4e74014bcff",
"versionType": "git"
},
{
"lessThan": "81fd007dcd47c34471766249853e4d4bce8eea4b",
"status": "affected",
"version": "cf9acc90c80ecbee00334aa85d92f4e74014bcff",
"versionType": "git"
},
{
"lessThan": "c20029db28399ecc50e556964eaba75c43b1e2f1",
"status": "affected",
"version": "cf9acc90c80ecbee00334aa85d92f4e74014bcff",
"versionType": "git"
},
{
"status": "affected",
"version": "2128303bff700c857739a0af8cc39c1a41840650",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.19.218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "5.4.162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.10.82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.256",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid potential underflow in qdisc_pkt_len_init() with UFO\n\nAfter commit 7c6d2ecbda83 (\"net: be more gentle about silly gso\nrequests coming from user\") virtio_net_hdr_to_skb() had sanity check\nto detect malicious attempts from user space to cook a bad GSO packet.\n\nThen commit cf9acc90c80ec (\"net: virtio_net_hdr_to_skb: count\ntransport header in UFO\") while fixing one issue, allowed user space\nto cook a GSO packet with the following characteristic :\n\nIPv4 SKB_GSO_UDP, gso_size=3, skb-\u003elen = 28.\n\nWhen this packet arrives in qdisc_pkt_len_init(), we end up\nwith hdr_len = 28 (IPv4 header + UDP header), matching skb-\u003elen\n\nThen the following sets gso_segs to 0 :\n\ngso_segs = DIV_ROUND_UP(skb-\u003elen - hdr_len,\n shinfo-\u003egso_size);\n\nThen later we set qdisc_skb_cb(skb)-\u003epkt_len to back to zero :/\n\nqdisc_skb_cb(skb)-\u003epkt_len += (gso_segs - 1) * hdr_len;\n\nThis leads to the following crash in fq_codel [1]\n\nqdisc_pkt_len_init() is best effort, we only want an estimation\nof the bytes sent on the wire, not crashing the kernel.\n\nThis patch is fixing this particular issue, a following one\nadds more sanity checks for another potential bug.\n\n[1]\n[ 70.724101] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 70.724561] #PF: supervisor read access in kernel mode\n[ 70.724561] #PF: error_code(0x0000) - not-present page\n[ 70.724561] PGD 10ac61067 P4D 10ac61067 PUD 107ee2067 PMD 0\n[ 70.724561] Oops: Oops: 0000 [#1] SMP NOPTI\n[ 70.724561] CPU: 11 UID: 0 PID: 2163 Comm: b358537762 Not tainted 6.11.0-virtme #991\n[ 70.724561] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 70.724561] RIP: 0010:fq_codel_enqueue (net/sched/sch_fq_codel.c:120 net/sched/sch_fq_codel.c:168 net/sched/sch_fq_codel.c:230) sch_fq_codel\n[ 70.724561] Code: 24 08 49 c1 e1 06 44 89 7c 24 18 45 31 ed 45 31 c0 31 ff 89 44 24 14 4c 03 8b 90 01 00 00 eb 04 39 ca 73 37 4d 8b 39 83 c7 01 \u003c49\u003e 8b 17 49 89 11 41 8b 57 28 45 8b 5f 34 49 c7 07 00 00 00 00 49\nAll code\n========\n 0:\t24 08 \tand $0x8,%al\n 2:\t49 c1 e1 06 \tshl $0x6,%r9\n 6:\t44 89 7c 24 18 \tmov %r15d,0x18(%rsp)\n b:\t45 31 ed \txor %r13d,%r13d\n e:\t45 31 c0 \txor %r8d,%r8d\n 11:\t31 ff \txor %edi,%edi\n 13:\t89 44 24 14 \tmov %eax,0x14(%rsp)\n 17:\t4c 03 8b 90 01 00 00 \tadd 0x190(%rbx),%r9\n 1e:\teb 04 \tjmp 0x24\n 20:\t39 ca \tcmp %ecx,%edx\n 22:\t73 37 \tjae 0x5b\n 24:\t4d 8b 39 \tmov (%r9),%r15\n 27:\t83 c7 01 \tadd $0x1,%edi\n 2a:*\t49 8b 17 \tmov (%r15),%rdx\t\t\u003c-- trapping instruction\n 2d:\t49 89 11 \tmov %rdx,(%r9)\n 30:\t41 8b 57 28 \tmov 0x28(%r15),%edx\n 34:\t45 8b 5f 34 \tmov 0x34(%r15),%r11d\n 38:\t49 c7 07 00 00 00 00 \tmovq $0x0,(%r15)\n 3f:\t49 \trex.WB\n\nCode starting with the faulting instruction\n===========================================\n 0:\t49 8b 17 \tmov (%r15),%rdx\n 3:\t49 89 11 \tmov %rdx,(%r9)\n 6:\t41 8b 57 28 \tmov 0x28(%r15),%edx\n a:\t45 8b 5f 34 \tmov 0x34(%r15),%r11d\n e:\t49 c7 07 00 00 00 00 \tmovq $0x0,(%r15)\n 15:\t49 \trex.WB\n[ 70.724561] RSP: 0018:ffff95ae85e6fb90 EFLAGS: 00000202\n[ 70.724561] RAX: 0000000002000000 RBX: ffff95ae841de000 RCX: 0000000000000000\n[ 70.724561] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001\n[ 70.724561] RBP: ffff95ae85e6fbf8 R08: 0000000000000000 R09: ffff95b710a30000\n[ 70.724561] R10: 0000000000000000 R11: bdf289445ce31881 R12: ffff95ae85e6fc58\n[ 70.724561] R13: 0000000000000000 R14: 0000000000000040 R15: 0000000000000000\n[ 70.724561] FS: 000000002c5c1380(0000) GS:ffff95bd7fcc0000(0000) knlGS:0000000000000000\n[ 70.724561] CS: 0010 DS: 0000 ES: 0000 C\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:59:12.810Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d70ca7598943572d5e384227bd268acb5109bf72"
},
{
"url": "https://git.kernel.org/stable/c/1598d70ad9c7d0a4d9d54b82094e9f45908fda6d"
},
{
"url": "https://git.kernel.org/stable/c/ba26060a29d3ca1bfc737aa79f7125128f35147c"
},
{
"url": "https://git.kernel.org/stable/c/939c88cbdc668dadd8cfa7a35d9066331239041c"
},
{
"url": "https://git.kernel.org/stable/c/d6114993e0a89fde84a60a60a8329a571580b174"
},
{
"url": "https://git.kernel.org/stable/c/25ab0b87dbd89cecef8a9c60a02bb97832e471d1"
},
{
"url": "https://git.kernel.org/stable/c/f959cce8a2a04ce776aa8b78e83ce339e0d7fbac"
},
{
"url": "https://git.kernel.org/stable/c/81fd007dcd47c34471766249853e4d4bce8eea4b"
},
{
"url": "https://git.kernel.org/stable/c/c20029db28399ecc50e556964eaba75c43b1e2f1"
}
],
"title": "net: avoid potential underflow in qdisc_pkt_len_init() with UFO",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49949",
"datePublished": "2024-10-21T18:02:05.756Z",
"dateReserved": "2024-10-21T12:17:06.046Z",
"dateUpdated": "2025-11-03T22:23:29.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35867 (GCVE-0-2024-35867)
Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2026-01-05 10:35
VLAI?
EPSS
Title
smb: client: fix potential UAF in cifs_stats_proc_show()
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in cifs_stats_proc_show()
Skip sessions that are being teared down (status == SES_EXITING) to
avoid UAF.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 838ec01ea8d3deb5d123e8ed9022e8162dc3f503
(git)
Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < bb6570085826291dc392005f9fec16ea5da3c8ad (git) Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 16b7d785775eb03929766819415055e367398f49 (git) Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < c3cf8b74c57924c0985e49a1fdf02d3395111f39 (git) Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 1e12f0d5c66f07c934041621351973a116fa13c7 (git) Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 0865ffefea197b437ba78b5dd8d8e256253efd65 (git) Affected: a67172a013953664b1dad03c648200c70b90506c (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:29:58.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/16b7d785775eb03929766819415055e367398f49"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c3cf8b74c57924c0985e49a1fdf02d3395111f39"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1e12f0d5c66f07c934041621351973a116fa13c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0865ffefea197b437ba78b5dd8d8e256253efd65"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/30/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/30/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/29/2"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35867",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:41:20.780452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:49.626Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/client/cifs_debug.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "838ec01ea8d3deb5d123e8ed9022e8162dc3f503",
"status": "affected",
"version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
"versionType": "git"
},
{
"lessThan": "bb6570085826291dc392005f9fec16ea5da3c8ad",
"status": "affected",
"version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
"versionType": "git"
},
{
"lessThan": "16b7d785775eb03929766819415055e367398f49",
"status": "affected",
"version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
"versionType": "git"
},
{
"lessThan": "c3cf8b74c57924c0985e49a1fdf02d3395111f39",
"status": "affected",
"version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
"versionType": "git"
},
{
"lessThan": "1e12f0d5c66f07c934041621351973a116fa13c7",
"status": "affected",
"version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
"versionType": "git"
},
{
"lessThan": "0865ffefea197b437ba78b5dd8d8e256253efd65",
"status": "affected",
"version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
"versionType": "git"
},
{
"status": "affected",
"version": "a67172a013953664b1dad03c648200c70b90506c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/client/cifs_debug.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.13"
},
{
"lessThan": "3.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.237",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.181",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.12.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in cifs_stats_proc_show()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:35:34.384Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/838ec01ea8d3deb5d123e8ed9022e8162dc3f503"
},
{
"url": "https://git.kernel.org/stable/c/bb6570085826291dc392005f9fec16ea5da3c8ad"
},
{
"url": "https://git.kernel.org/stable/c/16b7d785775eb03929766819415055e367398f49"
},
{
"url": "https://git.kernel.org/stable/c/c3cf8b74c57924c0985e49a1fdf02d3395111f39"
},
{
"url": "https://git.kernel.org/stable/c/1e12f0d5c66f07c934041621351973a116fa13c7"
},
{
"url": "https://git.kernel.org/stable/c/0865ffefea197b437ba78b5dd8d8e256253efd65"
}
],
"title": "smb: client: fix potential UAF in cifs_stats_proc_show()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35867",
"datePublished": "2024-05-19T08:34:25.911Z",
"dateReserved": "2024-05-17T13:50:33.107Z",
"dateUpdated": "2026-01-05T10:35:34.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26930 (GCVE-0-2024-26930)
Vulnerability from cvelistv5 – Published: 2024-05-01 05:17 – Updated: 2026-01-05 10:35
VLAI?
EPSS
Title
scsi: qla2xxx: Fix double free of the ha->vp_map pointer
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix double free of the ha->vp_map pointer
Coverity scan reported potential risk of double free of the pointer
ha->vp_map. ha->vp_map was freed in qla2x00_mem_alloc(), and again freed
in function qla2x00_mem_free(ha).
Assign NULL to vp_map and kfree take care of NULL.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
430eef03a763e5e76a371ba6d02779ae4a64b6ea , < f14cee7a882cb79528f17a2335f53e9fd1848467
(git)
Affected: 430eef03a763e5e76a371ba6d02779ae4a64b6ea , < b7deb675d674f44e0ddbab87fee8f9f098925e73 (git) Affected: 430eef03a763e5e76a371ba6d02779ae4a64b6ea , < 825d63164a2e6bacb059a9afb5605425b485413f (git) Affected: 430eef03a763e5e76a371ba6d02779ae4a64b6ea , < e288285d47784fdcf7c81be56df7d65c6f10c58b (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26930",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:40:52.767633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:46:59.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f14cee7a882cb79528f17a2335f53e9fd1848467"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7deb675d674f44e0ddbab87fee8f9f098925e73"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/825d63164a2e6bacb059a9afb5605425b485413f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e288285d47784fdcf7c81be56df7d65c6f10c58b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_os.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f14cee7a882cb79528f17a2335f53e9fd1848467",
"status": "affected",
"version": "430eef03a763e5e76a371ba6d02779ae4a64b6ea",
"versionType": "git"
},
{
"lessThan": "b7deb675d674f44e0ddbab87fee8f9f098925e73",
"status": "affected",
"version": "430eef03a763e5e76a371ba6d02779ae4a64b6ea",
"versionType": "git"
},
{
"lessThan": "825d63164a2e6bacb059a9afb5605425b485413f",
"status": "affected",
"version": "430eef03a763e5e76a371ba6d02779ae4a64b6ea",
"versionType": "git"
},
{
"lessThan": "e288285d47784fdcf7c81be56df7d65c6f10c58b",
"status": "affected",
"version": "430eef03a763e5e76a371ba6d02779ae4a64b6ea",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_os.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix double free of the ha-\u003evp_map pointer\n\nCoverity scan reported potential risk of double free of the pointer\nha-\u003evp_map. ha-\u003evp_map was freed in qla2x00_mem_alloc(), and again freed\nin function qla2x00_mem_free(ha).\n\nAssign NULL to vp_map and kfree take care of NULL."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:35:00.891Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f14cee7a882cb79528f17a2335f53e9fd1848467"
},
{
"url": "https://git.kernel.org/stable/c/b7deb675d674f44e0ddbab87fee8f9f098925e73"
},
{
"url": "https://git.kernel.org/stable/c/825d63164a2e6bacb059a9afb5605425b485413f"
},
{
"url": "https://git.kernel.org/stable/c/e288285d47784fdcf7c81be56df7d65c6f10c58b"
}
],
"title": "scsi: qla2xxx: Fix double free of the ha-\u003evp_map pointer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26930",
"datePublished": "2024-05-01T05:17:10.685Z",
"dateReserved": "2024-02-19T14:20:24.195Z",
"dateUpdated": "2026-01-05T10:35:00.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49890 (GCVE-0-2024-49890)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 22:22
VLAI?
EPSS
Title
drm/amd/pm: ensure the fw_info is not null before using it
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: ensure the fw_info is not null before using it
This resolves the dereference null return value warning
reported by Coverity.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
3bace359149391c6547cefe3bf729f365bcf3ef6 , < 29f388945770bd0a6c82711436b2bc98b0dfac92
(git)
Affected: 3bace359149391c6547cefe3bf729f365bcf3ef6 , < 9550d8d6f19fac7623f044ae8d9503825b325497 (git) Affected: 3bace359149391c6547cefe3bf729f365bcf3ef6 , < fd5f4ac1a986f0e7e9fa019201b5890554f87bcf (git) Affected: 3bace359149391c6547cefe3bf729f365bcf3ef6 , < b511474f49588cdca355ebfce54e7eddbf7b75a5 (git) Affected: 3bace359149391c6547cefe3bf729f365bcf3ef6 , < 8adf4408d482faa51b2c14e60bfd9946ec1911a4 (git) Affected: 3bace359149391c6547cefe3bf729f365bcf3ef6 , < 016bf0294b401246471c6710c6bf9251616228b6 (git) Affected: 3bace359149391c6547cefe3bf729f365bcf3ef6 , < 186fb12e7a7b038c2710ceb2fb74068f1b5d55a4 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49890",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:44:27.910484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:49.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:55.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/processpptables.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "29f388945770bd0a6c82711436b2bc98b0dfac92",
"status": "affected",
"version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
"versionType": "git"
},
{
"lessThan": "9550d8d6f19fac7623f044ae8d9503825b325497",
"status": "affected",
"version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
"versionType": "git"
},
{
"lessThan": "fd5f4ac1a986f0e7e9fa019201b5890554f87bcf",
"status": "affected",
"version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
"versionType": "git"
},
{
"lessThan": "b511474f49588cdca355ebfce54e7eddbf7b75a5",
"status": "affected",
"version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
"versionType": "git"
},
{
"lessThan": "8adf4408d482faa51b2c14e60bfd9946ec1911a4",
"status": "affected",
"version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
"versionType": "git"
},
{
"lessThan": "016bf0294b401246471c6710c6bf9251616228b6",
"status": "affected",
"version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
"versionType": "git"
},
{
"lessThan": "186fb12e7a7b038c2710ceb2fb74068f1b5d55a4",
"status": "affected",
"version": "3bace359149391c6547cefe3bf729f365bcf3ef6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/processpptables.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.5"
},
{
"lessThan": "4.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: ensure the fw_info is not null before using it\n\nThis resolves the dereference null return value warning\nreported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:18.406Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/29f388945770bd0a6c82711436b2bc98b0dfac92"
},
{
"url": "https://git.kernel.org/stable/c/9550d8d6f19fac7623f044ae8d9503825b325497"
},
{
"url": "https://git.kernel.org/stable/c/fd5f4ac1a986f0e7e9fa019201b5890554f87bcf"
},
{
"url": "https://git.kernel.org/stable/c/b511474f49588cdca355ebfce54e7eddbf7b75a5"
},
{
"url": "https://git.kernel.org/stable/c/8adf4408d482faa51b2c14e60bfd9946ec1911a4"
},
{
"url": "https://git.kernel.org/stable/c/016bf0294b401246471c6710c6bf9251616228b6"
},
{
"url": "https://git.kernel.org/stable/c/186fb12e7a7b038c2710ceb2fb74068f1b5d55a4"
}
],
"title": "drm/amd/pm: ensure the fw_info is not null before using it",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49890",
"datePublished": "2024-10-21T18:01:25.634Z",
"dateReserved": "2024-10-21T12:17:06.025Z",
"dateUpdated": "2025-11-03T22:22:55.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-40909 (GCVE-0-2024-40909)
Vulnerability from cvelistv5 – Published: 2024-07-12 12:20 – Updated: 2025-05-04 12:57
VLAI?
EPSS
Title
bpf: Fix a potential use-after-free in bpf_link_free()
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix a potential use-after-free in bpf_link_free()
After commit 1a80dbcb2dba, bpf_link can be freed by
link->ops->dealloc_deferred, but the code still tests and uses
link->ops->dealloc afterward, which leads to a use-after-free as
reported by syzbot. Actually, one of them should be sufficient, so
just call one of them instead of both. Also add a WARN_ON() in case
of any problematic implementation.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
876941f533e7b47fc69977fc4551c02f2d18af97 , < 91cff53136daeff50816b0baeafd38a6976f6209
(git)
Affected: 1a80dbcb2dbaf6e4c216e62e30fa7d3daa8001ce , < fa97b8fed9896f1e89cb657513e483a152d4c382 (git) Affected: 1a80dbcb2dbaf6e4c216e62e30fa7d3daa8001ce , < 2884dc7d08d98a89d8d65121524bb7533183a63a (git) Affected: 5d8d447777564b35f67000e7838e7ccb64d525c8 (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:55.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/91cff53136daeff50816b0baeafd38a6976f6209"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fa97b8fed9896f1e89cb657513e483a152d4c382"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2884dc7d08d98a89d8d65121524bb7533183a63a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:06:09.099919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:37.410Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/syscall.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "91cff53136daeff50816b0baeafd38a6976f6209",
"status": "affected",
"version": "876941f533e7b47fc69977fc4551c02f2d18af97",
"versionType": "git"
},
{
"lessThan": "fa97b8fed9896f1e89cb657513e483a152d4c382",
"status": "affected",
"version": "1a80dbcb2dbaf6e4c216e62e30fa7d3daa8001ce",
"versionType": "git"
},
{
"lessThan": "2884dc7d08d98a89d8d65121524bb7533183a63a",
"status": "affected",
"version": "1a80dbcb2dbaf6e4c216e62e30fa7d3daa8001ce",
"versionType": "git"
},
{
"status": "affected",
"version": "5d8d447777564b35f67000e7838e7ccb64d525c8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/syscall.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.35",
"versionStartIncluding": "6.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.6",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a potential use-after-free in bpf_link_free()\n\nAfter commit 1a80dbcb2dba, bpf_link can be freed by\nlink-\u003eops-\u003edealloc_deferred, but the code still tests and uses\nlink-\u003eops-\u003edealloc afterward, which leads to a use-after-free as\nreported by syzbot. Actually, one of them should be sufficient, so\njust call one of them instead of both. Also add a WARN_ON() in case\nof any problematic implementation."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:57:08.471Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/91cff53136daeff50816b0baeafd38a6976f6209"
},
{
"url": "https://git.kernel.org/stable/c/fa97b8fed9896f1e89cb657513e483a152d4c382"
},
{
"url": "https://git.kernel.org/stable/c/2884dc7d08d98a89d8d65121524bb7533183a63a"
}
],
"title": "bpf: Fix a potential use-after-free in bpf_link_free()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40909",
"datePublished": "2024-07-12T12:20:48.447Z",
"dateReserved": "2024-07-12T12:17:45.580Z",
"dateUpdated": "2025-05-04T12:57:08.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48948 (GCVE-0-2022-48948)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:26
VLAI?
EPSS
Title
usb: gadget: uvc: Prevent buffer overflow in setup handler
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: uvc: Prevent buffer overflow in setup handler
Setup function uvc_function_setup permits control transfer
requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE),
data stage handler for OUT transfer uses memcpy to copy req->actual
bytes to uvc_event->data.data array of size 60. This may result
in an overflow of 4 bytes.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
cdda479f15cd13fa50a913ca85129c0437cc7b91 , < 4972e3528b968665b596b5434764ff8fd9446d35
(git)
Affected: cdda479f15cd13fa50a913ca85129c0437cc7b91 , < 06fd17ee92c8f1704c7e54ec0fd50ae0542a49a5 (git) Affected: cdda479f15cd13fa50a913ca85129c0437cc7b91 , < bc8380fe5768c564f921f7b4eaba932e330b9e4b (git) Affected: cdda479f15cd13fa50a913ca85129c0437cc7b91 , < b8fb1cba934ea122b50f13a4f9d6fc4fdc43d2be (git) Affected: cdda479f15cd13fa50a913ca85129c0437cc7b91 , < c79538f32df12887f110dcd6b9c825b482905f24 (git) Affected: cdda479f15cd13fa50a913ca85129c0437cc7b91 , < 6b41a35b41f77821db24f2d8f66794b390a585c5 (git) Affected: cdda479f15cd13fa50a913ca85129c0437cc7b91 , < 7b1f773277a72f9756d47a41b94e43506cce1954 (git) Affected: cdda479f15cd13fa50a913ca85129c0437cc7b91 , < d1a92bb8d697f170d93fe922da763d7d156b8841 (git) Affected: cdda479f15cd13fa50a913ca85129c0437cc7b91 , < 4c92670b16727365699fe4b19ed32013bab2c107 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:22:00.601644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:41.126Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/f_uvc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4972e3528b968665b596b5434764ff8fd9446d35",
"status": "affected",
"version": "cdda479f15cd13fa50a913ca85129c0437cc7b91",
"versionType": "git"
},
{
"lessThan": "06fd17ee92c8f1704c7e54ec0fd50ae0542a49a5",
"status": "affected",
"version": "cdda479f15cd13fa50a913ca85129c0437cc7b91",
"versionType": "git"
},
{
"lessThan": "bc8380fe5768c564f921f7b4eaba932e330b9e4b",
"status": "affected",
"version": "cdda479f15cd13fa50a913ca85129c0437cc7b91",
"versionType": "git"
},
{
"lessThan": "b8fb1cba934ea122b50f13a4f9d6fc4fdc43d2be",
"status": "affected",
"version": "cdda479f15cd13fa50a913ca85129c0437cc7b91",
"versionType": "git"
},
{
"lessThan": "c79538f32df12887f110dcd6b9c825b482905f24",
"status": "affected",
"version": "cdda479f15cd13fa50a913ca85129c0437cc7b91",
"versionType": "git"
},
{
"lessThan": "6b41a35b41f77821db24f2d8f66794b390a585c5",
"status": "affected",
"version": "cdda479f15cd13fa50a913ca85129c0437cc7b91",
"versionType": "git"
},
{
"lessThan": "7b1f773277a72f9756d47a41b94e43506cce1954",
"status": "affected",
"version": "cdda479f15cd13fa50a913ca85129c0437cc7b91",
"versionType": "git"
},
{
"lessThan": "d1a92bb8d697f170d93fe922da763d7d156b8841",
"status": "affected",
"version": "cdda479f15cd13fa50a913ca85129c0437cc7b91",
"versionType": "git"
},
{
"lessThan": "4c92670b16727365699fe4b19ed32013bab2c107",
"status": "affected",
"version": "cdda479f15cd13fa50a913ca85129c0437cc7b91",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/f_uvc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.337",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.303",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.337",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.303",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.161",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.85",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.15",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.1",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Prevent buffer overflow in setup handler\n\nSetup function uvc_function_setup permits control transfer\nrequests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE),\ndata stage handler for OUT transfer uses memcpy to copy req-\u003eactual\nbytes to uvc_event-\u003edata.data array of size 60. This may result\nin an overflow of 4 bytes."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:43.404Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4972e3528b968665b596b5434764ff8fd9446d35"
},
{
"url": "https://git.kernel.org/stable/c/06fd17ee92c8f1704c7e54ec0fd50ae0542a49a5"
},
{
"url": "https://git.kernel.org/stable/c/bc8380fe5768c564f921f7b4eaba932e330b9e4b"
},
{
"url": "https://git.kernel.org/stable/c/b8fb1cba934ea122b50f13a4f9d6fc4fdc43d2be"
},
{
"url": "https://git.kernel.org/stable/c/c79538f32df12887f110dcd6b9c825b482905f24"
},
{
"url": "https://git.kernel.org/stable/c/6b41a35b41f77821db24f2d8f66794b390a585c5"
},
{
"url": "https://git.kernel.org/stable/c/7b1f773277a72f9756d47a41b94e43506cce1954"
},
{
"url": "https://git.kernel.org/stable/c/d1a92bb8d697f170d93fe922da763d7d156b8841"
},
{
"url": "https://git.kernel.org/stable/c/4c92670b16727365699fe4b19ed32013bab2c107"
}
],
"title": "usb: gadget: uvc: Prevent buffer overflow in setup handler",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48948",
"datePublished": "2024-10-21T20:05:37.122Z",
"dateReserved": "2024-08-22T01:27:53.625Z",
"dateUpdated": "2025-05-04T08:26:43.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49005 (GCVE-0-2022-49005)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 12:44
VLAI?
EPSS
Title
ASoC: ops: Fix bounds check for _sx controls
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: ops: Fix bounds check for _sx controls
For _sx controls the semantics of the max field is not the usual one, max
is the number of steps rather than the maximum value. This means that our
check in snd_soc_put_volsw_sx() needs to just check against the maximum
value.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
9e5c40b5706d8aae2cf70bd7e01f0b4575a642d0 , < e46adadf19248d59af3aa6bc52e09115bf479bf7
(git)
Affected: 4977491e4b3aad8567f57e2a9992d251410c1db3 , < 4a95a49f26308782b4056401989ecd7768fda8fa (git) Affected: 9a12fcbf3c622f9bf6b110a873d62b0cba93972e , < 46bab25cc0230df60d1c02b651cc5640a14b08df (git) Affected: c33402b056de61104b6146dedbe138ca8d7ec62b , < 73dce3c1d48c4662bdf3ccbde1492c2cb4bfd8ce (git) Affected: 038f8b7caa74d29e020949a43ca368c93f6b29b9 , < b50c9641897274c3faef5f95ac852f54b94be2e8 (git) Affected: e8e07c5e25a29e2a6f119fd947f55d7a55eb8a13 , < 98b15c706644bebc19d2e77ccc360cc51444f6d0 (git) Affected: 4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e , < 325d94d16e3131b54bdf07356e4cd855e0d853fc (git) Affected: 4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e , < 698813ba8c580efb356ace8dbf55f61dac6063a8 (git) Affected: ef6cd9eeb38062a145802b7b56be7ae1090e165e (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:14:37.897186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:39.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/soc-ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e46adadf19248d59af3aa6bc52e09115bf479bf7",
"status": "affected",
"version": "9e5c40b5706d8aae2cf70bd7e01f0b4575a642d0",
"versionType": "git"
},
{
"lessThan": "4a95a49f26308782b4056401989ecd7768fda8fa",
"status": "affected",
"version": "4977491e4b3aad8567f57e2a9992d251410c1db3",
"versionType": "git"
},
{
"lessThan": "46bab25cc0230df60d1c02b651cc5640a14b08df",
"status": "affected",
"version": "9a12fcbf3c622f9bf6b110a873d62b0cba93972e",
"versionType": "git"
},
{
"lessThan": "73dce3c1d48c4662bdf3ccbde1492c2cb4bfd8ce",
"status": "affected",
"version": "c33402b056de61104b6146dedbe138ca8d7ec62b",
"versionType": "git"
},
{
"lessThan": "b50c9641897274c3faef5f95ac852f54b94be2e8",
"status": "affected",
"version": "038f8b7caa74d29e020949a43ca368c93f6b29b9",
"versionType": "git"
},
{
"lessThan": "98b15c706644bebc19d2e77ccc360cc51444f6d0",
"status": "affected",
"version": "e8e07c5e25a29e2a6f119fd947f55d7a55eb8a13",
"versionType": "git"
},
{
"lessThan": "325d94d16e3131b54bdf07356e4cd855e0d853fc",
"status": "affected",
"version": "4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e",
"versionType": "git"
},
{
"lessThan": "698813ba8c580efb356ace8dbf55f61dac6063a8",
"status": "affected",
"version": "4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e",
"versionType": "git"
},
{
"status": "affected",
"version": "ef6cd9eeb38062a145802b7b56be7ae1090e165e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/soc-ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.335",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.301",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.335",
"versionStartIncluding": "4.9.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.301",
"versionStartIncluding": "4.14.265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.268",
"versionStartIncluding": "4.19.228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "5.4.178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "5.10.99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "5.15.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: ops: Fix bounds check for _sx controls\n\nFor _sx controls the semantics of the max field is not the usual one, max\nis the number of steps rather than the maximum value. This means that our\ncheck in snd_soc_put_volsw_sx() needs to just check against the maximum\nvalue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:09.760Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e46adadf19248d59af3aa6bc52e09115bf479bf7"
},
{
"url": "https://git.kernel.org/stable/c/4a95a49f26308782b4056401989ecd7768fda8fa"
},
{
"url": "https://git.kernel.org/stable/c/46bab25cc0230df60d1c02b651cc5640a14b08df"
},
{
"url": "https://git.kernel.org/stable/c/73dce3c1d48c4662bdf3ccbde1492c2cb4bfd8ce"
},
{
"url": "https://git.kernel.org/stable/c/b50c9641897274c3faef5f95ac852f54b94be2e8"
},
{
"url": "https://git.kernel.org/stable/c/98b15c706644bebc19d2e77ccc360cc51444f6d0"
},
{
"url": "https://git.kernel.org/stable/c/325d94d16e3131b54bdf07356e4cd855e0d853fc"
},
{
"url": "https://git.kernel.org/stable/c/698813ba8c580efb356ace8dbf55f61dac6063a8"
}
],
"title": "ASoC: ops: Fix bounds check for _sx controls",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49005",
"datePublished": "2024-10-21T20:06:18.143Z",
"dateReserved": "2024-08-22T01:27:53.643Z",
"dateUpdated": "2025-05-04T12:44:09.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41059 (GCVE-0-2024-41059)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:57 – Updated: 2025-11-03 22:00
VLAI?
EPSS
Title
hfsplus: fix uninit-value in copy_name
Summary
In the Linux kernel, the following vulnerability has been resolved:
hfsplus: fix uninit-value in copy_name
[syzbot reported]
BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160
sized_strscpy+0xc4/0x160
copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411
hfsplus_listxattr+0x11e9/0x1a50 fs/hfsplus/xattr.c:750
vfs_listxattr fs/xattr.c:493 [inline]
listxattr+0x1f3/0x6b0 fs/xattr.c:840
path_listxattr fs/xattr.c:864 [inline]
__do_sys_listxattr fs/xattr.c:876 [inline]
__se_sys_listxattr fs/xattr.c:873 [inline]
__x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873
x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was created at:
slab_post_alloc_hook mm/slub.c:3877 [inline]
slab_alloc_node mm/slub.c:3918 [inline]
kmalloc_trace+0x57b/0xbe0 mm/slub.c:4065
kmalloc include/linux/slab.h:628 [inline]
hfsplus_listxattr+0x4cc/0x1a50 fs/hfsplus/xattr.c:699
vfs_listxattr fs/xattr.c:493 [inline]
listxattr+0x1f3/0x6b0 fs/xattr.c:840
path_listxattr fs/xattr.c:864 [inline]
__do_sys_listxattr fs/xattr.c:876 [inline]
__se_sys_listxattr fs/xattr.c:873 [inline]
__x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873
x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
[Fix]
When allocating memory to strbuf, initialize memory to 0.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
017f8da43e92ddd9989884720b694a512e09ccce , < 72805debec8f7aa342da194fe0ed7bc8febea335
(git)
Affected: 017f8da43e92ddd9989884720b694a512e09ccce , < c733e24a61cbcff10f660041d6d84d32bb7e4cb4 (git) Affected: 017f8da43e92ddd9989884720b694a512e09ccce , < 34f8efd2743f2d961e92e8e994de4c7a2f9e74a0 (git) Affected: 017f8da43e92ddd9989884720b694a512e09ccce , < d02d8c1dacafb28930c39e16d48e40bb6e4cbc70 (git) Affected: 017f8da43e92ddd9989884720b694a512e09ccce , < 22999936b91ba545ce1fbbecae6895127945e91c (git) Affected: 017f8da43e92ddd9989884720b694a512e09ccce , < f08956d8e0f80fd0d4ad84ec917302bb2f3a9c6a (git) Affected: 017f8da43e92ddd9989884720b694a512e09ccce , < ad57dc2caf1e0a3c0a9904400fae7afbc9f74bb2 (git) Affected: 017f8da43e92ddd9989884720b694a512e09ccce , < 0570730c16307a72f8241df12363f76600baf57d (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:00:03.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/72805debec8f7aa342da194fe0ed7bc8febea335"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c733e24a61cbcff10f660041d6d84d32bb7e4cb4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/34f8efd2743f2d961e92e8e994de4c7a2f9e74a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d02d8c1dacafb28930c39e16d48e40bb6e4cbc70"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22999936b91ba545ce1fbbecae6895127945e91c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f08956d8e0f80fd0d4ad84ec917302bb2f3a9c6a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad57dc2caf1e0a3c0a9904400fae7afbc9f74bb2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0570730c16307a72f8241df12363f76600baf57d"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:22:15.385503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:01.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/hfsplus/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "72805debec8f7aa342da194fe0ed7bc8febea335",
"status": "affected",
"version": "017f8da43e92ddd9989884720b694a512e09ccce",
"versionType": "git"
},
{
"lessThan": "c733e24a61cbcff10f660041d6d84d32bb7e4cb4",
"status": "affected",
"version": "017f8da43e92ddd9989884720b694a512e09ccce",
"versionType": "git"
},
{
"lessThan": "34f8efd2743f2d961e92e8e994de4c7a2f9e74a0",
"status": "affected",
"version": "017f8da43e92ddd9989884720b694a512e09ccce",
"versionType": "git"
},
{
"lessThan": "d02d8c1dacafb28930c39e16d48e40bb6e4cbc70",
"status": "affected",
"version": "017f8da43e92ddd9989884720b694a512e09ccce",
"versionType": "git"
},
{
"lessThan": "22999936b91ba545ce1fbbecae6895127945e91c",
"status": "affected",
"version": "017f8da43e92ddd9989884720b694a512e09ccce",
"versionType": "git"
},
{
"lessThan": "f08956d8e0f80fd0d4ad84ec917302bb2f3a9c6a",
"status": "affected",
"version": "017f8da43e92ddd9989884720b694a512e09ccce",
"versionType": "git"
},
{
"lessThan": "ad57dc2caf1e0a3c0a9904400fae7afbc9f74bb2",
"status": "affected",
"version": "017f8da43e92ddd9989884720b694a512e09ccce",
"versionType": "git"
},
{
"lessThan": "0570730c16307a72f8241df12363f76600baf57d",
"status": "affected",
"version": "017f8da43e92ddd9989884720b694a512e09ccce",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/hfsplus/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.16"
},
{
"lessThan": "3.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.319",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.281",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.319",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.281",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.223",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.101",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.42",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix uninit-value in copy_name\n\n[syzbot reported]\nBUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160\n sized_strscpy+0xc4/0x160\n copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411\n hfsplus_listxattr+0x11e9/0x1a50 fs/hfsplus/xattr.c:750\n vfs_listxattr fs/xattr.c:493 [inline]\n listxattr+0x1f3/0x6b0 fs/xattr.c:840\n path_listxattr fs/xattr.c:864 [inline]\n __do_sys_listxattr fs/xattr.c:876 [inline]\n __se_sys_listxattr fs/xattr.c:873 [inline]\n __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873\n x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3877 [inline]\n slab_alloc_node mm/slub.c:3918 [inline]\n kmalloc_trace+0x57b/0xbe0 mm/slub.c:4065\n kmalloc include/linux/slab.h:628 [inline]\n hfsplus_listxattr+0x4cc/0x1a50 fs/hfsplus/xattr.c:699\n vfs_listxattr fs/xattr.c:493 [inline]\n listxattr+0x1f3/0x6b0 fs/xattr.c:840\n path_listxattr fs/xattr.c:864 [inline]\n __do_sys_listxattr fs/xattr.c:876 [inline]\n __se_sys_listxattr fs/xattr.c:873 [inline]\n __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873\n x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[Fix]\nWhen allocating memory to strbuf, initialize memory to 0."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:12:50.190Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/72805debec8f7aa342da194fe0ed7bc8febea335"
},
{
"url": "https://git.kernel.org/stable/c/c733e24a61cbcff10f660041d6d84d32bb7e4cb4"
},
{
"url": "https://git.kernel.org/stable/c/34f8efd2743f2d961e92e8e994de4c7a2f9e74a0"
},
{
"url": "https://git.kernel.org/stable/c/d02d8c1dacafb28930c39e16d48e40bb6e4cbc70"
},
{
"url": "https://git.kernel.org/stable/c/22999936b91ba545ce1fbbecae6895127945e91c"
},
{
"url": "https://git.kernel.org/stable/c/f08956d8e0f80fd0d4ad84ec917302bb2f3a9c6a"
},
{
"url": "https://git.kernel.org/stable/c/ad57dc2caf1e0a3c0a9904400fae7afbc9f74bb2"
},
{
"url": "https://git.kernel.org/stable/c/0570730c16307a72f8241df12363f76600baf57d"
}
],
"title": "hfsplus: fix uninit-value in copy_name",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41059",
"datePublished": "2024-07-29T14:57:21.616Z",
"dateReserved": "2024-07-12T12:17:45.627Z",
"dateUpdated": "2025-11-03T22:00:03.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47684 (GCVE-0-2024-47684)
Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-11-03 22:20
VLAI?
EPSS
Title
tcp: check skb is non-NULL in tcp_rto_delta_us()
Summary
In the Linux kernel, the following vulnerability has been resolved:
tcp: check skb is non-NULL in tcp_rto_delta_us()
We have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic
kernel that are running ceph and recently hit a null ptr dereference in
tcp_rearm_rto(). Initially hitting it from the TLP path, but then later we also
saw it getting hit from the RACK case as well. Here are examples of the oops
messages we saw in each of those cases:
Jul 26 15:05:02 rx [11061395.780353] BUG: kernel NULL pointer dereference, address: 0000000000000020
Jul 26 15:05:02 rx [11061395.787572] #PF: supervisor read access in kernel mode
Jul 26 15:05:02 rx [11061395.792971] #PF: error_code(0x0000) - not-present page
Jul 26 15:05:02 rx [11061395.798362] PGD 0 P4D 0
Jul 26 15:05:02 rx [11061395.801164] Oops: 0000 [#1] SMP NOPTI
Jul 26 15:05:02 rx [11061395.805091] CPU: 0 PID: 9180 Comm: msgr-worker-1 Tainted: G W 5.4.0-174-generic #193-Ubuntu
Jul 26 15:05:02 rx [11061395.814996] Hardware name: Supermicro SMC 2x26 os-gen8 64C NVME-Y 256G/H12SSW-NTR, BIOS 2.5.V1.2U.NVMe.UEFI 05/09/2023
Jul 26 15:05:02 rx [11061395.825952] RIP: 0010:tcp_rearm_rto+0xe4/0x160
Jul 26 15:05:02 rx [11061395.830656] Code: 87 ca 04 00 00 00 5b 41 5c 41 5d 5d c3 c3 49 8b bc 24 40 06 00 00 eb 8d 48 bb cf f7 53 e3 a5 9b c4 20 4c 89 ef e8 0c fe 0e 00 <48> 8b 78 20 48 c1 ef 03 48 89 f8 41 8b bc 24 80 04 00 00 48 f7 e3
Jul 26 15:05:02 rx [11061395.849665] RSP: 0018:ffffb75d40003e08 EFLAGS: 00010246
Jul 26 15:05:02 rx [11061395.855149] RAX: 0000000000000000 RBX: 20c49ba5e353f7cf RCX: 0000000000000000
Jul 26 15:05:02 rx [11061395.862542] RDX: 0000000062177c30 RSI: 000000000000231c RDI: ffff9874ad283a60
Jul 26 15:05:02 rx [11061395.869933] RBP: ffffb75d40003e20 R08: 0000000000000000 R09: ffff987605e20aa8
Jul 26 15:05:02 rx [11061395.877318] R10: ffffb75d40003f00 R11: ffffb75d4460f740 R12: ffff9874ad283900
Jul 26 15:05:02 rx [11061395.884710] R13: ffff9874ad283a60 R14: ffff9874ad283980 R15: ffff9874ad283d30
Jul 26 15:05:02 rx [11061395.892095] FS: 00007f1ef4a2e700(0000) GS:ffff987605e00000(0000) knlGS:0000000000000000
Jul 26 15:05:02 rx [11061395.900438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jul 26 15:05:02 rx [11061395.906435] CR2: 0000000000000020 CR3: 0000003e450ba003 CR4: 0000000000760ef0
Jul 26 15:05:02 rx [11061395.913822] PKRU: 55555554
Jul 26 15:05:02 rx [11061395.916786] Call Trace:
Jul 26 15:05:02 rx [11061395.919488]
Jul 26 15:05:02 rx [11061395.921765] ? show_regs.cold+0x1a/0x1f
Jul 26 15:05:02 rx [11061395.925859] ? __die+0x90/0xd9
Jul 26 15:05:02 rx [11061395.929169] ? no_context+0x196/0x380
Jul 26 15:05:02 rx [11061395.933088] ? ip6_protocol_deliver_rcu+0x4e0/0x4e0
Jul 26 15:05:02 rx [11061395.938216] ? ip6_sublist_rcv_finish+0x3d/0x50
Jul 26 15:05:02 rx [11061395.943000] ? __bad_area_nosemaphore+0x50/0x1a0
Jul 26 15:05:02 rx [11061395.947873] ? bad_area_nosemaphore+0x16/0x20
Jul 26 15:05:02 rx [11061395.952486] ? do_user_addr_fault+0x267/0x450
Jul 26 15:05:02 rx [11061395.957104] ? ipv6_list_rcv+0x112/0x140
Jul 26 15:05:02 rx [11061395.961279] ? __do_page_fault+0x58/0x90
Jul 26 15:05:02 rx [11061395.965458] ? do_page_fault+0x2c/0xe0
Jul 26 15:05:02 rx [11061395.969465] ? page_fault+0x34/0x40
Jul 26 15:05:02 rx [11061395.973217] ? tcp_rearm_rto+0xe4/0x160
Jul 26 15:05:02 rx [11061395.977313] ? tcp_rearm_rto+0xe4/0x160
Jul 26 15:05:02 rx [11061395.981408] tcp_send_loss_probe+0x10b/0x220
Jul 26 15:05:02 rx [11061395.985937] tcp_write_timer_handler+0x1b4/0x240
Jul 26 15:05:02 rx [11061395.990809] tcp_write_timer+0x9e/0xe0
Jul 26 15:05:02 rx [11061395.994814] ? tcp_write_timer_handler+0x240/0x240
Jul 26 15:05:02 rx [11061395.999866] call_timer_fn+0x32/0x130
Jul 26 15:05:02 rx [11061396.003782] __run_timers.part.0+0x180/0x280
Jul 26 15:05:02 rx [11061396.008309] ? recalibrate_cpu_khz+0x10/0x10
Jul 26 15:05:02 rx [11061396.012841] ? native_x2apic_icr_write+0x30/0x30
Jul 26 15:05:02 rx [11061396.017718] ? lapic_next_even
---truncated---
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
e1a10ef7fa876f8510aaec36ea5c0cf34baba410 , < ad4f0a14d6856e68f023fc4e5017cfd881a3dfbc
(git)
Affected: e1a10ef7fa876f8510aaec36ea5c0cf34baba410 , < 16e0387d87fc858e34449fdf2b14ed5837f761db (git) Affected: e1a10ef7fa876f8510aaec36ea5c0cf34baba410 , < ec31cf42fc4e35bb1248ce6eb1de6de9f851ac86 (git) Affected: e1a10ef7fa876f8510aaec36ea5c0cf34baba410 , < 5c4c03288a4aea705e36aa44119c13d7ee4dce99 (git) Affected: e1a10ef7fa876f8510aaec36ea5c0cf34baba410 , < 96c4983eab2a5da235f7fff90beaf17b008ba029 (git) Affected: e1a10ef7fa876f8510aaec36ea5c0cf34baba410 , < 570f7d8c9bf14f041152ba8353d4330ef7575915 (git) Affected: e1a10ef7fa876f8510aaec36ea5c0cf34baba410 , < 81d18c152e3f82bacadf83bc0a471b2363b9cc18 (git) Affected: e1a10ef7fa876f8510aaec36ea5c0cf34baba410 , < 09aea49fbc7e755a915c405644f347137cdb62b0 (git) Affected: e1a10ef7fa876f8510aaec36ea5c0cf34baba410 , < c8770db2d54437a5f49417ae7b46f7de23d14db6 (git) Affected: 42a858e036bb26cb559157393b7890cabe70bfc2 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:06:54.270421Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:14:16.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:20:50.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/tcp.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ad4f0a14d6856e68f023fc4e5017cfd881a3dfbc",
"status": "affected",
"version": "e1a10ef7fa876f8510aaec36ea5c0cf34baba410",
"versionType": "git"
},
{
"lessThan": "16e0387d87fc858e34449fdf2b14ed5837f761db",
"status": "affected",
"version": "e1a10ef7fa876f8510aaec36ea5c0cf34baba410",
"versionType": "git"
},
{
"lessThan": "ec31cf42fc4e35bb1248ce6eb1de6de9f851ac86",
"status": "affected",
"version": "e1a10ef7fa876f8510aaec36ea5c0cf34baba410",
"versionType": "git"
},
{
"lessThan": "5c4c03288a4aea705e36aa44119c13d7ee4dce99",
"status": "affected",
"version": "e1a10ef7fa876f8510aaec36ea5c0cf34baba410",
"versionType": "git"
},
{
"lessThan": "96c4983eab2a5da235f7fff90beaf17b008ba029",
"status": "affected",
"version": "e1a10ef7fa876f8510aaec36ea5c0cf34baba410",
"versionType": "git"
},
{
"lessThan": "570f7d8c9bf14f041152ba8353d4330ef7575915",
"status": "affected",
"version": "e1a10ef7fa876f8510aaec36ea5c0cf34baba410",
"versionType": "git"
},
{
"lessThan": "81d18c152e3f82bacadf83bc0a471b2363b9cc18",
"status": "affected",
"version": "e1a10ef7fa876f8510aaec36ea5c0cf34baba410",
"versionType": "git"
},
{
"lessThan": "09aea49fbc7e755a915c405644f347137cdb62b0",
"status": "affected",
"version": "e1a10ef7fa876f8510aaec36ea5c0cf34baba410",
"versionType": "git"
},
{
"lessThan": "c8770db2d54437a5f49417ae7b46f7de23d14db6",
"status": "affected",
"version": "e1a10ef7fa876f8510aaec36ea5c0cf34baba410",
"versionType": "git"
},
{
"status": "affected",
"version": "42a858e036bb26cb559157393b7890cabe70bfc2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/tcp.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.13"
},
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10.108",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: check skb is non-NULL in tcp_rto_delta_us()\n\nWe have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic\nkernel that are running ceph and recently hit a null ptr dereference in\ntcp_rearm_rto(). Initially hitting it from the TLP path, but then later we also\nsaw it getting hit from the RACK case as well. Here are examples of the oops\nmessages we saw in each of those cases:\n\nJul 26 15:05:02 rx [11061395.780353] BUG: kernel NULL pointer dereference, address: 0000000000000020\nJul 26 15:05:02 rx [11061395.787572] #PF: supervisor read access in kernel mode\nJul 26 15:05:02 rx [11061395.792971] #PF: error_code(0x0000) - not-present page\nJul 26 15:05:02 rx [11061395.798362] PGD 0 P4D 0\nJul 26 15:05:02 rx [11061395.801164] Oops: 0000 [#1] SMP NOPTI\nJul 26 15:05:02 rx [11061395.805091] CPU: 0 PID: 9180 Comm: msgr-worker-1 Tainted: G W 5.4.0-174-generic #193-Ubuntu\nJul 26 15:05:02 rx [11061395.814996] Hardware name: Supermicro SMC 2x26 os-gen8 64C NVME-Y 256G/H12SSW-NTR, BIOS 2.5.V1.2U.NVMe.UEFI 05/09/2023\nJul 26 15:05:02 rx [11061395.825952] RIP: 0010:tcp_rearm_rto+0xe4/0x160\nJul 26 15:05:02 rx [11061395.830656] Code: 87 ca 04 00 00 00 5b 41 5c 41 5d 5d c3 c3 49 8b bc 24 40 06 00 00 eb 8d 48 bb cf f7 53 e3 a5 9b c4 20 4c 89 ef e8 0c fe 0e 00 \u003c48\u003e 8b 78 20 48 c1 ef 03 48 89 f8 41 8b bc 24 80 04 00 00 48 f7 e3\nJul 26 15:05:02 rx [11061395.849665] RSP: 0018:ffffb75d40003e08 EFLAGS: 00010246\nJul 26 15:05:02 rx [11061395.855149] RAX: 0000000000000000 RBX: 20c49ba5e353f7cf RCX: 0000000000000000\nJul 26 15:05:02 rx [11061395.862542] RDX: 0000000062177c30 RSI: 000000000000231c RDI: ffff9874ad283a60\nJul 26 15:05:02 rx [11061395.869933] RBP: ffffb75d40003e20 R08: 0000000000000000 R09: ffff987605e20aa8\nJul 26 15:05:02 rx [11061395.877318] R10: ffffb75d40003f00 R11: ffffb75d4460f740 R12: ffff9874ad283900\nJul 26 15:05:02 rx [11061395.884710] R13: ffff9874ad283a60 R14: ffff9874ad283980 R15: ffff9874ad283d30\nJul 26 15:05:02 rx [11061395.892095] FS: 00007f1ef4a2e700(0000) GS:ffff987605e00000(0000) knlGS:0000000000000000\nJul 26 15:05:02 rx [11061395.900438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nJul 26 15:05:02 rx [11061395.906435] CR2: 0000000000000020 CR3: 0000003e450ba003 CR4: 0000000000760ef0\nJul 26 15:05:02 rx [11061395.913822] PKRU: 55555554\nJul 26 15:05:02 rx [11061395.916786] Call Trace:\nJul 26 15:05:02 rx [11061395.919488]\nJul 26 15:05:02 rx [11061395.921765] ? show_regs.cold+0x1a/0x1f\nJul 26 15:05:02 rx [11061395.925859] ? __die+0x90/0xd9\nJul 26 15:05:02 rx [11061395.929169] ? no_context+0x196/0x380\nJul 26 15:05:02 rx [11061395.933088] ? ip6_protocol_deliver_rcu+0x4e0/0x4e0\nJul 26 15:05:02 rx [11061395.938216] ? ip6_sublist_rcv_finish+0x3d/0x50\nJul 26 15:05:02 rx [11061395.943000] ? __bad_area_nosemaphore+0x50/0x1a0\nJul 26 15:05:02 rx [11061395.947873] ? bad_area_nosemaphore+0x16/0x20\nJul 26 15:05:02 rx [11061395.952486] ? do_user_addr_fault+0x267/0x450\nJul 26 15:05:02 rx [11061395.957104] ? ipv6_list_rcv+0x112/0x140\nJul 26 15:05:02 rx [11061395.961279] ? __do_page_fault+0x58/0x90\nJul 26 15:05:02 rx [11061395.965458] ? do_page_fault+0x2c/0xe0\nJul 26 15:05:02 rx [11061395.969465] ? page_fault+0x34/0x40\nJul 26 15:05:02 rx [11061395.973217] ? tcp_rearm_rto+0xe4/0x160\nJul 26 15:05:02 rx [11061395.977313] ? tcp_rearm_rto+0xe4/0x160\nJul 26 15:05:02 rx [11061395.981408] tcp_send_loss_probe+0x10b/0x220\nJul 26 15:05:02 rx [11061395.985937] tcp_write_timer_handler+0x1b4/0x240\nJul 26 15:05:02 rx [11061395.990809] tcp_write_timer+0x9e/0xe0\nJul 26 15:05:02 rx [11061395.994814] ? tcp_write_timer_handler+0x240/0x240\nJul 26 15:05:02 rx [11061395.999866] call_timer_fn+0x32/0x130\nJul 26 15:05:02 rx [11061396.003782] __run_timers.part.0+0x180/0x280\nJul 26 15:05:02 rx [11061396.008309] ? recalibrate_cpu_khz+0x10/0x10\nJul 26 15:05:02 rx [11061396.012841] ? native_x2apic_icr_write+0x30/0x30\nJul 26 15:05:02 rx [11061396.017718] ? lapic_next_even\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:58:53.361Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ad4f0a14d6856e68f023fc4e5017cfd881a3dfbc"
},
{
"url": "https://git.kernel.org/stable/c/16e0387d87fc858e34449fdf2b14ed5837f761db"
},
{
"url": "https://git.kernel.org/stable/c/ec31cf42fc4e35bb1248ce6eb1de6de9f851ac86"
},
{
"url": "https://git.kernel.org/stable/c/5c4c03288a4aea705e36aa44119c13d7ee4dce99"
},
{
"url": "https://git.kernel.org/stable/c/96c4983eab2a5da235f7fff90beaf17b008ba029"
},
{
"url": "https://git.kernel.org/stable/c/570f7d8c9bf14f041152ba8353d4330ef7575915"
},
{
"url": "https://git.kernel.org/stable/c/81d18c152e3f82bacadf83bc0a471b2363b9cc18"
},
{
"url": "https://git.kernel.org/stable/c/09aea49fbc7e755a915c405644f347137cdb62b0"
},
{
"url": "https://git.kernel.org/stable/c/c8770db2d54437a5f49417ae7b46f7de23d14db6"
}
],
"title": "tcp: check skb is non-NULL in tcp_rto_delta_us()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47684",
"datePublished": "2024-10-21T11:53:25.787Z",
"dateReserved": "2024-09-30T16:00:12.941Z",
"dateUpdated": "2025-11-03T22:20:50.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48951 (GCVE-0-2022-48951)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-12-23 13:21
VLAI?
EPSS
Title
ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
The bounds checks in snd_soc_put_volsw_sx() are only being applied to the
first channel, meaning it is possible to write out of bounds values to the
second channel in stereo controls. Add appropriate checks.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
9e5c40b5706d8aae2cf70bd7e01f0b4575a642d0 , < 56288987843c3cb343e81e5fa51549cbaf541bd0
(git)
Affected: 4977491e4b3aad8567f57e2a9992d251410c1db3 , < cf1c225f1927891ae388562b78ced7840c3723b9 (git) Affected: 9a12fcbf3c622f9bf6b110a873d62b0cba93972e , < 18a168d85eadcfd45f015b5ecd2a97801b959e43 (git) Affected: c33402b056de61104b6146dedbe138ca8d7ec62b , < 9796d07c753164b7e6b0d7ef23fb4482840a9ef8 (git) Affected: 038f8b7caa74d29e020949a43ca368c93f6b29b9 , < 50b5f6d4d9d2d69a7498c44fd8b26e13d73d3d98 (git) Affected: e8e07c5e25a29e2a6f119fd947f55d7a55eb8a13 , < cf611d786796ec33da09d8c83d7d7f4e557b27de (git) Affected: 4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e , < 1798b62d642e7b3d4ea3403914c3caf4e438465d (git) Affected: 4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e , < 97eea946b93961fffd29448dcda7398d0d51c4b2 (git) Affected: ef6cd9eeb38062a145802b7b56be7ae1090e165e (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48951",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:21:37.733749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:40.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/soc-ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "56288987843c3cb343e81e5fa51549cbaf541bd0",
"status": "affected",
"version": "9e5c40b5706d8aae2cf70bd7e01f0b4575a642d0",
"versionType": "git"
},
{
"lessThan": "cf1c225f1927891ae388562b78ced7840c3723b9",
"status": "affected",
"version": "4977491e4b3aad8567f57e2a9992d251410c1db3",
"versionType": "git"
},
{
"lessThan": "18a168d85eadcfd45f015b5ecd2a97801b959e43",
"status": "affected",
"version": "9a12fcbf3c622f9bf6b110a873d62b0cba93972e",
"versionType": "git"
},
{
"lessThan": "9796d07c753164b7e6b0d7ef23fb4482840a9ef8",
"status": "affected",
"version": "c33402b056de61104b6146dedbe138ca8d7ec62b",
"versionType": "git"
},
{
"lessThan": "50b5f6d4d9d2d69a7498c44fd8b26e13d73d3d98",
"status": "affected",
"version": "038f8b7caa74d29e020949a43ca368c93f6b29b9",
"versionType": "git"
},
{
"lessThan": "cf611d786796ec33da09d8c83d7d7f4e557b27de",
"status": "affected",
"version": "e8e07c5e25a29e2a6f119fd947f55d7a55eb8a13",
"versionType": "git"
},
{
"lessThan": "1798b62d642e7b3d4ea3403914c3caf4e438465d",
"status": "affected",
"version": "4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e",
"versionType": "git"
},
{
"lessThan": "97eea946b93961fffd29448dcda7398d0d51c4b2",
"status": "affected",
"version": "4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e",
"versionType": "git"
},
{
"status": "affected",
"version": "ef6cd9eeb38062a145802b7b56be7ae1090e165e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/soc-ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.337",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.303",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.228",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.337",
"versionStartIncluding": "4.9.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.303",
"versionStartIncluding": "4.14.265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"versionStartIncluding": "4.19.228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.228",
"versionStartIncluding": "5.4.178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.160",
"versionStartIncluding": "5.10.99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.84",
"versionStartIncluding": "5.15.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.14",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()\n\nThe bounds checks in snd_soc_put_volsw_sx() are only being applied to the\nfirst channel, meaning it is possible to write out of bounds values to the\nsecond channel in stereo controls. Add appropriate checks."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T13:21:17.692Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/56288987843c3cb343e81e5fa51549cbaf541bd0"
},
{
"url": "https://git.kernel.org/stable/c/cf1c225f1927891ae388562b78ced7840c3723b9"
},
{
"url": "https://git.kernel.org/stable/c/18a168d85eadcfd45f015b5ecd2a97801b959e43"
},
{
"url": "https://git.kernel.org/stable/c/9796d07c753164b7e6b0d7ef23fb4482840a9ef8"
},
{
"url": "https://git.kernel.org/stable/c/50b5f6d4d9d2d69a7498c44fd8b26e13d73d3d98"
},
{
"url": "https://git.kernel.org/stable/c/cf611d786796ec33da09d8c83d7d7f4e557b27de"
},
{
"url": "https://git.kernel.org/stable/c/1798b62d642e7b3d4ea3403914c3caf4e438465d"
},
{
"url": "https://git.kernel.org/stable/c/97eea946b93961fffd29448dcda7398d0d51c4b2"
}
],
"title": "ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48951",
"datePublished": "2024-10-21T20:05:39.092Z",
"dateReserved": "2024-08-22T01:27:53.626Z",
"dateUpdated": "2025-12-23T13:21:17.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26610 (GCVE-0-2024-26610)
Vulnerability from cvelistv5 – Published: 2024-02-29 15:52 – Updated: 2025-05-04 08:52
VLAI?
EPSS
Title
wifi: iwlwifi: fix a memory corruption
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: fix a memory corruption
iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that
if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in
bytes, we'll write past the buffer.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
cf29c5b66b9f83939367d90679eb68cdfa2f0356 , < 05dd9facfb9a1e056752c0901c6e86416037d15a
(git)
Affected: cf29c5b66b9f83939367d90679eb68cdfa2f0356 , < 99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd (git) Affected: cf29c5b66b9f83939367d90679eb68cdfa2f0356 , < aa2cc9363926991ba74411e3aa0a0ea82c1ffe32 (git) Affected: cf29c5b66b9f83939367d90679eb68cdfa2f0356 , < 870171899d75d43e3d14360f3a4850e90a9c289b (git) Affected: cf29c5b66b9f83939367d90679eb68cdfa2f0356 , < f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67 (git) Affected: cf29c5b66b9f83939367d90679eb68cdfa2f0356 , < cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26610",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T18:22:31.931608Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:28.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/05dd9facfb9a1e056752c0901c6e86416037d15a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa2cc9363926991ba74411e3aa0a0ea82c1ffe32"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/870171899d75d43e3d14360f3a4850e90a9c289b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "05dd9facfb9a1e056752c0901c6e86416037d15a",
"status": "affected",
"version": "cf29c5b66b9f83939367d90679eb68cdfa2f0356",
"versionType": "git"
},
{
"lessThan": "99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd",
"status": "affected",
"version": "cf29c5b66b9f83939367d90679eb68cdfa2f0356",
"versionType": "git"
},
{
"lessThan": "aa2cc9363926991ba74411e3aa0a0ea82c1ffe32",
"status": "affected",
"version": "cf29c5b66b9f83939367d90679eb68cdfa2f0356",
"versionType": "git"
},
{
"lessThan": "870171899d75d43e3d14360f3a4850e90a9c289b",
"status": "affected",
"version": "cf29c5b66b9f83939367d90679eb68cdfa2f0356",
"versionType": "git"
},
{
"lessThan": "f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67",
"status": "affected",
"version": "cf29c5b66b9f83939367d90679eb68cdfa2f0356",
"versionType": "git"
},
{
"lessThan": "cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d",
"status": "affected",
"version": "cf29c5b66b9f83939367d90679eb68cdfa2f0356",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: fix a memory corruption\n\niwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that\nif we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in\nbytes, we\u0027ll write past the buffer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:16.227Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/05dd9facfb9a1e056752c0901c6e86416037d15a"
},
{
"url": "https://git.kernel.org/stable/c/99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd"
},
{
"url": "https://git.kernel.org/stable/c/aa2cc9363926991ba74411e3aa0a0ea82c1ffe32"
},
{
"url": "https://git.kernel.org/stable/c/870171899d75d43e3d14360f3a4850e90a9c289b"
},
{
"url": "https://git.kernel.org/stable/c/f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67"
},
{
"url": "https://git.kernel.org/stable/c/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d"
}
],
"title": "wifi: iwlwifi: fix a memory corruption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26610",
"datePublished": "2024-02-29T15:52:15.796Z",
"dateReserved": "2024-02-19T14:20:24.130Z",
"dateUpdated": "2025-05-04T08:52:16.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46802 (GCVE-0-2024-46802)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-11-03 22:18
VLAI?
EPSS
Title
drm/amd/display: added NULL check at start of dc_validate_stream
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: added NULL check at start of dc_validate_stream
[Why]
prevent invalid memory access
[How]
check if dc and stream are NULL
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 356fcce9cdbfe338a275e9e1836adfdd7f5c52a9
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 154a50bf4221a6a6ccf88d565b8184da7c40a2dd (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 6bf920193ba1853bad780bba565a789246d9003c (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 26c56049cc4f1705b498df013949427692a4b0d5 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:21:06.742919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:21:18.597Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:18:44.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc_resource.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "356fcce9cdbfe338a275e9e1836adfdd7f5c52a9",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "154a50bf4221a6a6ccf88d565b8184da7c40a2dd",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "6bf920193ba1853bad780bba565a789246d9003c",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "26c56049cc4f1705b498df013949427692a4b0d5",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc_resource.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.50",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.109",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.50",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL"
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:20:32.325Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9"
},
{
"url": "https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd"
},
{
"url": "https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c"
},
{
"url": "https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5"
}
],
"title": "drm/amd/display: added NULL check at start of dc_validate_stream",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46802",
"datePublished": "2024-09-27T12:35:48.311Z",
"dateReserved": "2024-09-11T15:12:18.281Z",
"dateUpdated": "2025-11-03T22:18:44.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46816 (GCVE-0-2024-46816)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-11-03 19:31
VLAI?
EPSS
Title
drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links
[Why]
Coverity report OVERRUN warning. There are
only max_links elements within dc->links. link
count could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31.
[How]
Make sure link count less than max_links.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < e2411b6abf6e5d6c33d0450846673cdf536f0ba4
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < e3cd0d8362de47f613bfdf315b3f3a9ab71e66bf (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 13080d052c995aee14695a5b740c245121eb2bcc (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < c84632096722fd31251f0957fafc9e90d9a247fd (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 36c39a8dcce210649f2f45f252abaa09fcc1ae87 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < cf8b16857db702ceb8d52f9219a4613363e2b1cf (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:17:56.570304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:18:08.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:31:12.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e2411b6abf6e5d6c33d0450846673cdf536f0ba4",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "e3cd0d8362de47f613bfdf315b3f3a9ab71e66bf",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "13080d052c995aee14695a5b740c245121eb2bcc",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "c84632096722fd31251f0957fafc9e90d9a247fd",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "36c39a8dcce210649f2f45f252abaa09fcc1ae87",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "cf8b16857db702ceb8d52f9219a4613363e2b1cf",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.135",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.237",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.181",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.135",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.88",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links\n\n[Why]\nCoverity report OVERRUN warning. There are\nonly max_links elements within dc-\u003elinks. link\ncount could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31.\n\n[How]\nMake sure link count less than max_links."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:20:40.908Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e2411b6abf6e5d6c33d0450846673cdf536f0ba4"
},
{
"url": "https://git.kernel.org/stable/c/e3cd0d8362de47f613bfdf315b3f3a9ab71e66bf"
},
{
"url": "https://git.kernel.org/stable/c/13080d052c995aee14695a5b740c245121eb2bcc"
},
{
"url": "https://git.kernel.org/stable/c/c84632096722fd31251f0957fafc9e90d9a247fd"
},
{
"url": "https://git.kernel.org/stable/c/36c39a8dcce210649f2f45f252abaa09fcc1ae87"
},
{
"url": "https://git.kernel.org/stable/c/cf8b16857db702ceb8d52f9219a4613363e2b1cf"
}
],
"title": "drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46816",
"datePublished": "2024-09-27T12:35:57.742Z",
"dateReserved": "2024-09-11T15:12:18.283Z",
"dateUpdated": "2025-11-03T19:31:12.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45016 (GCVE-0-2024-45016)
Vulnerability from cvelistv5 – Published: 2024-09-11 15:13 – Updated: 2025-11-03 22:15
VLAI?
EPSS
Title
netem: fix return value if duplicate enqueue fails
Summary
In the Linux kernel, the following vulnerability has been resolved:
netem: fix return value if duplicate enqueue fails
There is a bug in netem_enqueue() introduced by
commit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec")
that can lead to a use-after-free.
This commit made netem_enqueue() always return NET_XMIT_SUCCESS
when a packet is duplicated, which can cause the parent qdisc's q.qlen
to be mistakenly incremented. When this happens qlen_notify() may be
skipped on the parent during destruction, leaving a dangling pointer
for some classful qdiscs like DRR.
There are two ways for the bug happen:
- If the duplicated packet is dropped by rootq->enqueue() and then
the original packet is also dropped.
- If rootq->enqueue() sends the duplicated packet to a different qdisc
and the original packet is dropped.
In both cases NET_XMIT_SUCCESS is returned even though no packets
are enqueued at the netem qdisc.
The fix is to defer the enqueue of the duplicate packet until after
the original packet has been guaranteed to return NET_XMIT_SUCCESS.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < 759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4
(git)
Affected: 5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d (git) Affected: 5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < 52d99a69f3d556c6426048c9d481b912205919d8 (git) Affected: 5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < 0486d31dd8198e22b63a4730244b38fffce6d469 (git) Affected: 5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < 577d6c0619467fe90f7e8e57e45cb5bd9d936014 (git) Affected: 5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < e5bb2988a310667abed66c7d3ffa28880cf0f883 (git) Affected: 5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < c07ff8592d57ed258afee5a5e04991a48dbaf382 (git) Affected: a550a01b8af856f2684b0f79d552f5119eb5006c (git) Affected: 009510a90e230bb495f3fe25c7db956679263b07 (git) Affected: 4de7d30668cb8b06330992e1cd336f91700a2ce7 (git) Affected: d1dd2e15c85e890a1cc9bde5ba07ae63331e5c73 (git) Affected: 0148fe458b5705e2fea7cb88294fed7e36066ca2 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:49:19.675501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:49:33.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:15:21.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/sch_netem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
},
{
"lessThan": "c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
},
{
"lessThan": "52d99a69f3d556c6426048c9d481b912205919d8",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
},
{
"lessThan": "0486d31dd8198e22b63a4730244b38fffce6d469",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
},
{
"lessThan": "577d6c0619467fe90f7e8e57e45cb5bd9d936014",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
},
{
"lessThan": "e5bb2988a310667abed66c7d3ffa28880cf0f883",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
},
{
"lessThan": "c07ff8592d57ed258afee5a5e04991a48dbaf382",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
},
{
"status": "affected",
"version": "a550a01b8af856f2684b0f79d552f5119eb5006c",
"versionType": "git"
},
{
"status": "affected",
"version": "009510a90e230bb495f3fe25c7db956679263b07",
"versionType": "git"
},
{
"status": "affected",
"version": "4de7d30668cb8b06330992e1cd336f91700a2ce7",
"versionType": "git"
},
{
"status": "affected",
"version": "d1dd2e15c85e890a1cc9bde5ba07ae63331e5c73",
"versionType": "git"
},
{
"status": "affected",
"version": "0148fe458b5705e2fea7cb88294fed7e36066ca2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/sch_netem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.283",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.225",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.48",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.7",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16.66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a (\"net: netem: fix skb length BUG_ON in __skb_to_sgvec\")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc\u0027s q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq-\u003eenqueue() and then\n the original packet is also dropped.\n- If rootq-\u003eenqueue() sends the duplicated packet to a different qdisc\n and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:58:33.332Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4"
},
{
"url": "https://git.kernel.org/stable/c/c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d"
},
{
"url": "https://git.kernel.org/stable/c/52d99a69f3d556c6426048c9d481b912205919d8"
},
{
"url": "https://git.kernel.org/stable/c/0486d31dd8198e22b63a4730244b38fffce6d469"
},
{
"url": "https://git.kernel.org/stable/c/577d6c0619467fe90f7e8e57e45cb5bd9d936014"
},
{
"url": "https://git.kernel.org/stable/c/e5bb2988a310667abed66c7d3ffa28880cf0f883"
},
{
"url": "https://git.kernel.org/stable/c/c07ff8592d57ed258afee5a5e04991a48dbaf382"
}
],
"title": "netem: fix return value if duplicate enqueue fails",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45016",
"datePublished": "2024-09-11T15:13:52.053Z",
"dateReserved": "2024-08-21T05:34:56.682Z",
"dateUpdated": "2025-11-03T22:15:21.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49867 (GCVE-0-2024-49867)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2026-01-05 10:54
VLAI?
EPSS
Title
btrfs: wait for fixup workers before stopping cleaner kthread during umount
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: wait for fixup workers before stopping cleaner kthread during umount
During unmount, at close_ctree(), we have the following steps in this order:
1) Park the cleaner kthread - this doesn't destroy the kthread, it basically
halts its execution (wake ups against it work but do nothing);
2) We stop the cleaner kthread - this results in freeing the respective
struct task_struct;
3) We call btrfs_stop_all_workers() which waits for any jobs running in all
the work queues and then free the work queues.
Syzbot reported a case where a fixup worker resulted in a crash when doing
a delayed iput on its inode while attempting to wake up the cleaner at
btrfs_add_delayed_iput(), because the task_struct of the cleaner kthread
was already freed. This can happen during unmount because we don't wait
for any fixup workers still running before we call kthread_stop() against
the cleaner kthread, which stops and free all its resources.
Fix this by waiting for any fixup workers at close_ctree() before we call
kthread_stop() against the cleaner and run pending delayed iputs.
The stack traces reported by syzbot were the following:
BUG: KASAN: slab-use-after-free in __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065
Read of size 8 at addr ffff8880272a8a18 by task kworker/u8:3/52
CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.12.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: btrfs-fixup btrfs_work_helper
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:377 [inline]
print_report+0x169/0x550 mm/kasan/report.c:488
kasan_report+0x143/0x180 mm/kasan/report.c:601
__lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]
try_to_wake_up+0xb0/0x1480 kernel/sched/core.c:4154
btrfs_writepage_fixup_worker+0xc16/0xdf0 fs/btrfs/inode.c:2842
btrfs_work_helper+0x390/0xc50 fs/btrfs/async-thread.c:314
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Allocated by task 2:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
unpoison_slab_object mm/kasan/common.c:319 [inline]
__kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345
kasan_slab_alloc include/linux/kasan.h:247 [inline]
slab_post_alloc_hook mm/slub.c:4086 [inline]
slab_alloc_node mm/slub.c:4135 [inline]
kmem_cache_alloc_node_noprof+0x16b/0x320 mm/slub.c:4187
alloc_task_struct_node kernel/fork.c:180 [inline]
dup_task_struct+0x57/0x8c0 kernel/fork.c:1107
copy_process+0x5d1/0x3d50 kernel/fork.c:2206
kernel_clone+0x223/0x880 kernel/fork.c:2787
kernel_thread+0x1bc/0x240 kernel/fork.c:2849
create_kthread kernel/kthread.c:412 [inline]
kthreadd+0x60d/0x810 kernel/kthread.c:765
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Freed by task 61:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579
poison_slab_object mm/kasan/common.c:247 [inline]
__kasan_slab_free+0x59/0x70 mm/kasan/common.c:264
kasan_slab_free include/linux/kasan.h:230 [inline]
slab_free_h
---truncated---
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
7a97311de48d56af6db4c5819f95faf9b0b23b1a , < a71349b692ab34ea197949e13e3cc42570fe73d9
(git)
Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < 70b60c8d9b42763d6629e44f448aa5d8ae477d61 (git) Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < 4c98fe0dfa2ae83c4631699695506d8941db4bfe (git) Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < 9da40aea63f8769f28afb91aea0fac4cf6fbbb65 (git) Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < ed87190e9d9c80aad220fb6b0b03a84d22e2c95b (git) Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < bf0de0f9a0544c11f96f93206da04ab87dcea1f4 (git) Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < 65d11eb276836d49003a8060cf31fa2284ad1047 (git) Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < 41fd1e94066a815a7ab0a7025359e9b40e4b3576 (git) Affected: 6026fd9da213daab95469356fe7fdcf29ae1a296 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49867",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:47:28.241887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:52.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:34.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/disk-io.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a71349b692ab34ea197949e13e3cc42570fe73d9",
"status": "affected",
"version": "7a97311de48d56af6db4c5819f95faf9b0b23b1a",
"versionType": "git"
},
{
"lessThan": "70b60c8d9b42763d6629e44f448aa5d8ae477d61",
"status": "affected",
"version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
"versionType": "git"
},
{
"lessThan": "4c98fe0dfa2ae83c4631699695506d8941db4bfe",
"status": "affected",
"version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
"versionType": "git"
},
{
"lessThan": "9da40aea63f8769f28afb91aea0fac4cf6fbbb65",
"status": "affected",
"version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
"versionType": "git"
},
{
"lessThan": "ed87190e9d9c80aad220fb6b0b03a84d22e2c95b",
"status": "affected",
"version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
"versionType": "git"
},
{
"lessThan": "bf0de0f9a0544c11f96f93206da04ab87dcea1f4",
"status": "affected",
"version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
"versionType": "git"
},
{
"lessThan": "65d11eb276836d49003a8060cf31fa2284ad1047",
"status": "affected",
"version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
"versionType": "git"
},
{
"lessThan": "41fd1e94066a815a7ab0a7025359e9b40e4b3576",
"status": "affected",
"version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
"versionType": "git"
},
{
"status": "affected",
"version": "6026fd9da213daab95469356fe7fdcf29ae1a296",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/disk-io.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "5.4.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: wait for fixup workers before stopping cleaner kthread during umount\n\nDuring unmount, at close_ctree(), we have the following steps in this order:\n\n1) Park the cleaner kthread - this doesn\u0027t destroy the kthread, it basically\n halts its execution (wake ups against it work but do nothing);\n\n2) We stop the cleaner kthread - this results in freeing the respective\n struct task_struct;\n\n3) We call btrfs_stop_all_workers() which waits for any jobs running in all\n the work queues and then free the work queues.\n\nSyzbot reported a case where a fixup worker resulted in a crash when doing\na delayed iput on its inode while attempting to wake up the cleaner at\nbtrfs_add_delayed_iput(), because the task_struct of the cleaner kthread\nwas already freed. This can happen during unmount because we don\u0027t wait\nfor any fixup workers still running before we call kthread_stop() against\nthe cleaner kthread, which stops and free all its resources.\n\nFix this by waiting for any fixup workers at close_ctree() before we call\nkthread_stop() against the cleaner and run pending delayed iputs.\n\nThe stack traces reported by syzbot were the following:\n\n BUG: KASAN: slab-use-after-free in __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065\n Read of size 8 at addr ffff8880272a8a18 by task kworker/u8:3/52\n\n CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.12.0-rc1-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n Workqueue: btrfs-fixup btrfs_work_helper\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162\n class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]\n try_to_wake_up+0xb0/0x1480 kernel/sched/core.c:4154\n btrfs_writepage_fixup_worker+0xc16/0xdf0 fs/btrfs/inode.c:2842\n btrfs_work_helper+0x390/0xc50 fs/btrfs/async-thread.c:314\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 2:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:319 [inline]\n __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345\n kasan_slab_alloc include/linux/kasan.h:247 [inline]\n slab_post_alloc_hook mm/slub.c:4086 [inline]\n slab_alloc_node mm/slub.c:4135 [inline]\n kmem_cache_alloc_node_noprof+0x16b/0x320 mm/slub.c:4187\n alloc_task_struct_node kernel/fork.c:180 [inline]\n dup_task_struct+0x57/0x8c0 kernel/fork.c:1107\n copy_process+0x5d1/0x3d50 kernel/fork.c:2206\n kernel_clone+0x223/0x880 kernel/fork.c:2787\n kernel_thread+0x1bc/0x240 kernel/fork.c:2849\n create_kthread kernel/kthread.c:412 [inline]\n kthreadd+0x60d/0x810 kernel/kthread.c:765\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\n Freed by task 61:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:230 [inline]\n slab_free_h\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:54:09.222Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a71349b692ab34ea197949e13e3cc42570fe73d9"
},
{
"url": "https://git.kernel.org/stable/c/70b60c8d9b42763d6629e44f448aa5d8ae477d61"
},
{
"url": "https://git.kernel.org/stable/c/4c98fe0dfa2ae83c4631699695506d8941db4bfe"
},
{
"url": "https://git.kernel.org/stable/c/9da40aea63f8769f28afb91aea0fac4cf6fbbb65"
},
{
"url": "https://git.kernel.org/stable/c/ed87190e9d9c80aad220fb6b0b03a84d22e2c95b"
},
{
"url": "https://git.kernel.org/stable/c/bf0de0f9a0544c11f96f93206da04ab87dcea1f4"
},
{
"url": "https://git.kernel.org/stable/c/65d11eb276836d49003a8060cf31fa2284ad1047"
},
{
"url": "https://git.kernel.org/stable/c/41fd1e94066a815a7ab0a7025359e9b40e4b3576"
}
],
"title": "btrfs: wait for fixup workers before stopping cleaner kthread during umount",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49867",
"datePublished": "2024-10-21T18:01:09.962Z",
"dateReserved": "2024-10-21T12:17:06.018Z",
"dateUpdated": "2026-01-05T10:54:09.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50058 (GCVE-0-2024-50058)
Vulnerability from cvelistv5 – Published: 2024-10-21 19:39 – Updated: 2026-01-05 10:54
VLAI?
EPSS
Title
serial: protect uart_port_dtr_rts() in uart_shutdown() too
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: protect uart_port_dtr_rts() in uart_shutdown() too
Commit af224ca2df29 (serial: core: Prevent unsafe uart port access, part
3) added few uport == NULL checks. It added one to uart_shutdown(), so
the commit assumes, uport can be NULL in there. But right after that
protection, there is an unprotected "uart_port_dtr_rts(uport, false);"
call. That is invoked only if HUPCL is set, so I assume that is the
reason why we do not see lots of these reports.
Or it cannot be NULL at this point at all for some reason :P.
Until the above is investigated, stay on the safe side and move this
dereference to the if too.
I got this inconsistency from Coverity under CID 1585130. Thanks.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
af224ca2df297440448b9d407d21b50982c6d532 , < 2fe399bb8efd0d325ab1138cf8e3ecf23a39e96d
(git)
Affected: af224ca2df297440448b9d407d21b50982c6d532 , < 399927f0f875b93f3d5a0336d382ba48b8671eb2 (git) Affected: af224ca2df297440448b9d407d21b50982c6d532 , < d7b5876a6e74cdf8468a478be6b23f2f5464ac7a (git) Affected: af224ca2df297440448b9d407d21b50982c6d532 , < e418d91195d29d5f9c9685ff309b92b04b41dc40 (git) Affected: af224ca2df297440448b9d407d21b50982c6d532 , < 76ed24a34223bb2c6b6162e1d8389ec4e602a290 (git) Affected: af224ca2df297440448b9d407d21b50982c6d532 , < 602babaa84d627923713acaf5f7e9a4369e77473 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50058",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:23:14.442818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:42.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:24:57.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/serial_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2fe399bb8efd0d325ab1138cf8e3ecf23a39e96d",
"status": "affected",
"version": "af224ca2df297440448b9d407d21b50982c6d532",
"versionType": "git"
},
{
"lessThan": "399927f0f875b93f3d5a0336d382ba48b8671eb2",
"status": "affected",
"version": "af224ca2df297440448b9d407d21b50982c6d532",
"versionType": "git"
},
{
"lessThan": "d7b5876a6e74cdf8468a478be6b23f2f5464ac7a",
"status": "affected",
"version": "af224ca2df297440448b9d407d21b50982c6d532",
"versionType": "git"
},
{
"lessThan": "e418d91195d29d5f9c9685ff309b92b04b41dc40",
"status": "affected",
"version": "af224ca2df297440448b9d407d21b50982c6d532",
"versionType": "git"
},
{
"lessThan": "76ed24a34223bb2c6b6162e1d8389ec4e602a290",
"status": "affected",
"version": "af224ca2df297440448b9d407d21b50982c6d532",
"versionType": "git"
},
{
"lessThan": "602babaa84d627923713acaf5f7e9a4369e77473",
"status": "affected",
"version": "af224ca2df297440448b9d407d21b50982c6d532",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/serial_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.170",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.115",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.57",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.229",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.170",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.115",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.57",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.4",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: protect uart_port_dtr_rts() in uart_shutdown() too\n\nCommit af224ca2df29 (serial: core: Prevent unsafe uart port access, part\n3) added few uport == NULL checks. It added one to uart_shutdown(), so\nthe commit assumes, uport can be NULL in there. But right after that\nprotection, there is an unprotected \"uart_port_dtr_rts(uport, false);\"\ncall. That is invoked only if HUPCL is set, so I assume that is the\nreason why we do not see lots of these reports.\n\nOr it cannot be NULL at this point at all for some reason :P.\n\nUntil the above is investigated, stay on the safe side and move this\ndereference to the if too.\n\nI got this inconsistency from Coverity under CID 1585130. Thanks."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:54:51.255Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2fe399bb8efd0d325ab1138cf8e3ecf23a39e96d"
},
{
"url": "https://git.kernel.org/stable/c/399927f0f875b93f3d5a0336d382ba48b8671eb2"
},
{
"url": "https://git.kernel.org/stable/c/d7b5876a6e74cdf8468a478be6b23f2f5464ac7a"
},
{
"url": "https://git.kernel.org/stable/c/e418d91195d29d5f9c9685ff309b92b04b41dc40"
},
{
"url": "https://git.kernel.org/stable/c/76ed24a34223bb2c6b6162e1d8389ec4e602a290"
},
{
"url": "https://git.kernel.org/stable/c/602babaa84d627923713acaf5f7e9a4369e77473"
}
],
"title": "serial: protect uart_port_dtr_rts() in uart_shutdown() too",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50058",
"datePublished": "2024-10-21T19:39:48.420Z",
"dateReserved": "2024-10-21T19:36:19.938Z",
"dateUpdated": "2026-01-05T10:54:51.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47378 (GCVE-0-2021-47378)
Vulnerability from cvelistv5 – Published: 2024-05-21 15:03 – Updated: 2025-12-18 11:37
VLAI?
EPSS
Title
nvme-rdma: destroy cm id before destroy qp to avoid use after free
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvme-rdma: destroy cm id before destroy qp to avoid use after free
We should always destroy cm_id before destroy qp to avoid to get cma
event after qp was destroyed, which may lead to use after free.
In RDMA connection establishment error flow, don't destroy qp in cm
event handler.Just report cm_error to upper level, qp will be destroy
in nvme_rdma_alloc_queue() after destroy cm id.
Severity ?
9.8 (Critical)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
7110230719602852481c2793d054f866b2bf4a2b , < ecf0dc5a904830c926a64feffd8e01141f89822f
(git)
Affected: 7110230719602852481c2793d054f866b2bf4a2b , < d268a182c56e8361e19fb781137411643312b994 (git) Affected: 7110230719602852481c2793d054f866b2bf4a2b , < 9817d763dbe15327b9b3ff4404fa6f27f927e744 (git) |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "1da177e4c3f4"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.10.70"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.14.9"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.15"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47378",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:04:16.754681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:04:30.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:32:08.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ecf0dc5a904830c926a64feffd8e01141f89822f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d268a182c56e8361e19fb781137411643312b994"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9817d763dbe15327b9b3ff4404fa6f27f927e744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/rdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ecf0dc5a904830c926a64feffd8e01141f89822f",
"status": "affected",
"version": "7110230719602852481c2793d054f866b2bf4a2b",
"versionType": "git"
},
{
"lessThan": "d268a182c56e8361e19fb781137411643312b994",
"status": "affected",
"version": "7110230719602852481c2793d054f866b2bf4a2b",
"versionType": "git"
},
{
"lessThan": "9817d763dbe15327b9b3ff4404fa6f27f927e744",
"status": "affected",
"version": "7110230719602852481c2793d054f866b2bf4a2b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/rdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.14.*",
"status": "unaffected",
"version": "5.14.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.70",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14.9",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-rdma: destroy cm id before destroy qp to avoid use after free\n\nWe should always destroy cm_id before destroy qp to avoid to get cma\nevent after qp was destroyed, which may lead to use after free.\nIn RDMA connection establishment error flow, don\u0027t destroy qp in cm\nevent handler.Just report cm_error to upper level, qp will be destroy\nin nvme_rdma_alloc_queue() after destroy cm id."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T11:37:15.720Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ecf0dc5a904830c926a64feffd8e01141f89822f"
},
{
"url": "https://git.kernel.org/stable/c/d268a182c56e8361e19fb781137411643312b994"
},
{
"url": "https://git.kernel.org/stable/c/9817d763dbe15327b9b3ff4404fa6f27f927e744"
}
],
"title": "nvme-rdma: destroy cm id before destroy qp to avoid use after free",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47378",
"datePublished": "2024-05-21T15:03:41.038Z",
"dateReserved": "2024-05-21T14:58:30.811Z",
"dateUpdated": "2025-12-18T11:37:15.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35949 (GCVE-0-2024-35949)
Vulnerability from cvelistv5 – Published: 2024-05-20 09:17 – Updated: 2026-01-05 10:36
VLAI?
EPSS
Title
btrfs: make sure that WRITTEN is set on all metadata blocks
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: make sure that WRITTEN is set on all metadata blocks
We previously would call btrfs_check_leaf() if we had the check
integrity code enabled, which meant that we could only run the extended
leaf checks if we had WRITTEN set on the header flags.
This leaves a gap in our checking, because we could end up with
corruption on disk where WRITTEN isn't set on the leaf, and then the
extended leaf checks don't get run which we rely on to validate all of
the item pointers to make sure we don't access memory outside of the
extent buffer.
However, since 732fab95abe2 ("btrfs: check-integrity: remove
CONFIG_BTRFS_FS_CHECK_INTEGRITY option") we no longer call
btrfs_check_leaf() from btrfs_mark_buffer_dirty(), which means we only
ever call it on blocks that are being written out, and thus have WRITTEN
set, or that are being read in, which should have WRITTEN set.
Add checks to make sure we have WRITTEN set appropriately, and then make
sure __btrfs_check_leaf() always does the item checking. This will
protect us from file systems that have been corrupted and no longer have
WRITTEN set on some of the blocks.
This was hit on a crafted image tweaking the WRITTEN bit and reported by
KASAN as out-of-bound access in the eb accessors. The example is a dir
item at the end of an eb.
[2.042] BTRFS warning (device loop1): bad eb member start: ptr 0x3fff start 30572544 member offset 16410 size 2
[2.040] general protection fault, probably for non-canonical address 0xe0009d1000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI
[2.537] KASAN: maybe wild-memory-access in range [0x0005088000000018-0x000508800000001f]
[2.729] CPU: 0 PID: 2587 Comm: mount Not tainted 6.8.2 #1
[2.729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[2.621] RIP: 0010:btrfs_get_16+0x34b/0x6d0
[2.621] RSP: 0018:ffff88810871fab8 EFLAGS: 00000206
[2.621] RAX: 0000a11000000003 RBX: ffff888104ff8720 RCX: ffff88811b2288c0
[2.621] RDX: dffffc0000000000 RSI: ffffffff81dd8aca RDI: ffff88810871f748
[2.621] RBP: 000000000000401a R08: 0000000000000001 R09: ffffed10210e3ee9
[2.621] R10: ffff88810871f74f R11: 205d323430333737 R12: 000000000000001a
[2.621] R13: 000508800000001a R14: 1ffff110210e3f5d R15: ffffffff850011e8
[2.621] FS: 00007f56ea275840(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000
[2.621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[2.621] CR2: 00007febd13b75c0 CR3: 000000010bb50000 CR4: 00000000000006f0
[2.621] Call Trace:
[2.621] <TASK>
[2.621] ? show_regs+0x74/0x80
[2.621] ? die_addr+0x46/0xc0
[2.621] ? exc_general_protection+0x161/0x2a0
[2.621] ? asm_exc_general_protection+0x26/0x30
[2.621] ? btrfs_get_16+0x33a/0x6d0
[2.621] ? btrfs_get_16+0x34b/0x6d0
[2.621] ? btrfs_get_16+0x33a/0x6d0
[2.621] ? __pfx_btrfs_get_16+0x10/0x10
[2.621] ? __pfx_mutex_unlock+0x10/0x10
[2.621] btrfs_match_dir_item_name+0x101/0x1a0
[2.621] btrfs_lookup_dir_item+0x1f3/0x280
[2.621] ? __pfx_btrfs_lookup_dir_item+0x10/0x10
[2.621] btrfs_get_tree+0xd25/0x1910
[ copy more details from report ]
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
85d8a826c7cde17f9cca9c4debecb4538bdb6573 , < 9dff3e36ea89e8003516841c27c45af562b6ef44
(git)
Affected: 85d8a826c7cde17f9cca9c4debecb4538bdb6573 , < ef3ba8ce8cf7075b716aa4afcefc3034215878ee (git) Affected: 85d8a826c7cde17f9cca9c4debecb4538bdb6573 , < e03418abde871314e1a3a550f4c8afb7b89cb273 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:38:20.543684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:40:35.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef3ba8ce8cf7075b716aa4afcefc3034215878ee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e03418abde871314e1a3a550f4c8afb7b89cb273"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/tree-checker.c",
"fs/btrfs/tree-checker.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9dff3e36ea89e8003516841c27c45af562b6ef44",
"status": "affected",
"version": "85d8a826c7cde17f9cca9c4debecb4538bdb6573",
"versionType": "git"
},
{
"lessThan": "ef3ba8ce8cf7075b716aa4afcefc3034215878ee",
"status": "affected",
"version": "85d8a826c7cde17f9cca9c4debecb4538bdb6573",
"versionType": "git"
},
{
"lessThan": "e03418abde871314e1a3a550f4c8afb7b89cb273",
"status": "affected",
"version": "85d8a826c7cde17f9cca9c4debecb4538bdb6573",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/tree-checker.c",
"fs/btrfs/tree-checker.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.85",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: make sure that WRITTEN is set on all metadata blocks\n\nWe previously would call btrfs_check_leaf() if we had the check\nintegrity code enabled, which meant that we could only run the extended\nleaf checks if we had WRITTEN set on the header flags.\n\nThis leaves a gap in our checking, because we could end up with\ncorruption on disk where WRITTEN isn\u0027t set on the leaf, and then the\nextended leaf checks don\u0027t get run which we rely on to validate all of\nthe item pointers to make sure we don\u0027t access memory outside of the\nextent buffer.\n\nHowever, since 732fab95abe2 (\"btrfs: check-integrity: remove\nCONFIG_BTRFS_FS_CHECK_INTEGRITY option\") we no longer call\nbtrfs_check_leaf() from btrfs_mark_buffer_dirty(), which means we only\never call it on blocks that are being written out, and thus have WRITTEN\nset, or that are being read in, which should have WRITTEN set.\n\nAdd checks to make sure we have WRITTEN set appropriately, and then make\nsure __btrfs_check_leaf() always does the item checking. This will\nprotect us from file systems that have been corrupted and no longer have\nWRITTEN set on some of the blocks.\n\nThis was hit on a crafted image tweaking the WRITTEN bit and reported by\nKASAN as out-of-bound access in the eb accessors. The example is a dir\nitem at the end of an eb.\n\n [2.042] BTRFS warning (device loop1): bad eb member start: ptr 0x3fff start 30572544 member offset 16410 size 2\n [2.040] general protection fault, probably for non-canonical address 0xe0009d1000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI\n [2.537] KASAN: maybe wild-memory-access in range [0x0005088000000018-0x000508800000001f]\n [2.729] CPU: 0 PID: 2587 Comm: mount Not tainted 6.8.2 #1\n [2.729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [2.621] RIP: 0010:btrfs_get_16+0x34b/0x6d0\n [2.621] RSP: 0018:ffff88810871fab8 EFLAGS: 00000206\n [2.621] RAX: 0000a11000000003 RBX: ffff888104ff8720 RCX: ffff88811b2288c0\n [2.621] RDX: dffffc0000000000 RSI: ffffffff81dd8aca RDI: ffff88810871f748\n [2.621] RBP: 000000000000401a R08: 0000000000000001 R09: ffffed10210e3ee9\n [2.621] R10: ffff88810871f74f R11: 205d323430333737 R12: 000000000000001a\n [2.621] R13: 000508800000001a R14: 1ffff110210e3f5d R15: ffffffff850011e8\n [2.621] FS: 00007f56ea275840(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000\n [2.621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [2.621] CR2: 00007febd13b75c0 CR3: 000000010bb50000 CR4: 00000000000006f0\n [2.621] Call Trace:\n [2.621] \u003cTASK\u003e\n [2.621] ? show_regs+0x74/0x80\n [2.621] ? die_addr+0x46/0xc0\n [2.621] ? exc_general_protection+0x161/0x2a0\n [2.621] ? asm_exc_general_protection+0x26/0x30\n [2.621] ? btrfs_get_16+0x33a/0x6d0\n [2.621] ? btrfs_get_16+0x34b/0x6d0\n [2.621] ? btrfs_get_16+0x33a/0x6d0\n [2.621] ? __pfx_btrfs_get_16+0x10/0x10\n [2.621] ? __pfx_mutex_unlock+0x10/0x10\n [2.621] btrfs_match_dir_item_name+0x101/0x1a0\n [2.621] btrfs_lookup_dir_item+0x1f3/0x280\n [2.621] ? __pfx_btrfs_lookup_dir_item+0x10/0x10\n [2.621] btrfs_get_tree+0xd25/0x1910\n\n[ copy more details from report ]"
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:36:05.700Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9dff3e36ea89e8003516841c27c45af562b6ef44"
},
{
"url": "https://git.kernel.org/stable/c/ef3ba8ce8cf7075b716aa4afcefc3034215878ee"
},
{
"url": "https://git.kernel.org/stable/c/e03418abde871314e1a3a550f4c8afb7b89cb273"
}
],
"title": "btrfs: make sure that WRITTEN is set on all metadata blocks",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35949",
"datePublished": "2024-05-20T09:17:38.893Z",
"dateReserved": "2024-05-17T13:50:33.134Z",
"dateUpdated": "2026-01-05T10:36:05.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49019 (GCVE-0-2022-49019)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
net: ethernet: nixge: fix NULL dereference
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: nixge: fix NULL dereference
In function nixge_hw_dma_bd_release() dereference of NULL pointer
priv->rx_bd_v is possible for the case of its allocation failure in
nixge_hw_dma_bd_init().
Move for() loop with priv->rx_bd_v dereference under the check for
its validity.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
492caffa8a1a405f661c111acabfe6b8b9645db8 , < 910c0264b64ef2dad8887714a7c56c93e39a0ed3
(git)
Affected: 492caffa8a1a405f661c111acabfe6b8b9645db8 , < 45752af0247589e6d3dede577415bfe117b4392c (git) Affected: 492caffa8a1a405f661c111acabfe6b8b9645db8 , < 9c584d6d9cfb935dce8fc81a4c26debac0a3049b (git) Affected: 492caffa8a1a405f661c111acabfe6b8b9645db8 , < 80e82f7b440b65cf131dce10f487dc73a7046e6b (git) Affected: 492caffa8a1a405f661c111acabfe6b8b9645db8 , < 9256db4e45e8b497b0e993cc3ed4ad08eb2389b6 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:12:50.494969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:37.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/ni/nixge.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "910c0264b64ef2dad8887714a7c56c93e39a0ed3",
"status": "affected",
"version": "492caffa8a1a405f661c111acabfe6b8b9645db8",
"versionType": "git"
},
{
"lessThan": "45752af0247589e6d3dede577415bfe117b4392c",
"status": "affected",
"version": "492caffa8a1a405f661c111acabfe6b8b9645db8",
"versionType": "git"
},
{
"lessThan": "9c584d6d9cfb935dce8fc81a4c26debac0a3049b",
"status": "affected",
"version": "492caffa8a1a405f661c111acabfe6b8b9645db8",
"versionType": "git"
},
{
"lessThan": "80e82f7b440b65cf131dce10f487dc73a7046e6b",
"status": "affected",
"version": "492caffa8a1a405f661c111acabfe6b8b9645db8",
"versionType": "git"
},
{
"lessThan": "9256db4e45e8b497b0e993cc3ed4ad08eb2389b6",
"status": "affected",
"version": "492caffa8a1a405f661c111acabfe6b8b9645db8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/ni/nixge.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: nixge: fix NULL dereference\n\nIn function nixge_hw_dma_bd_release() dereference of NULL pointer\npriv-\u003erx_bd_v is possible for the case of its allocation failure in\nnixge_hw_dma_bd_init().\n\nMove for() loop with priv-\u003erx_bd_v dereference under the check for\nits validity.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:11.934Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/910c0264b64ef2dad8887714a7c56c93e39a0ed3"
},
{
"url": "https://git.kernel.org/stable/c/45752af0247589e6d3dede577415bfe117b4392c"
},
{
"url": "https://git.kernel.org/stable/c/9c584d6d9cfb935dce8fc81a4c26debac0a3049b"
},
{
"url": "https://git.kernel.org/stable/c/80e82f7b440b65cf131dce10f487dc73a7046e6b"
},
{
"url": "https://git.kernel.org/stable/c/9256db4e45e8b497b0e993cc3ed4ad08eb2389b6"
}
],
"title": "net: ethernet: nixge: fix NULL dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49019",
"datePublished": "2024-10-21T20:06:27.306Z",
"dateReserved": "2024-08-22T01:27:53.646Z",
"dateUpdated": "2025-05-04T08:28:11.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50045 (GCVE-0-2024-50045)
Vulnerability from cvelistv5 – Published: 2024-10-21 19:39 – Updated: 2025-11-03 22:24
VLAI?
EPSS
Title
netfilter: br_netfilter: fix panic with metadata_dst skb
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: br_netfilter: fix panic with metadata_dst skb
Fix a kernel panic in the br_netfilter module when sending untagged
traffic via a VxLAN device.
This happens during the check for fragmentation in br_nf_dev_queue_xmit.
It is dependent on:
1) the br_netfilter module being loaded;
2) net.bridge.bridge-nf-call-iptables set to 1;
3) a bridge with a VxLAN (single-vxlan-device) netdevice as a bridge port;
4) untagged frames with size higher than the VxLAN MTU forwarded/flooded
When forwarding the untagged packet to the VxLAN bridge port, before
the netfilter hooks are called, br_handle_egress_vlan_tunnel is called and
changes the skb_dst to the tunnel dst. The tunnel_dst is a metadata type
of dst, i.e., skb_valid_dst(skb) is false, and metadata->dst.dev is NULL.
Then in the br_netfilter hooks, in br_nf_dev_queue_xmit, there's a check
for frames that needs to be fragmented: frames with higher MTU than the
VxLAN device end up calling br_nf_ip_fragment, which in turns call
ip_skb_dst_mtu.
The ip_dst_mtu tries to use the skb_dst(skb) as if it was a valid dst
with valid dst->dev, thus the crash.
This case was never supported in the first place, so drop the packet
instead.
PING 10.0.0.2 (10.0.0.2) from 0.0.0.0 h1-eth0: 2000(2028) bytes of data.
[ 176.291791] Unable to handle kernel NULL pointer dereference at
virtual address 0000000000000110
[ 176.292101] Mem abort info:
[ 176.292184] ESR = 0x0000000096000004
[ 176.292322] EC = 0x25: DABT (current EL), IL = 32 bits
[ 176.292530] SET = 0, FnV = 0
[ 176.292709] EA = 0, S1PTW = 0
[ 176.292862] FSC = 0x04: level 0 translation fault
[ 176.293013] Data abort info:
[ 176.293104] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[ 176.293488] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 176.293787] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 176.293995] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000043ef5000
[ 176.294166] [0000000000000110] pgd=0000000000000000,
p4d=0000000000000000
[ 176.294827] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
[ 176.295252] Modules linked in: vxlan ip6_udp_tunnel udp_tunnel veth
br_netfilter bridge stp llc ipv6 crct10dif_ce
[ 176.295923] CPU: 0 PID: 188 Comm: ping Not tainted
6.8.0-rc3-g5b3fbd61b9d1 #2
[ 176.296314] Hardware name: linux,dummy-virt (DT)
[ 176.296535] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS
BTYPE=--)
[ 176.296808] pc : br_nf_dev_queue_xmit+0x390/0x4ec [br_netfilter]
[ 176.297382] lr : br_nf_dev_queue_xmit+0x2ac/0x4ec [br_netfilter]
[ 176.297636] sp : ffff800080003630
[ 176.297743] x29: ffff800080003630 x28: 0000000000000008 x27:
ffff6828c49ad9f8
[ 176.298093] x26: ffff6828c49ad000 x25: 0000000000000000 x24:
00000000000003e8
[ 176.298430] x23: 0000000000000000 x22: ffff6828c4960b40 x21:
ffff6828c3b16d28
[ 176.298652] x20: ffff6828c3167048 x19: ffff6828c3b16d00 x18:
0000000000000014
[ 176.298926] x17: ffffb0476322f000 x16: ffffb7e164023730 x15:
0000000095744632
[ 176.299296] x14: ffff6828c3f1c880 x13: 0000000000000002 x12:
ffffb7e137926a70
[ 176.299574] x11: 0000000000000001 x10: ffff6828c3f1c898 x9 :
0000000000000000
[ 176.300049] x8 : ffff6828c49bf070 x7 : 0008460f18d5f20e x6 :
f20e0100bebafeca
[ 176.300302] x5 : ffff6828c7f918fe x4 : ffff6828c49bf070 x3 :
0000000000000000
[ 176.300586] x2 : 0000000000000000 x1 : ffff6828c3c7ad00 x0 :
ffff6828c7f918f0
[ 176.300889] Call trace:
[ 176.301123] br_nf_dev_queue_xmit+0x390/0x4ec [br_netfilter]
[ 176.301411] br_nf_post_routing+0x2a8/0x3e4 [br_netfilter]
[ 176.301703] nf_hook_slow+0x48/0x124
[ 176.302060] br_forward_finish+0xc8/0xe8 [bridge]
[ 176.302371] br_nf_hook_thresh+0x124/0x134 [br_netfilter]
[ 176.302605] br_nf_forward_finish+0x118/0x22c [br_netfilter]
[ 176.302824] br_nf_forward_ip.part.0+0x264/0x290 [br_netfilter]
[ 176.303136] br_nf_forward+0x2b8/0x4e0 [br_netfilter]
[ 176.303359] nf_hook_slow+0x48/0x124
[ 176.303
---truncated---
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
11538d039ac6efcf4f1a6c536e1b87cd3668a9fd , < f07131239a76cc10d5e82c19d91f53cb55727297
(git)
Affected: 11538d039ac6efcf4f1a6c536e1b87cd3668a9fd , < 75dfcb758015c97e1accd6340691fca67d363bed (git) Affected: 11538d039ac6efcf4f1a6c536e1b87cd3668a9fd , < cce8419b8168f6e7eb637103a47f916f3de8bc81 (git) Affected: 11538d039ac6efcf4f1a6c536e1b87cd3668a9fd , < 95c0cff5a1a5d28bf623b92eb5d1a8f56ed30803 (git) Affected: 11538d039ac6efcf4f1a6c536e1b87cd3668a9fd , < 78ed917133b118661e1fe62d4a85d5d428ee9568 (git) Affected: 11538d039ac6efcf4f1a6c536e1b87cd3668a9fd , < 3453f5839420bfbb85c86c61e49f49ffd0f041c4 (git) Affected: 11538d039ac6efcf4f1a6c536e1b87cd3668a9fd , < 915717e0bb9837cc5c101bc545af487bd787239e (git) Affected: 11538d039ac6efcf4f1a6c536e1b87cd3668a9fd , < f9ff7665cd128012868098bbd07e28993e314fdb (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50045",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:24:15.720711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:43.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:24:51.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bridge/br_netfilter_hooks.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f07131239a76cc10d5e82c19d91f53cb55727297",
"status": "affected",
"version": "11538d039ac6efcf4f1a6c536e1b87cd3668a9fd",
"versionType": "git"
},
{
"lessThan": "75dfcb758015c97e1accd6340691fca67d363bed",
"status": "affected",
"version": "11538d039ac6efcf4f1a6c536e1b87cd3668a9fd",
"versionType": "git"
},
{
"lessThan": "cce8419b8168f6e7eb637103a47f916f3de8bc81",
"status": "affected",
"version": "11538d039ac6efcf4f1a6c536e1b87cd3668a9fd",
"versionType": "git"
},
{
"lessThan": "95c0cff5a1a5d28bf623b92eb5d1a8f56ed30803",
"status": "affected",
"version": "11538d039ac6efcf4f1a6c536e1b87cd3668a9fd",
"versionType": "git"
},
{
"lessThan": "78ed917133b118661e1fe62d4a85d5d428ee9568",
"status": "affected",
"version": "11538d039ac6efcf4f1a6c536e1b87cd3668a9fd",
"versionType": "git"
},
{
"lessThan": "3453f5839420bfbb85c86c61e49f49ffd0f041c4",
"status": "affected",
"version": "11538d039ac6efcf4f1a6c536e1b87cd3668a9fd",
"versionType": "git"
},
{
"lessThan": "915717e0bb9837cc5c101bc545af487bd787239e",
"status": "affected",
"version": "11538d039ac6efcf4f1a6c536e1b87cd3668a9fd",
"versionType": "git"
},
{
"lessThan": "f9ff7665cd128012868098bbd07e28993e314fdb",
"status": "affected",
"version": "11538d039ac6efcf4f1a6c536e1b87cd3668a9fd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bridge/br_netfilter_hooks.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.57",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.57",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.4",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: br_netfilter: fix panic with metadata_dst skb\n\nFix a kernel panic in the br_netfilter module when sending untagged\ntraffic via a VxLAN device.\nThis happens during the check for fragmentation in br_nf_dev_queue_xmit.\n\nIt is dependent on:\n1) the br_netfilter module being loaded;\n2) net.bridge.bridge-nf-call-iptables set to 1;\n3) a bridge with a VxLAN (single-vxlan-device) netdevice as a bridge port;\n4) untagged frames with size higher than the VxLAN MTU forwarded/flooded\n\nWhen forwarding the untagged packet to the VxLAN bridge port, before\nthe netfilter hooks are called, br_handle_egress_vlan_tunnel is called and\nchanges the skb_dst to the tunnel dst. The tunnel_dst is a metadata type\nof dst, i.e., skb_valid_dst(skb) is false, and metadata-\u003edst.dev is NULL.\n\nThen in the br_netfilter hooks, in br_nf_dev_queue_xmit, there\u0027s a check\nfor frames that needs to be fragmented: frames with higher MTU than the\nVxLAN device end up calling br_nf_ip_fragment, which in turns call\nip_skb_dst_mtu.\n\nThe ip_dst_mtu tries to use the skb_dst(skb) as if it was a valid dst\nwith valid dst-\u003edev, thus the crash.\n\nThis case was never supported in the first place, so drop the packet\ninstead.\n\nPING 10.0.0.2 (10.0.0.2) from 0.0.0.0 h1-eth0: 2000(2028) bytes of data.\n[ 176.291791] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000110\n[ 176.292101] Mem abort info:\n[ 176.292184] ESR = 0x0000000096000004\n[ 176.292322] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 176.292530] SET = 0, FnV = 0\n[ 176.292709] EA = 0, S1PTW = 0\n[ 176.292862] FSC = 0x04: level 0 translation fault\n[ 176.293013] Data abort info:\n[ 176.293104] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 176.293488] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 176.293787] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 176.293995] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000043ef5000\n[ 176.294166] [0000000000000110] pgd=0000000000000000,\np4d=0000000000000000\n[ 176.294827] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 176.295252] Modules linked in: vxlan ip6_udp_tunnel udp_tunnel veth\nbr_netfilter bridge stp llc ipv6 crct10dif_ce\n[ 176.295923] CPU: 0 PID: 188 Comm: ping Not tainted\n6.8.0-rc3-g5b3fbd61b9d1 #2\n[ 176.296314] Hardware name: linux,dummy-virt (DT)\n[ 176.296535] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS\nBTYPE=--)\n[ 176.296808] pc : br_nf_dev_queue_xmit+0x390/0x4ec [br_netfilter]\n[ 176.297382] lr : br_nf_dev_queue_xmit+0x2ac/0x4ec [br_netfilter]\n[ 176.297636] sp : ffff800080003630\n[ 176.297743] x29: ffff800080003630 x28: 0000000000000008 x27:\nffff6828c49ad9f8\n[ 176.298093] x26: ffff6828c49ad000 x25: 0000000000000000 x24:\n00000000000003e8\n[ 176.298430] x23: 0000000000000000 x22: ffff6828c4960b40 x21:\nffff6828c3b16d28\n[ 176.298652] x20: ffff6828c3167048 x19: ffff6828c3b16d00 x18:\n0000000000000014\n[ 176.298926] x17: ffffb0476322f000 x16: ffffb7e164023730 x15:\n0000000095744632\n[ 176.299296] x14: ffff6828c3f1c880 x13: 0000000000000002 x12:\nffffb7e137926a70\n[ 176.299574] x11: 0000000000000001 x10: ffff6828c3f1c898 x9 :\n0000000000000000\n[ 176.300049] x8 : ffff6828c49bf070 x7 : 0008460f18d5f20e x6 :\nf20e0100bebafeca\n[ 176.300302] x5 : ffff6828c7f918fe x4 : ffff6828c49bf070 x3 :\n0000000000000000\n[ 176.300586] x2 : 0000000000000000 x1 : ffff6828c3c7ad00 x0 :\nffff6828c7f918f0\n[ 176.300889] Call trace:\n[ 176.301123] br_nf_dev_queue_xmit+0x390/0x4ec [br_netfilter]\n[ 176.301411] br_nf_post_routing+0x2a8/0x3e4 [br_netfilter]\n[ 176.301703] nf_hook_slow+0x48/0x124\n[ 176.302060] br_forward_finish+0xc8/0xe8 [bridge]\n[ 176.302371] br_nf_hook_thresh+0x124/0x134 [br_netfilter]\n[ 176.302605] br_nf_forward_finish+0x118/0x22c [br_netfilter]\n[ 176.302824] br_nf_forward_ip.part.0+0x264/0x290 [br_netfilter]\n[ 176.303136] br_nf_forward+0x2b8/0x4e0 [br_netfilter]\n[ 176.303359] nf_hook_slow+0x48/0x124\n[ 176.303\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:44:41.802Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f07131239a76cc10d5e82c19d91f53cb55727297"
},
{
"url": "https://git.kernel.org/stable/c/75dfcb758015c97e1accd6340691fca67d363bed"
},
{
"url": "https://git.kernel.org/stable/c/cce8419b8168f6e7eb637103a47f916f3de8bc81"
},
{
"url": "https://git.kernel.org/stable/c/95c0cff5a1a5d28bf623b92eb5d1a8f56ed30803"
},
{
"url": "https://git.kernel.org/stable/c/78ed917133b118661e1fe62d4a85d5d428ee9568"
},
{
"url": "https://git.kernel.org/stable/c/3453f5839420bfbb85c86c61e49f49ffd0f041c4"
},
{
"url": "https://git.kernel.org/stable/c/915717e0bb9837cc5c101bc545af487bd787239e"
},
{
"url": "https://git.kernel.org/stable/c/f9ff7665cd128012868098bbd07e28993e314fdb"
}
],
"title": "netfilter: br_netfilter: fix panic with metadata_dst skb",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50045",
"datePublished": "2024-10-21T19:39:43.117Z",
"dateReserved": "2024-10-21T12:17:06.071Z",
"dateUpdated": "2025-11-03T22:24:51.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47748 (GCVE-0-2024-47748)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
vhost_vdpa: assign irq bypass producer token correctly
Summary
In the Linux kernel, the following vulnerability has been resolved:
vhost_vdpa: assign irq bypass producer token correctly
We used to call irq_bypass_unregister_producer() in
vhost_vdpa_setup_vq_irq() which is problematic as we don't know if the
token pointer is still valid or not.
Actually, we use the eventfd_ctx as the token so the life cycle of the
token should be bound to the VHOST_SET_VRING_CALL instead of
vhost_vdpa_setup_vq_irq() which could be called by set_status().
Fixing this by setting up irq bypass producer's token when handling
VHOST_SET_VRING_CALL and un-registering the producer before calling
vhost_vring_ioctl() to prevent a possible use after free as eventfd
could have been released in vhost_vring_ioctl(). And such registering
and unregistering will only be done if DRIVER_OK is set.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < 0c170b1e918b9afac25e2bbd01eaa2bfc0ece8c0
(git)
Affected: 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < 927a2580208e0f9b0b47b08f1c802b7233a7ba3c (git) Affected: 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < ec5f1b54ceb23475049ada6e7a43452cf4df88d1 (git) Affected: 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < ca64edd7ae93402af2596a952e0d94d545e2b9c0 (git) Affected: 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < fae9b1776f53aab93ab345bdbf653b991aed717d (git) Affected: 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < 7cf2fb51175cafe01df8c43fa15a06194a59c6e2 (git) Affected: 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < 02e9e9366fefe461719da5d173385b6685f70319 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:58:17.248658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:13.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:42.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/vhost/vdpa.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0c170b1e918b9afac25e2bbd01eaa2bfc0ece8c0",
"status": "affected",
"version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
"versionType": "git"
},
{
"lessThan": "927a2580208e0f9b0b47b08f1c802b7233a7ba3c",
"status": "affected",
"version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
"versionType": "git"
},
{
"lessThan": "ec5f1b54ceb23475049ada6e7a43452cf4df88d1",
"status": "affected",
"version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
"versionType": "git"
},
{
"lessThan": "ca64edd7ae93402af2596a952e0d94d545e2b9c0",
"status": "affected",
"version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
"versionType": "git"
},
{
"lessThan": "fae9b1776f53aab93ab345bdbf653b991aed717d",
"status": "affected",
"version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
"versionType": "git"
},
{
"lessThan": "7cf2fb51175cafe01df8c43fa15a06194a59c6e2",
"status": "affected",
"version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
"versionType": "git"
},
{
"lessThan": "02e9e9366fefe461719da5d173385b6685f70319",
"status": "affected",
"version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/vhost/vdpa.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost_vdpa: assign irq bypass producer token correctly\n\nWe used to call irq_bypass_unregister_producer() in\nvhost_vdpa_setup_vq_irq() which is problematic as we don\u0027t know if the\ntoken pointer is still valid or not.\n\nActually, we use the eventfd_ctx as the token so the life cycle of the\ntoken should be bound to the VHOST_SET_VRING_CALL instead of\nvhost_vdpa_setup_vq_irq() which could be called by set_status().\n\nFixing this by setting up irq bypass producer\u0027s token when handling\nVHOST_SET_VRING_CALL and un-registering the producer before calling\nvhost_vring_ioctl() to prevent a possible use after free as eventfd\ncould have been released in vhost_vring_ioctl(). And such registering\nand unregistering will only be done if DRIVER_OK is set."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:39:01.429Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0c170b1e918b9afac25e2bbd01eaa2bfc0ece8c0"
},
{
"url": "https://git.kernel.org/stable/c/927a2580208e0f9b0b47b08f1c802b7233a7ba3c"
},
{
"url": "https://git.kernel.org/stable/c/ec5f1b54ceb23475049ada6e7a43452cf4df88d1"
},
{
"url": "https://git.kernel.org/stable/c/ca64edd7ae93402af2596a952e0d94d545e2b9c0"
},
{
"url": "https://git.kernel.org/stable/c/fae9b1776f53aab93ab345bdbf653b991aed717d"
},
{
"url": "https://git.kernel.org/stable/c/7cf2fb51175cafe01df8c43fa15a06194a59c6e2"
},
{
"url": "https://git.kernel.org/stable/c/02e9e9366fefe461719da5d173385b6685f70319"
}
],
"title": "vhost_vdpa: assign irq bypass producer token correctly",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47748",
"datePublished": "2024-10-21T12:14:14.448Z",
"dateReserved": "2024-09-30T16:00:12.960Z",
"dateUpdated": "2025-11-03T22:21:42.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46817 (GCVE-0-2024-46817)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-11-03 22:19
VLAI?
EPSS
Title
drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6
[Why]
Coverity reports OVERRUN warning. Should abort amdgpu_dm
initialize.
[How]
Return failure to amdgpu_dm_init.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < d619b91d3c4af60ac422f1763ce53d721fb91262
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 754321ed63f0a4a31252ca72e0bd89a9e1888018 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 21bbb39863f10f5fb4bf772d15b07d5d13590e9d (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 28b515c458aa9c92bfcb99884c94713a5f471cea (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 94cb77700fa4ae6200486bfa0ba2ac547534afd2 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < d398c74c881dee695f6eb6138c9891644e1c3d9d (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 84723eb6068c50610c5c0893980d230d7afa2105 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:15:16.825068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:15:54.377Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:19:02.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d619b91d3c4af60ac422f1763ce53d721fb91262",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "754321ed63f0a4a31252ca72e0bd89a9e1888018",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "21bbb39863f10f5fb4bf772d15b07d5d13590e9d",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "28b515c458aa9c92bfcb99884c94713a5f471cea",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "94cb77700fa4ae6200486bfa0ba2ac547534afd2",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "d398c74c881dee695f6eb6138c9891644e1c3d9d",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "84723eb6068c50610c5c0893980d230d7afa2105",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.50",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.109",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.50",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6\n\n[Why]\nCoverity reports OVERRUN warning. Should abort amdgpu_dm\ninitialize.\n\n[How]\nReturn failure to amdgpu_dm_init."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:20:42.051Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d619b91d3c4af60ac422f1763ce53d721fb91262"
},
{
"url": "https://git.kernel.org/stable/c/754321ed63f0a4a31252ca72e0bd89a9e1888018"
},
{
"url": "https://git.kernel.org/stable/c/21bbb39863f10f5fb4bf772d15b07d5d13590e9d"
},
{
"url": "https://git.kernel.org/stable/c/28b515c458aa9c92bfcb99884c94713a5f471cea"
},
{
"url": "https://git.kernel.org/stable/c/94cb77700fa4ae6200486bfa0ba2ac547534afd2"
},
{
"url": "https://git.kernel.org/stable/c/d398c74c881dee695f6eb6138c9891644e1c3d9d"
},
{
"url": "https://git.kernel.org/stable/c/84723eb6068c50610c5c0893980d230d7afa2105"
}
],
"title": "drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46817",
"datePublished": "2024-09-27T12:35:58.517Z",
"dateReserved": "2024-09-11T15:12:18.284Z",
"dateUpdated": "2025-11-03T22:19:02.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49010 (GCVE-0-2022-49010)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
hwmon: (coretemp) Check for null before removing sysfs attrs
Summary
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (coretemp) Check for null before removing sysfs attrs
If coretemp_add_core() gets an error then pdata->core_data[indx]
is already NULL and has been kfreed. Don't pass that to
sysfs_remove_group() as that will crash in sysfs_remove_group().
[Shortened for readability]
[91854.020159] sysfs: cannot create duplicate filename '/devices/platform/coretemp.0/hwmon/hwmon2/temp20_label'
<cpu offline>
[91855.126115] BUG: kernel NULL pointer dereference, address: 0000000000000188
[91855.165103] #PF: supervisor read access in kernel mode
[91855.194506] #PF: error_code(0x0000) - not-present page
[91855.224445] PGD 0 P4D 0
[91855.238508] Oops: 0000 [#1] PREEMPT SMP PTI
...
[91855.342716] RIP: 0010:sysfs_remove_group+0xc/0x80
...
[91855.796571] Call Trace:
[91855.810524] coretemp_cpu_offline+0x12b/0x1dd [coretemp]
[91855.841738] ? coretemp_cpu_online+0x180/0x180 [coretemp]
[91855.871107] cpuhp_invoke_callback+0x105/0x4b0
[91855.893432] cpuhp_thread_fun+0x8e/0x150
...
Fix this by checking for NULL first.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
199e0de7f5df31a4fc485d4aaaf8a07718252ace , < fb503d077ff7b43913503eaf72995d1239028b99
(git)
Affected: 199e0de7f5df31a4fc485d4aaaf8a07718252ace , < 070d5ea4a0592a37ad96ce7f7b6b024f90bb009f (git) Affected: 199e0de7f5df31a4fc485d4aaaf8a07718252ace , < 280110db1a7d62ad635b103bafc3ae96e8bef75c (git) Affected: 199e0de7f5df31a4fc485d4aaaf8a07718252ace , < 89eecabe6a47403237f45aafd7d24f93cb973653 (git) Affected: 199e0de7f5df31a4fc485d4aaaf8a07718252ace , < f06e0cd01eab954bd5f2190c9faa79bb5357e05b (git) Affected: 199e0de7f5df31a4fc485d4aaaf8a07718252ace , < 7692700ac818866d138a8de555130a6e70e6ac16 (git) Affected: 199e0de7f5df31a4fc485d4aaaf8a07718252ace , < ae6c8b6e5d5628df1c475c0a8fca1465e205c95b (git) Affected: 199e0de7f5df31a4fc485d4aaaf8a07718252ace , < a89ff5f5cc64b9fe7a992cf56988fd36f56ca82a (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49010",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:13:58.658832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:38.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hwmon/coretemp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fb503d077ff7b43913503eaf72995d1239028b99",
"status": "affected",
"version": "199e0de7f5df31a4fc485d4aaaf8a07718252ace",
"versionType": "git"
},
{
"lessThan": "070d5ea4a0592a37ad96ce7f7b6b024f90bb009f",
"status": "affected",
"version": "199e0de7f5df31a4fc485d4aaaf8a07718252ace",
"versionType": "git"
},
{
"lessThan": "280110db1a7d62ad635b103bafc3ae96e8bef75c",
"status": "affected",
"version": "199e0de7f5df31a4fc485d4aaaf8a07718252ace",
"versionType": "git"
},
{
"lessThan": "89eecabe6a47403237f45aafd7d24f93cb973653",
"status": "affected",
"version": "199e0de7f5df31a4fc485d4aaaf8a07718252ace",
"versionType": "git"
},
{
"lessThan": "f06e0cd01eab954bd5f2190c9faa79bb5357e05b",
"status": "affected",
"version": "199e0de7f5df31a4fc485d4aaaf8a07718252ace",
"versionType": "git"
},
{
"lessThan": "7692700ac818866d138a8de555130a6e70e6ac16",
"status": "affected",
"version": "199e0de7f5df31a4fc485d4aaaf8a07718252ace",
"versionType": "git"
},
{
"lessThan": "ae6c8b6e5d5628df1c475c0a8fca1465e205c95b",
"status": "affected",
"version": "199e0de7f5df31a4fc485d4aaaf8a07718252ace",
"versionType": "git"
},
{
"lessThan": "a89ff5f5cc64b9fe7a992cf56988fd36f56ca82a",
"status": "affected",
"version": "199e0de7f5df31a4fc485d4aaaf8a07718252ace",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hwmon/coretemp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"lessThan": "3.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.335",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.301",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.335",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.301",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.268",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (coretemp) Check for null before removing sysfs attrs\n\nIf coretemp_add_core() gets an error then pdata-\u003ecore_data[indx]\nis already NULL and has been kfreed. Don\u0027t pass that to\nsysfs_remove_group() as that will crash in sysfs_remove_group().\n\n[Shortened for readability]\n[91854.020159] sysfs: cannot create duplicate filename \u0027/devices/platform/coretemp.0/hwmon/hwmon2/temp20_label\u0027\n\u003ccpu offline\u003e\n[91855.126115] BUG: kernel NULL pointer dereference, address: 0000000000000188\n[91855.165103] #PF: supervisor read access in kernel mode\n[91855.194506] #PF: error_code(0x0000) - not-present page\n[91855.224445] PGD 0 P4D 0\n[91855.238508] Oops: 0000 [#1] PREEMPT SMP PTI\n...\n[91855.342716] RIP: 0010:sysfs_remove_group+0xc/0x80\n...\n[91855.796571] Call Trace:\n[91855.810524] coretemp_cpu_offline+0x12b/0x1dd [coretemp]\n[91855.841738] ? coretemp_cpu_online+0x180/0x180 [coretemp]\n[91855.871107] cpuhp_invoke_callback+0x105/0x4b0\n[91855.893432] cpuhp_thread_fun+0x8e/0x150\n...\n\nFix this by checking for NULL first."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:59.253Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fb503d077ff7b43913503eaf72995d1239028b99"
},
{
"url": "https://git.kernel.org/stable/c/070d5ea4a0592a37ad96ce7f7b6b024f90bb009f"
},
{
"url": "https://git.kernel.org/stable/c/280110db1a7d62ad635b103bafc3ae96e8bef75c"
},
{
"url": "https://git.kernel.org/stable/c/89eecabe6a47403237f45aafd7d24f93cb973653"
},
{
"url": "https://git.kernel.org/stable/c/f06e0cd01eab954bd5f2190c9faa79bb5357e05b"
},
{
"url": "https://git.kernel.org/stable/c/7692700ac818866d138a8de555130a6e70e6ac16"
},
{
"url": "https://git.kernel.org/stable/c/ae6c8b6e5d5628df1c475c0a8fca1465e205c95b"
},
{
"url": "https://git.kernel.org/stable/c/a89ff5f5cc64b9fe7a992cf56988fd36f56ca82a"
}
],
"title": "hwmon: (coretemp) Check for null before removing sysfs attrs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49010",
"datePublished": "2024-10-21T20:06:21.423Z",
"dateReserved": "2024-08-22T01:27:53.644Z",
"dateUpdated": "2025-05-04T08:27:59.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47706 (GCVE-0-2024-47706)
Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
block, bfq: fix possible UAF for bfqq->bic with merge chain
Summary
In the Linux kernel, the following vulnerability has been resolved:
block, bfq: fix possible UAF for bfqq->bic with merge chain
1) initial state, three tasks:
Process 1 Process 2 Process 3
(BIC1) (BIC2) (BIC3)
| Λ | Λ | Λ
| | | | | |
V | V | V |
bfqq1 bfqq2 bfqq3
process ref: 1 1 1
2) bfqq1 merged to bfqq2:
Process 1 Process 2 Process 3
(BIC1) (BIC2) (BIC3)
| | | Λ
\--------------\| | |
V V |
bfqq1--------->bfqq2 bfqq3
process ref: 0 2 1
3) bfqq2 merged to bfqq3:
Process 1 Process 2 Process 3
(BIC1) (BIC2) (BIC3)
here -> Λ | |
\--------------\ \-------------\|
V V
bfqq1--------->bfqq2---------->bfqq3
process ref: 0 1 3
In this case, IO from Process 1 will get bfqq2 from BIC1 first, and then
get bfqq3 through merge chain, and finially handle IO by bfqq3.
Howerver, current code will think bfqq2 is owned by BIC1, like initial
state, and set bfqq2->bic to BIC1.
bfq_insert_request
-> by Process 1
bfqq = bfq_init_rq(rq)
bfqq = bfq_get_bfqq_handle_split
bfqq = bic_to_bfqq
-> get bfqq2 from BIC1
bfqq->ref++
rq->elv.priv[0] = bic
rq->elv.priv[1] = bfqq
if (bfqq_process_refs(bfqq) == 1)
bfqq->bic = bic
-> record BIC1 to bfqq2
__bfq_insert_request
new_bfqq = bfq_setup_cooperator
-> get bfqq3 from bfqq2->new_bfqq
bfqq_request_freed(bfqq)
new_bfqq->ref++
rq->elv.priv[1] = new_bfqq
-> handle IO by bfqq3
Fix the problem by checking bfqq is from merge chain fist. And this
might fix a following problem reported by our syzkaller(unreproducible):
==================================================================
BUG: KASAN: slab-use-after-free in bfq_do_early_stable_merge block/bfq-iosched.c:5692 [inline]
BUG: KASAN: slab-use-after-free in bfq_do_or_sched_stable_merge block/bfq-iosched.c:5805 [inline]
BUG: KASAN: slab-use-after-free in bfq_get_queue+0x25b0/0x2610 block/bfq-iosched.c:5889
Write of size 1 at addr ffff888123839eb8 by task kworker/0:1H/18595
CPU: 0 PID: 18595 Comm: kworker/0:1H Tainted: G L 6.6.0-07439-gba2303cacfda #6
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Workqueue: kblockd blk_mq_requeue_work
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:364 [inline]
print_report+0x10d/0x610 mm/kasan/report.c:475
kasan_report+0x8e/0xc0 mm/kasan/report.c:588
bfq_do_early_stable_merge block/bfq-iosched.c:5692 [inline]
bfq_do_or_sched_stable_merge block/bfq-iosched.c:5805 [inline]
bfq_get_queue+0x25b0/0x2610 block/bfq-iosched.c:5889
bfq_get_bfqq_handle_split+0x169/0x5d0 block/bfq-iosched.c:6757
bfq_init_rq block/bfq-iosched.c:6876 [inline]
bfq_insert_request block/bfq-iosched.c:6254 [inline]
bfq_insert_requests+0x1112/0x5cf0 block/bfq-iosched.c:6304
blk_mq_insert_request+0x290/0x8d0 block/blk-mq.c:2593
blk_mq_requeue_work+0x6bc/0xa70 block/blk-mq.c:1502
process_one_work kernel/workqueue.c:2627 [inline]
process_scheduled_works+0x432/0x13f0 kernel/workqueue.c:2700
worker_thread+0x6f2/0x1160 kernel/workqueue.c:2781
kthread+0x33c/0x440 kernel/kthread.c:388
ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:305
</TASK>
Allocated by task 20776:
kasan_save_stack+0x20/0x40 mm/kasan/common.c:45
kasan_set_track+0x25/0x30 mm/kasan/common.c:52
__kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328
kasan_slab_alloc include/linux/kasan.h:188 [inline]
slab_post_alloc_hook mm/slab.h:763 [inline]
slab_alloc_node mm/slub.c:3458 [inline]
kmem_cache_alloc_node+0x1a4/0x6f0 mm/slub.c:3503
ioc_create_icq block/blk-ioc.c:370 [inline]
---truncated---
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
36eca894832351feed9072d0f97eb06fc9482ca4 , < a9bdd5b36887d2bacb8bc777fd18317c99fc2587
(git)
Affected: 36eca894832351feed9072d0f97eb06fc9482ca4 , < bc2140534b2aae752e4f7cb4489642dbb5ec4777 (git) Affected: 36eca894832351feed9072d0f97eb06fc9482ca4 , < e1277ae780cca4e69ef5468d4582dfd48f0b8320 (git) Affected: 36eca894832351feed9072d0f97eb06fc9482ca4 , < 8aa9de02a4be2e7006e636816ce19b0d667ceaa3 (git) Affected: 36eca894832351feed9072d0f97eb06fc9482ca4 , < ddbdaad123254fb53e32480cb74a486a6868b1e0 (git) Affected: 36eca894832351feed9072d0f97eb06fc9482ca4 , < 7faed2896d78e48ec96229e73b30b0af6c00a9aa (git) Affected: 36eca894832351feed9072d0f97eb06fc9482ca4 , < 880692ee233ba63808182705b3333403413b58f5 (git) Affected: 36eca894832351feed9072d0f97eb06fc9482ca4 , < 6d130db286ad0ea392c96ebb2551acf0d7308048 (git) Affected: 36eca894832351feed9072d0f97eb06fc9482ca4 , < 18ad4df091dd5d067d2faa8fce1180b79f7041a7 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47706",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:03:53.838190Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:19.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:21:10.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/bfq-iosched.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a9bdd5b36887d2bacb8bc777fd18317c99fc2587",
"status": "affected",
"version": "36eca894832351feed9072d0f97eb06fc9482ca4",
"versionType": "git"
},
{
"lessThan": "bc2140534b2aae752e4f7cb4489642dbb5ec4777",
"status": "affected",
"version": "36eca894832351feed9072d0f97eb06fc9482ca4",
"versionType": "git"
},
{
"lessThan": "e1277ae780cca4e69ef5468d4582dfd48f0b8320",
"status": "affected",
"version": "36eca894832351feed9072d0f97eb06fc9482ca4",
"versionType": "git"
},
{
"lessThan": "8aa9de02a4be2e7006e636816ce19b0d667ceaa3",
"status": "affected",
"version": "36eca894832351feed9072d0f97eb06fc9482ca4",
"versionType": "git"
},
{
"lessThan": "ddbdaad123254fb53e32480cb74a486a6868b1e0",
"status": "affected",
"version": "36eca894832351feed9072d0f97eb06fc9482ca4",
"versionType": "git"
},
{
"lessThan": "7faed2896d78e48ec96229e73b30b0af6c00a9aa",
"status": "affected",
"version": "36eca894832351feed9072d0f97eb06fc9482ca4",
"versionType": "git"
},
{
"lessThan": "880692ee233ba63808182705b3333403413b58f5",
"status": "affected",
"version": "36eca894832351feed9072d0f97eb06fc9482ca4",
"versionType": "git"
},
{
"lessThan": "6d130db286ad0ea392c96ebb2551acf0d7308048",
"status": "affected",
"version": "36eca894832351feed9072d0f97eb06fc9482ca4",
"versionType": "git"
},
{
"lessThan": "18ad4df091dd5d067d2faa8fce1180b79f7041a7",
"status": "affected",
"version": "36eca894832351feed9072d0f97eb06fc9482ca4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/bfq-iosched.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix possible UAF for bfqq-\u003ebic with merge chain\n\n1) initial state, three tasks:\n\n\t\tProcess 1 Process 2\tProcess 3\n\t\t (BIC1) (BIC2)\t\t (BIC3)\n\t\t | \u039b | \u039b\t\t | \u039b\n\t\t | | | |\t\t | |\n\t\t V | V |\t\t V |\n\t\t bfqq1 bfqq2\t\t bfqq3\nprocess ref:\t 1\t\t 1\t\t 1\n\n2) bfqq1 merged to bfqq2:\n\n\t\tProcess 1 Process 2\tProcess 3\n\t\t (BIC1) (BIC2)\t\t (BIC3)\n\t\t | |\t\t | \u039b\n\t\t \\--------------\\|\t\t | |\n\t\t V\t\t V |\n\t\t bfqq1---------\u003ebfqq2\t\t bfqq3\nprocess ref:\t 0\t\t 2\t\t 1\n\n3) bfqq2 merged to bfqq3:\n\n\t\tProcess 1 Process 2\tProcess 3\n\t\t (BIC1) (BIC2)\t\t (BIC3)\n\t here -\u003e \u039b |\t\t |\n\t\t \\--------------\\ \\-------------\\|\n\t\t V\t\t V\n\t\t bfqq1---------\u003ebfqq2----------\u003ebfqq3\nprocess ref:\t 0\t\t 1\t\t 3\n\nIn this case, IO from Process 1 will get bfqq2 from BIC1 first, and then\nget bfqq3 through merge chain, and finially handle IO by bfqq3.\nHowerver, current code will think bfqq2 is owned by BIC1, like initial\nstate, and set bfqq2-\u003ebic to BIC1.\n\nbfq_insert_request\n-\u003e by Process 1\n bfqq = bfq_init_rq(rq)\n bfqq = bfq_get_bfqq_handle_split\n bfqq = bic_to_bfqq\n -\u003e get bfqq2 from BIC1\n bfqq-\u003eref++\n rq-\u003eelv.priv[0] = bic\n rq-\u003eelv.priv[1] = bfqq\n if (bfqq_process_refs(bfqq) == 1)\n bfqq-\u003ebic = bic\n -\u003e record BIC1 to bfqq2\n\n __bfq_insert_request\n new_bfqq = bfq_setup_cooperator\n -\u003e get bfqq3 from bfqq2-\u003enew_bfqq\n bfqq_request_freed(bfqq)\n new_bfqq-\u003eref++\n rq-\u003eelv.priv[1] = new_bfqq\n -\u003e handle IO by bfqq3\n\nFix the problem by checking bfqq is from merge chain fist. And this\nmight fix a following problem reported by our syzkaller(unreproducible):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in bfq_do_early_stable_merge block/bfq-iosched.c:5692 [inline]\nBUG: KASAN: slab-use-after-free in bfq_do_or_sched_stable_merge block/bfq-iosched.c:5805 [inline]\nBUG: KASAN: slab-use-after-free in bfq_get_queue+0x25b0/0x2610 block/bfq-iosched.c:5889\nWrite of size 1 at addr ffff888123839eb8 by task kworker/0:1H/18595\n\nCPU: 0 PID: 18595 Comm: kworker/0:1H Tainted: G L 6.6.0-07439-gba2303cacfda #6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nWorkqueue: kblockd blk_mq_requeue_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:364 [inline]\n print_report+0x10d/0x610 mm/kasan/report.c:475\n kasan_report+0x8e/0xc0 mm/kasan/report.c:588\n bfq_do_early_stable_merge block/bfq-iosched.c:5692 [inline]\n bfq_do_or_sched_stable_merge block/bfq-iosched.c:5805 [inline]\n bfq_get_queue+0x25b0/0x2610 block/bfq-iosched.c:5889\n bfq_get_bfqq_handle_split+0x169/0x5d0 block/bfq-iosched.c:6757\n bfq_init_rq block/bfq-iosched.c:6876 [inline]\n bfq_insert_request block/bfq-iosched.c:6254 [inline]\n bfq_insert_requests+0x1112/0x5cf0 block/bfq-iosched.c:6304\n blk_mq_insert_request+0x290/0x8d0 block/blk-mq.c:2593\n blk_mq_requeue_work+0x6bc/0xa70 block/blk-mq.c:1502\n process_one_work kernel/workqueue.c:2627 [inline]\n process_scheduled_works+0x432/0x13f0 kernel/workqueue.c:2700\n worker_thread+0x6f2/0x1160 kernel/workqueue.c:2781\n kthread+0x33c/0x440 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:305\n \u003c/TASK\u003e\n\nAllocated by task 20776:\n kasan_save_stack+0x20/0x40 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328\n kasan_slab_alloc include/linux/kasan.h:188 [inline]\n slab_post_alloc_hook mm/slab.h:763 [inline]\n slab_alloc_node mm/slub.c:3458 [inline]\n kmem_cache_alloc_node+0x1a4/0x6f0 mm/slub.c:3503\n ioc_create_icq block/blk-ioc.c:370 [inline]\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:37:55.250Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a9bdd5b36887d2bacb8bc777fd18317c99fc2587"
},
{
"url": "https://git.kernel.org/stable/c/bc2140534b2aae752e4f7cb4489642dbb5ec4777"
},
{
"url": "https://git.kernel.org/stable/c/e1277ae780cca4e69ef5468d4582dfd48f0b8320"
},
{
"url": "https://git.kernel.org/stable/c/8aa9de02a4be2e7006e636816ce19b0d667ceaa3"
},
{
"url": "https://git.kernel.org/stable/c/ddbdaad123254fb53e32480cb74a486a6868b1e0"
},
{
"url": "https://git.kernel.org/stable/c/7faed2896d78e48ec96229e73b30b0af6c00a9aa"
},
{
"url": "https://git.kernel.org/stable/c/880692ee233ba63808182705b3333403413b58f5"
},
{
"url": "https://git.kernel.org/stable/c/6d130db286ad0ea392c96ebb2551acf0d7308048"
},
{
"url": "https://git.kernel.org/stable/c/18ad4df091dd5d067d2faa8fce1180b79f7041a7"
}
],
"title": "block, bfq: fix possible UAF for bfqq-\u003ebic with merge chain",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47706",
"datePublished": "2024-10-21T11:53:40.759Z",
"dateReserved": "2024-09-30T16:00:12.946Z",
"dateUpdated": "2025-11-03T22:21:10.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48973 (GCVE-0-2022-48973)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
gpio: amd8111: Fix PCI device reference count leak
Summary
In the Linux kernel, the following vulnerability has been resolved:
gpio: amd8111: Fix PCI device reference count leak
for_each_pci_dev() is implemented by pci_get_device(). The comment of
pci_get_device() says that it will increase the reference count for the
returned pci_dev and also decrease the reference count for the input
pci_dev @from if it is not NULL.
If we break for_each_pci_dev() loop with pdev not NULL, we need to call
pci_dev_put() to decrease the reference count. Add the missing
pci_dev_put() after the 'out' label. Since pci_dev_put() can handle NULL
input parameter, there is no problem for the 'Device not found' branch.
For the normal path, add pci_dev_put() in amd_gpio_exit().
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
f942a7de047d8c599cc1a9a26293c8c7400450ea , < 4749c5cc147c9860b96db1e71cc36d1de1bd3f59
(git)
Affected: f942a7de047d8c599cc1a9a26293c8c7400450ea , < 71d591ef873f9ebb86cd8d053b3caee785b2de6a (git) Affected: f942a7de047d8c599cc1a9a26293c8c7400450ea , < b2bc053ebbba57a06fa655db5ea796de2edce445 (git) Affected: f942a7de047d8c599cc1a9a26293c8c7400450ea , < 48bd5d3801f6b67cc144449d434abbd5043a6d37 (git) Affected: f942a7de047d8c599cc1a9a26293c8c7400450ea , < 5ee6413d3dd972930af787b2c0c7aaeb379fa521 (git) Affected: f942a7de047d8c599cc1a9a26293c8c7400450ea , < 4271515f189bd5fe2ec86b4089dab7cb804625d2 (git) Affected: f942a7de047d8c599cc1a9a26293c8c7400450ea , < e364ce04d8f840478b09eee57b614de7cf1e743e (git) Affected: f942a7de047d8c599cc1a9a26293c8c7400450ea , < 45fecdb9f658d9c82960c98240bc0770ade19aca (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:18:53.419831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:37.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpio-amd8111.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4749c5cc147c9860b96db1e71cc36d1de1bd3f59",
"status": "affected",
"version": "f942a7de047d8c599cc1a9a26293c8c7400450ea",
"versionType": "git"
},
{
"lessThan": "71d591ef873f9ebb86cd8d053b3caee785b2de6a",
"status": "affected",
"version": "f942a7de047d8c599cc1a9a26293c8c7400450ea",
"versionType": "git"
},
{
"lessThan": "b2bc053ebbba57a06fa655db5ea796de2edce445",
"status": "affected",
"version": "f942a7de047d8c599cc1a9a26293c8c7400450ea",
"versionType": "git"
},
{
"lessThan": "48bd5d3801f6b67cc144449d434abbd5043a6d37",
"status": "affected",
"version": "f942a7de047d8c599cc1a9a26293c8c7400450ea",
"versionType": "git"
},
{
"lessThan": "5ee6413d3dd972930af787b2c0c7aaeb379fa521",
"status": "affected",
"version": "f942a7de047d8c599cc1a9a26293c8c7400450ea",
"versionType": "git"
},
{
"lessThan": "4271515f189bd5fe2ec86b4089dab7cb804625d2",
"status": "affected",
"version": "f942a7de047d8c599cc1a9a26293c8c7400450ea",
"versionType": "git"
},
{
"lessThan": "e364ce04d8f840478b09eee57b614de7cf1e743e",
"status": "affected",
"version": "f942a7de047d8c599cc1a9a26293c8c7400450ea",
"versionType": "git"
},
{
"lessThan": "45fecdb9f658d9c82960c98240bc0770ade19aca",
"status": "affected",
"version": "f942a7de047d8c599cc1a9a26293c8c7400450ea",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpio-amd8111.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.6"
},
{
"lessThan": "3.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.336",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.336",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.302",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.269",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: amd8111: Fix PCI device reference count leak\n\nfor_each_pci_dev() is implemented by pci_get_device(). The comment of\npci_get_device() says that it will increase the reference count for the\nreturned pci_dev and also decrease the reference count for the input\npci_dev @from if it is not NULL.\n\nIf we break for_each_pci_dev() loop with pdev not NULL, we need to call\npci_dev_put() to decrease the reference count. Add the missing\npci_dev_put() after the \u0027out\u0027 label. Since pci_dev_put() can handle NULL\ninput parameter, there is no problem for the \u0027Device not found\u0027 branch.\nFor the normal path, add pci_dev_put() in amd_gpio_exit()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:12.627Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4749c5cc147c9860b96db1e71cc36d1de1bd3f59"
},
{
"url": "https://git.kernel.org/stable/c/71d591ef873f9ebb86cd8d053b3caee785b2de6a"
},
{
"url": "https://git.kernel.org/stable/c/b2bc053ebbba57a06fa655db5ea796de2edce445"
},
{
"url": "https://git.kernel.org/stable/c/48bd5d3801f6b67cc144449d434abbd5043a6d37"
},
{
"url": "https://git.kernel.org/stable/c/5ee6413d3dd972930af787b2c0c7aaeb379fa521"
},
{
"url": "https://git.kernel.org/stable/c/4271515f189bd5fe2ec86b4089dab7cb804625d2"
},
{
"url": "https://git.kernel.org/stable/c/e364ce04d8f840478b09eee57b614de7cf1e743e"
},
{
"url": "https://git.kernel.org/stable/c/45fecdb9f658d9c82960c98240bc0770ade19aca"
}
],
"title": "gpio: amd8111: Fix PCI device reference count leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48973",
"datePublished": "2024-10-21T20:05:53.769Z",
"dateReserved": "2024-08-22T01:27:53.631Z",
"dateUpdated": "2025-05-04T08:27:12.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49020 (GCVE-0-2022-49020)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
net/9p: Fix a potential socket leak in p9_socket_open
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/9p: Fix a potential socket leak in p9_socket_open
Both p9_fd_create_tcp() and p9_fd_create_unix() will call
p9_socket_open(). If the creation of p9_trans_fd fails,
p9_fd_create_tcp() and p9_fd_create_unix() will return an
error directly instead of releasing the cscoket, which will
result in a socket leak.
This patch adds sock_release() to fix the leak issue.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
6b18662e239a032f908b7f6e164bdf7e2e0a32c9 , < 0396227f4daf4792a6a8aaa3b7771dc25c4cd443
(git)
Affected: 6b18662e239a032f908b7f6e164bdf7e2e0a32c9 , < ded893965b895b2dccd3d1436d8d3daffa23ea64 (git) Affected: 6b18662e239a032f908b7f6e164bdf7e2e0a32c9 , < 8b14bd0b500aec1458b51cb621c8e5fab3304260 (git) Affected: 6b18662e239a032f908b7f6e164bdf7e2e0a32c9 , < 2d24d91b9f44620824fc37b766f7cae00ca32748 (git) Affected: 6b18662e239a032f908b7f6e164bdf7e2e0a32c9 , < e01c1542379fb395e7da53706df598f38905dfbf (git) Affected: 6b18662e239a032f908b7f6e164bdf7e2e0a32c9 , < 8782b32ef867de7981bbe9e86ecb90e92e8780bd (git) Affected: 6b18662e239a032f908b7f6e164bdf7e2e0a32c9 , < aa08323fe18cb7cf95317ffa2d54ca1de8e74ebd (git) Affected: 6b18662e239a032f908b7f6e164bdf7e2e0a32c9 , < dcc14cfd7debe11b825cb077e75d91d2575b4cb8 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:12:42.990180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:37.309Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/9p/trans_fd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0396227f4daf4792a6a8aaa3b7771dc25c4cd443",
"status": "affected",
"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9",
"versionType": "git"
},
{
"lessThan": "ded893965b895b2dccd3d1436d8d3daffa23ea64",
"status": "affected",
"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9",
"versionType": "git"
},
{
"lessThan": "8b14bd0b500aec1458b51cb621c8e5fab3304260",
"status": "affected",
"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9",
"versionType": "git"
},
{
"lessThan": "2d24d91b9f44620824fc37b766f7cae00ca32748",
"status": "affected",
"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9",
"versionType": "git"
},
{
"lessThan": "e01c1542379fb395e7da53706df598f38905dfbf",
"status": "affected",
"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9",
"versionType": "git"
},
{
"lessThan": "8782b32ef867de7981bbe9e86ecb90e92e8780bd",
"status": "affected",
"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9",
"versionType": "git"
},
{
"lessThan": "aa08323fe18cb7cf95317ffa2d54ca1de8e74ebd",
"status": "affected",
"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9",
"versionType": "git"
},
{
"lessThan": "dcc14cfd7debe11b825cb077e75d91d2575b4cb8",
"status": "affected",
"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/9p/trans_fd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.33"
},
{
"lessThan": "2.6.33",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.335",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.301",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.335",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.301",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.268",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "2.6.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: Fix a potential socket leak in p9_socket_open\n\nBoth p9_fd_create_tcp() and p9_fd_create_unix() will call\np9_socket_open(). If the creation of p9_trans_fd fails,\np9_fd_create_tcp() and p9_fd_create_unix() will return an\nerror directly instead of releasing the cscoket, which will\nresult in a socket leak.\n\nThis patch adds sock_release() to fix the leak issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:13.138Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0396227f4daf4792a6a8aaa3b7771dc25c4cd443"
},
{
"url": "https://git.kernel.org/stable/c/ded893965b895b2dccd3d1436d8d3daffa23ea64"
},
{
"url": "https://git.kernel.org/stable/c/8b14bd0b500aec1458b51cb621c8e5fab3304260"
},
{
"url": "https://git.kernel.org/stable/c/2d24d91b9f44620824fc37b766f7cae00ca32748"
},
{
"url": "https://git.kernel.org/stable/c/e01c1542379fb395e7da53706df598f38905dfbf"
},
{
"url": "https://git.kernel.org/stable/c/8782b32ef867de7981bbe9e86ecb90e92e8780bd"
},
{
"url": "https://git.kernel.org/stable/c/aa08323fe18cb7cf95317ffa2d54ca1de8e74ebd"
},
{
"url": "https://git.kernel.org/stable/c/dcc14cfd7debe11b825cb077e75d91d2575b4cb8"
}
],
"title": "net/9p: Fix a potential socket leak in p9_socket_open",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49020",
"datePublished": "2024-10-21T20:06:27.976Z",
"dateReserved": "2024-08-22T01:27:53.649Z",
"dateUpdated": "2025-05-04T08:28:13.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49860 (GCVE-0-2024-49860)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:27 – Updated: 2025-11-03 22:22
VLAI?
EPSS
Title
ACPI: sysfs: validate return type of _STR method
Summary
In the Linux kernel, the following vulnerability has been resolved:
ACPI: sysfs: validate return type of _STR method
Only buffer objects are valid return values of _STR.
If something else is returned description_show() will access invalid
memory.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
d1efe3c324ead77d3f6cd85093b50f6bd2e17aba , < 92fd5209fc014405f63a7db79802ca4b01dc0c05
(git)
Affected: d1efe3c324ead77d3f6cd85093b50f6bd2e17aba , < 2364b6af90c6b6d8a4783e0d3481ca80af699554 (git) Affected: d1efe3c324ead77d3f6cd85093b50f6bd2e17aba , < 4b081991c4363e072e1748efed0bbec8a77daba5 (git) Affected: d1efe3c324ead77d3f6cd85093b50f6bd2e17aba , < 0cdfb9178a3bba843c95c2117c82c15f1a64b9ce (git) Affected: d1efe3c324ead77d3f6cd85093b50f6bd2e17aba , < 5c8d007c14aefc3f2ddf71e4c40713733dc827be (git) Affected: d1efe3c324ead77d3f6cd85093b50f6bd2e17aba , < f0921ecd4ddc14646bb5511f49db4d7d3b0829f0 (git) Affected: d1efe3c324ead77d3f6cd85093b50f6bd2e17aba , < f51e5a88f2e7224858b261546cf6b3037dfb1323 (git) Affected: d1efe3c324ead77d3f6cd85093b50f6bd2e17aba , < f51f711d36e61fbb87c67b524fd200e05172668d (git) Affected: d1efe3c324ead77d3f6cd85093b50f6bd2e17aba , < 4bb1e7d027413835b086aed35bc3f0713bc0f72b (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49860",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:55:46.676497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:10.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:30.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/acpi/device_sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "92fd5209fc014405f63a7db79802ca4b01dc0c05",
"status": "affected",
"version": "d1efe3c324ead77d3f6cd85093b50f6bd2e17aba",
"versionType": "git"
},
{
"lessThan": "2364b6af90c6b6d8a4783e0d3481ca80af699554",
"status": "affected",
"version": "d1efe3c324ead77d3f6cd85093b50f6bd2e17aba",
"versionType": "git"
},
{
"lessThan": "4b081991c4363e072e1748efed0bbec8a77daba5",
"status": "affected",
"version": "d1efe3c324ead77d3f6cd85093b50f6bd2e17aba",
"versionType": "git"
},
{
"lessThan": "0cdfb9178a3bba843c95c2117c82c15f1a64b9ce",
"status": "affected",
"version": "d1efe3c324ead77d3f6cd85093b50f6bd2e17aba",
"versionType": "git"
},
{
"lessThan": "5c8d007c14aefc3f2ddf71e4c40713733dc827be",
"status": "affected",
"version": "d1efe3c324ead77d3f6cd85093b50f6bd2e17aba",
"versionType": "git"
},
{
"lessThan": "f0921ecd4ddc14646bb5511f49db4d7d3b0829f0",
"status": "affected",
"version": "d1efe3c324ead77d3f6cd85093b50f6bd2e17aba",
"versionType": "git"
},
{
"lessThan": "f51e5a88f2e7224858b261546cf6b3037dfb1323",
"status": "affected",
"version": "d1efe3c324ead77d3f6cd85093b50f6bd2e17aba",
"versionType": "git"
},
{
"lessThan": "f51f711d36e61fbb87c67b524fd200e05172668d",
"status": "affected",
"version": "d1efe3c324ead77d3f6cd85093b50f6bd2e17aba",
"versionType": "git"
},
{
"lessThan": "4bb1e7d027413835b086aed35bc3f0713bc0f72b",
"status": "affected",
"version": "d1efe3c324ead77d3f6cd85093b50f6bd2e17aba",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/acpi/device_sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: sysfs: validate return type of _STR method\n\nOnly buffer objects are valid return values of _STR.\n\nIf something else is returned description_show() will access invalid\nmemory."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:39:44.814Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/92fd5209fc014405f63a7db79802ca4b01dc0c05"
},
{
"url": "https://git.kernel.org/stable/c/2364b6af90c6b6d8a4783e0d3481ca80af699554"
},
{
"url": "https://git.kernel.org/stable/c/4b081991c4363e072e1748efed0bbec8a77daba5"
},
{
"url": "https://git.kernel.org/stable/c/0cdfb9178a3bba843c95c2117c82c15f1a64b9ce"
},
{
"url": "https://git.kernel.org/stable/c/5c8d007c14aefc3f2ddf71e4c40713733dc827be"
},
{
"url": "https://git.kernel.org/stable/c/f0921ecd4ddc14646bb5511f49db4d7d3b0829f0"
},
{
"url": "https://git.kernel.org/stable/c/f51e5a88f2e7224858b261546cf6b3037dfb1323"
},
{
"url": "https://git.kernel.org/stable/c/f51f711d36e61fbb87c67b524fd200e05172668d"
},
{
"url": "https://git.kernel.org/stable/c/4bb1e7d027413835b086aed35bc3f0713bc0f72b"
}
],
"title": "ACPI: sysfs: validate return type of _STR method",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49860",
"datePublished": "2024-10-21T12:27:18.640Z",
"dateReserved": "2024-10-21T12:17:06.017Z",
"dateUpdated": "2025-11-03T22:22:30.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47383 (GCVE-0-2021-47383)
Vulnerability from cvelistv5 – Published: 2024-05-21 15:03 – Updated: 2025-12-18 11:37
VLAI?
EPSS
Title
tty: Fix out-of-bound vmalloc access in imageblit
Summary
In the Linux kernel, the following vulnerability has been resolved:
tty: Fix out-of-bound vmalloc access in imageblit
This issue happens when a userspace program does an ioctl
FBIOPUT_VSCREENINFO passing the fb_var_screeninfo struct
containing only the fields xres, yres, and bits_per_pixel
with values.
If this struct is the same as the previous ioctl, the
vc_resize() detects it and doesn't call the resize_screen(),
leaving the fb_var_screeninfo incomplete. And this leads to
the updatescrollmode() calculates a wrong value to
fbcon_display->vrows, which makes the real_y() return a
wrong value of y, and that value, eventually, causes
the imageblit to access an out-of-bound address value.
To solve this issue I made the resize_screen() be called
even if the screen does not need any resizing, so it will
"fix and fill" the fb_var_screeninfo independently.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7e71fcedfda6f7de18f850a6b36e78d78b04476f
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 70aed03b1d5a5df974f456cdc8eedb213c94bb8b (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 067c694d06040db6f0c65281bb358452ca6d85b9 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8a6a240f52e14356386030d8958ae8b1761d2325 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 883f7897a25e3ce14a7f274ca4c73f49ac84002a (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d570c48dd37dbe8fc6875d4461d01a9554ae2560 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 699d926585daa6ec44be556cdc1ab89e5d54557b (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3b0c406124719b625b1aba431659f5cdc24a982c (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47383",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:37:20.634635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:38:08.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:39:59.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e71fcedfda6f7de18f850a6b36e78d78b04476f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70aed03b1d5a5df974f456cdc8eedb213c94bb8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/067c694d06040db6f0c65281bb358452ca6d85b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a6a240f52e14356386030d8958ae8b1761d2325"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/883f7897a25e3ce14a7f274ca4c73f49ac84002a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d570c48dd37dbe8fc6875d4461d01a9554ae2560"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/699d926585daa6ec44be556cdc1ab89e5d54557b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3b0c406124719b625b1aba431659f5cdc24a982c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/vt/vt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7e71fcedfda6f7de18f850a6b36e78d78b04476f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "70aed03b1d5a5df974f456cdc8eedb213c94bb8b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "067c694d06040db6f0c65281bb358452ca6d85b9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8a6a240f52e14356386030d8958ae8b1761d2325",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "883f7897a25e3ce14a7f274ca4c73f49ac84002a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d570c48dd37dbe8fc6875d4461d01a9554ae2560",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "699d926585daa6ec44be556cdc1ab89e5d54557b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3b0c406124719b625b1aba431659f5cdc24a982c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/vt/vt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.286",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.71",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.14.*",
"status": "unaffected",
"version": "5.14.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.286",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.285",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.249",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.209",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.151",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.71",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14.10",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: Fix out-of-bound vmalloc access in imageblit\n\nThis issue happens when a userspace program does an ioctl\nFBIOPUT_VSCREENINFO passing the fb_var_screeninfo struct\ncontaining only the fields xres, yres, and bits_per_pixel\nwith values.\n\nIf this struct is the same as the previous ioctl, the\nvc_resize() detects it and doesn\u0027t call the resize_screen(),\nleaving the fb_var_screeninfo incomplete. And this leads to\nthe updatescrollmode() calculates a wrong value to\nfbcon_display-\u003evrows, which makes the real_y() return a\nwrong value of y, and that value, eventually, causes\nthe imageblit to access an out-of-bound address value.\n\nTo solve this issue I made the resize_screen() be called\neven if the screen does not need any resizing, so it will\n\"fix and fill\" the fb_var_screeninfo independently."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T11:37:17.172Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7e71fcedfda6f7de18f850a6b36e78d78b04476f"
},
{
"url": "https://git.kernel.org/stable/c/70aed03b1d5a5df974f456cdc8eedb213c94bb8b"
},
{
"url": "https://git.kernel.org/stable/c/067c694d06040db6f0c65281bb358452ca6d85b9"
},
{
"url": "https://git.kernel.org/stable/c/8a6a240f52e14356386030d8958ae8b1761d2325"
},
{
"url": "https://git.kernel.org/stable/c/883f7897a25e3ce14a7f274ca4c73f49ac84002a"
},
{
"url": "https://git.kernel.org/stable/c/d570c48dd37dbe8fc6875d4461d01a9554ae2560"
},
{
"url": "https://git.kernel.org/stable/c/699d926585daa6ec44be556cdc1ab89e5d54557b"
},
{
"url": "https://git.kernel.org/stable/c/3b0c406124719b625b1aba431659f5cdc24a982c"
}
],
"title": "tty: Fix out-of-bound vmalloc access in imageblit",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47383",
"datePublished": "2024-05-21T15:03:44.286Z",
"dateReserved": "2024-05-21T14:58:30.812Z",
"dateUpdated": "2025-12-18T11:37:17.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49962 (GCVE-0-2024-49962)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()
ACPICA commit 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0
ACPI_ALLOCATE_ZEROED() may fail, elements might be NULL and will cause
NULL pointer dereference later.
[ rjw: Subject and changelog edits ]
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
9957510255724c1c746c9a6264c849e9fdd4cd24 , < 4669da66ebc5b09881487f30669b0fcdb462188e
(git)
Affected: 9957510255724c1c746c9a6264c849e9fdd4cd24 , < 402b4c6b7500c7cca6972d2456a4a422801035b5 (git) Affected: 9957510255724c1c746c9a6264c849e9fdd4cd24 , < cbb67e245dacd02b5e1d82733892647df1523982 (git) Affected: 9957510255724c1c746c9a6264c849e9fdd4cd24 , < 1c9b8775062f8d854a80caf186af57fc617d454c (git) Affected: 9957510255724c1c746c9a6264c849e9fdd4cd24 , < f282db38953ad71dd4f3f8877a4e1d37e580e30a (git) Affected: 9957510255724c1c746c9a6264c849e9fdd4cd24 , < 4588ea78d3904bebb613b0bb025669e75800f546 (git) Affected: 9957510255724c1c746c9a6264c849e9fdd4cd24 , < a907c113a8b66972f15f084d7dff960207b1f71d (git) Affected: 9957510255724c1c746c9a6264c849e9fdd4cd24 , < ae5d4c7e76ba393d20366dfea1f39f24560ffb1d (git) Affected: 9957510255724c1c746c9a6264c849e9fdd4cd24 , < a5242874488eba2b9062985bf13743c029821330 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:34:59.044898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:47.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:44.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/acpi/acpica/dbconvert.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4669da66ebc5b09881487f30669b0fcdb462188e",
"status": "affected",
"version": "9957510255724c1c746c9a6264c849e9fdd4cd24",
"versionType": "git"
},
{
"lessThan": "402b4c6b7500c7cca6972d2456a4a422801035b5",
"status": "affected",
"version": "9957510255724c1c746c9a6264c849e9fdd4cd24",
"versionType": "git"
},
{
"lessThan": "cbb67e245dacd02b5e1d82733892647df1523982",
"status": "affected",
"version": "9957510255724c1c746c9a6264c849e9fdd4cd24",
"versionType": "git"
},
{
"lessThan": "1c9b8775062f8d854a80caf186af57fc617d454c",
"status": "affected",
"version": "9957510255724c1c746c9a6264c849e9fdd4cd24",
"versionType": "git"
},
{
"lessThan": "f282db38953ad71dd4f3f8877a4e1d37e580e30a",
"status": "affected",
"version": "9957510255724c1c746c9a6264c849e9fdd4cd24",
"versionType": "git"
},
{
"lessThan": "4588ea78d3904bebb613b0bb025669e75800f546",
"status": "affected",
"version": "9957510255724c1c746c9a6264c849e9fdd4cd24",
"versionType": "git"
},
{
"lessThan": "a907c113a8b66972f15f084d7dff960207b1f71d",
"status": "affected",
"version": "9957510255724c1c746c9a6264c849e9fdd4cd24",
"versionType": "git"
},
{
"lessThan": "ae5d4c7e76ba393d20366dfea1f39f24560ffb1d",
"status": "affected",
"version": "9957510255724c1c746c9a6264c849e9fdd4cd24",
"versionType": "git"
},
{
"lessThan": "a5242874488eba2b9062985bf13743c029821330",
"status": "affected",
"version": "9957510255724c1c746c9a6264c849e9fdd4cd24",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/acpi/acpica/dbconvert.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.4"
},
{
"lessThan": "4.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()\n\nACPICA commit 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0\n\nACPI_ALLOCATE_ZEROED() may fail, elements might be NULL and will cause\nNULL pointer dereference later.\n\n[ rjw: Subject and changelog edits ]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:31.808Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4669da66ebc5b09881487f30669b0fcdb462188e"
},
{
"url": "https://git.kernel.org/stable/c/402b4c6b7500c7cca6972d2456a4a422801035b5"
},
{
"url": "https://git.kernel.org/stable/c/cbb67e245dacd02b5e1d82733892647df1523982"
},
{
"url": "https://git.kernel.org/stable/c/1c9b8775062f8d854a80caf186af57fc617d454c"
},
{
"url": "https://git.kernel.org/stable/c/f282db38953ad71dd4f3f8877a4e1d37e580e30a"
},
{
"url": "https://git.kernel.org/stable/c/4588ea78d3904bebb613b0bb025669e75800f546"
},
{
"url": "https://git.kernel.org/stable/c/a907c113a8b66972f15f084d7dff960207b1f71d"
},
{
"url": "https://git.kernel.org/stable/c/ae5d4c7e76ba393d20366dfea1f39f24560ffb1d"
},
{
"url": "https://git.kernel.org/stable/c/a5242874488eba2b9062985bf13743c029821330"
}
],
"title": "ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49962",
"datePublished": "2024-10-21T18:02:14.418Z",
"dateReserved": "2024-10-21T12:17:06.049Z",
"dateUpdated": "2025-11-03T22:23:44.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26622 (GCVE-0-2024-26622)
Vulnerability from cvelistv5 – Published: 2024-03-04 06:40 – Updated: 2025-11-04 18:29
VLAI?
EPSS
Title
tomoyo: fix UAF write bug in tomoyo_write_control()
Summary
In the Linux kernel, the following vulnerability has been resolved:
tomoyo: fix UAF write bug in tomoyo_write_control()
Since tomoyo_write_control() updates head->write_buf when write()
of long lines is requested, we need to fetch head->write_buf after
head->io_sem is held. Otherwise, concurrent write() requests can
cause use-after-free-write and double-free problems.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
bd03a3e4c9a9df0c6b007045fa7fc8889111a478 , < a23ac1788e2c828c097119e9a3178f0b7e503fee
(git)
Affected: bd03a3e4c9a9df0c6b007045fa7fc8889111a478 , < 7d930a4da17958f869ef679ee0e4a8729337affc (git) Affected: bd03a3e4c9a9df0c6b007045fa7fc8889111a478 , < 3bfe04c1273d30b866f4c7c238331ed3b08e5824 (git) Affected: bd03a3e4c9a9df0c6b007045fa7fc8889111a478 , < 2caa605079488da9601099fbda460cfc1702839f (git) Affected: bd03a3e4c9a9df0c6b007045fa7fc8889111a478 , < 6edefe1b6c29a9932f558a898968a9fcbeec5711 (git) Affected: bd03a3e4c9a9df0c6b007045fa7fc8889111a478 , < 2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815 (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:29:54.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a23ac1788e2c828c097119e9a3178f0b7e503fee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7d930a4da17958f869ef679ee0e4a8729337affc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3bfe04c1273d30b866f4c7c238331ed3b08e5824"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2caa605079488da9601099fbda460cfc1702839f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6edefe1b6c29a9932f558a898968a9fcbeec5711"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:56:14.798653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:34.406Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"security/tomoyo/common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a23ac1788e2c828c097119e9a3178f0b7e503fee",
"status": "affected",
"version": "bd03a3e4c9a9df0c6b007045fa7fc8889111a478",
"versionType": "git"
},
{
"lessThan": "7d930a4da17958f869ef679ee0e4a8729337affc",
"status": "affected",
"version": "bd03a3e4c9a9df0c6b007045fa7fc8889111a478",
"versionType": "git"
},
{
"lessThan": "3bfe04c1273d30b866f4c7c238331ed3b08e5824",
"status": "affected",
"version": "bd03a3e4c9a9df0c6b007045fa7fc8889111a478",
"versionType": "git"
},
{
"lessThan": "2caa605079488da9601099fbda460cfc1702839f",
"status": "affected",
"version": "bd03a3e4c9a9df0c6b007045fa7fc8889111a478",
"versionType": "git"
},
{
"lessThan": "6edefe1b6c29a9932f558a898968a9fcbeec5711",
"status": "affected",
"version": "bd03a3e4c9a9df0c6b007045fa7fc8889111a478",
"versionType": "git"
},
{
"lessThan": "2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815",
"status": "affected",
"version": "bd03a3e4c9a9df0c6b007045fa7fc8889111a478",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"security/tomoyo/common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.1"
},
{
"lessThan": "3.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: fix UAF write bug in tomoyo_write_control()\n\nSince tomoyo_write_control() updates head-\u003ewrite_buf when write()\nof long lines is requested, we need to fetch head-\u003ewrite_buf after\nhead-\u003eio_sem is held. Otherwise, concurrent write() requests can\ncause use-after-free-write and double-free problems."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:31.663Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a23ac1788e2c828c097119e9a3178f0b7e503fee"
},
{
"url": "https://git.kernel.org/stable/c/7d930a4da17958f869ef679ee0e4a8729337affc"
},
{
"url": "https://git.kernel.org/stable/c/3bfe04c1273d30b866f4c7c238331ed3b08e5824"
},
{
"url": "https://git.kernel.org/stable/c/2caa605079488da9601099fbda460cfc1702839f"
},
{
"url": "https://git.kernel.org/stable/c/6edefe1b6c29a9932f558a898968a9fcbeec5711"
},
{
"url": "https://git.kernel.org/stable/c/2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815"
}
],
"title": "tomoyo: fix UAF write bug in tomoyo_write_control()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26622",
"datePublished": "2024-03-04T06:40:01.754Z",
"dateReserved": "2024-02-19T14:20:24.134Z",
"dateUpdated": "2025-11-04T18:29:54.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35905 (GCVE-0-2024-35905)
Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2025-05-04 12:56
VLAI?
EPSS
Title
bpf: Protect against int overflow for stack access size
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Protect against int overflow for stack access size
This patch re-introduces protection against the size of access to stack
memory being negative; the access size can appear negative as a result
of overflowing its signed int representation. This should not actually
happen, as there are other protections along the way, but we should
protect against it anyway. One code path was missing such protections
(fixed in the previous patch in the series), causing out-of-bounds array
accesses in check_stack_range_initialized(). This patch causes the
verification of a program with such a non-sensical access size to fail.
This check used to exist in a more indirect way, but was inadvertendly
removed in a833a17aeac7.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
afea95d319ccb4ad2060dece9ac5e2e364dec543 , < 9970e059af471478455f9534e8c3db82f8c5496d
(git)
Affected: 02962684258eb53f414a8a59854767be526e6abb , < 37dc1718dc0c4392dbfcb9adec22a776e745dd69 (git) Affected: b1d4d54d32ce6342f5faffe71bae736540ce7cb5 , < 98cdac206b112bec63852e94802791e316acc2c1 (git) Affected: 08b91babccbb168353f8d43fea0ed28a4cad568c , < 3f0784b2f1eb9147973d8c43ba085c5fdf44ff69 (git) Affected: a833a17aeac73b33f79433d7cee68d5cafd71e4f , < 203a68151e8eeb331d4a64ab78303f3a15faf103 (git) Affected: a833a17aeac73b33f79433d7cee68d5cafd71e4f , < ecc6a2101840177e57c925c102d2d29f260d37c8 (git) Affected: 1858b8a331937f3976d8482cd5f6e1f945294ad3 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:34:20.280116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:52.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9970e059af471478455f9534e8c3db82f8c5496d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/37dc1718dc0c4392dbfcb9adec22a776e745dd69"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98cdac206b112bec63852e94802791e316acc2c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f0784b2f1eb9147973d8c43ba085c5fdf44ff69"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/203a68151e8eeb331d4a64ab78303f3a15faf103"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ecc6a2101840177e57c925c102d2d29f260d37c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/verifier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9970e059af471478455f9534e8c3db82f8c5496d",
"status": "affected",
"version": "afea95d319ccb4ad2060dece9ac5e2e364dec543",
"versionType": "git"
},
{
"lessThan": "37dc1718dc0c4392dbfcb9adec22a776e745dd69",
"status": "affected",
"version": "02962684258eb53f414a8a59854767be526e6abb",
"versionType": "git"
},
{
"lessThan": "98cdac206b112bec63852e94802791e316acc2c1",
"status": "affected",
"version": "b1d4d54d32ce6342f5faffe71bae736540ce7cb5",
"versionType": "git"
},
{
"lessThan": "3f0784b2f1eb9147973d8c43ba085c5fdf44ff69",
"status": "affected",
"version": "08b91babccbb168353f8d43fea0ed28a4cad568c",
"versionType": "git"
},
{
"lessThan": "203a68151e8eeb331d4a64ab78303f3a15faf103",
"status": "affected",
"version": "a833a17aeac73b33f79433d7cee68d5cafd71e4f",
"versionType": "git"
},
{
"lessThan": "ecc6a2101840177e57c925c102d2d29f260d37c8",
"status": "affected",
"version": "a833a17aeac73b33f79433d7cee68d5cafd71e4f",
"versionType": "git"
},
{
"status": "affected",
"version": "1858b8a331937f3976d8482cd5f6e1f945294ad3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/verifier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.15.148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "6.1.75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "6.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Protect against int overflow for stack access size\n\nThis patch re-introduces protection against the size of access to stack\nmemory being negative; the access size can appear negative as a result\nof overflowing its signed int representation. This should not actually\nhappen, as there are other protections along the way, but we should\nprotect against it anyway. One code path was missing such protections\n(fixed in the previous patch in the series), causing out-of-bounds array\naccesses in check_stack_range_initialized(). This patch causes the\nverification of a program with such a non-sensical access size to fail.\n\nThis check used to exist in a more indirect way, but was inadvertendly\nremoved in a833a17aeac7."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:03.837Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9970e059af471478455f9534e8c3db82f8c5496d"
},
{
"url": "https://git.kernel.org/stable/c/37dc1718dc0c4392dbfcb9adec22a776e745dd69"
},
{
"url": "https://git.kernel.org/stable/c/98cdac206b112bec63852e94802791e316acc2c1"
},
{
"url": "https://git.kernel.org/stable/c/3f0784b2f1eb9147973d8c43ba085c5fdf44ff69"
},
{
"url": "https://git.kernel.org/stable/c/203a68151e8eeb331d4a64ab78303f3a15faf103"
},
{
"url": "https://git.kernel.org/stable/c/ecc6a2101840177e57c925c102d2d29f260d37c8"
}
],
"title": "bpf: Protect against int overflow for stack access size",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35905",
"datePublished": "2024-05-19T08:34:58.347Z",
"dateReserved": "2024-05-17T13:50:33.120Z",
"dateUpdated": "2025-05-04T12:56:03.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48958 (GCVE-0-2022-48958)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:26
VLAI?
EPSS
Title
ethernet: aeroflex: fix potential skb leak in greth_init_rings()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ethernet: aeroflex: fix potential skb leak in greth_init_rings()
The greth_init_rings() function won't free the newly allocated skb when
dma_mapping_error() returns error, so add dev_kfree_skb() to fix it.
Compile tested only.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
d4c41139df6e74c6fff0cbac43e51cab782133be , < 223654e2e2c8d05347cd8e300f8d1ec6023103dd
(git)
Affected: d4c41139df6e74c6fff0cbac43e51cab782133be , < cb1e293f858e5e1152b8791047ed4bdaaf392189 (git) Affected: d4c41139df6e74c6fff0cbac43e51cab782133be , < bfaa8f6c5b84b295dd73b0138b57c5555ca12b1c (git) Affected: d4c41139df6e74c6fff0cbac43e51cab782133be , < 99669d94ce145389f1d6f197e6e18ed50d43fb76 (git) Affected: d4c41139df6e74c6fff0cbac43e51cab782133be , < 87277bdf2c370ab2d07cfe77dfa9b37f82bbe1e5 (git) Affected: d4c41139df6e74c6fff0cbac43e51cab782133be , < c7adcbd0fd3fde1b19150c3e955fb4a30c5bd9b7 (git) Affected: d4c41139df6e74c6fff0cbac43e51cab782133be , < dd62867a6383f78f75f07039394aac25924a3307 (git) Affected: d4c41139df6e74c6fff0cbac43e51cab782133be , < 063a932b64db3317ec020c94466fe52923a15f60 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48958",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:20:45.568548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:39.583Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/aeroflex/greth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "223654e2e2c8d05347cd8e300f8d1ec6023103dd",
"status": "affected",
"version": "d4c41139df6e74c6fff0cbac43e51cab782133be",
"versionType": "git"
},
{
"lessThan": "cb1e293f858e5e1152b8791047ed4bdaaf392189",
"status": "affected",
"version": "d4c41139df6e74c6fff0cbac43e51cab782133be",
"versionType": "git"
},
{
"lessThan": "bfaa8f6c5b84b295dd73b0138b57c5555ca12b1c",
"status": "affected",
"version": "d4c41139df6e74c6fff0cbac43e51cab782133be",
"versionType": "git"
},
{
"lessThan": "99669d94ce145389f1d6f197e6e18ed50d43fb76",
"status": "affected",
"version": "d4c41139df6e74c6fff0cbac43e51cab782133be",
"versionType": "git"
},
{
"lessThan": "87277bdf2c370ab2d07cfe77dfa9b37f82bbe1e5",
"status": "affected",
"version": "d4c41139df6e74c6fff0cbac43e51cab782133be",
"versionType": "git"
},
{
"lessThan": "c7adcbd0fd3fde1b19150c3e955fb4a30c5bd9b7",
"status": "affected",
"version": "d4c41139df6e74c6fff0cbac43e51cab782133be",
"versionType": "git"
},
{
"lessThan": "dd62867a6383f78f75f07039394aac25924a3307",
"status": "affected",
"version": "d4c41139df6e74c6fff0cbac43e51cab782133be",
"versionType": "git"
},
{
"lessThan": "063a932b64db3317ec020c94466fe52923a15f60",
"status": "affected",
"version": "d4c41139df6e74c6fff0cbac43e51cab782133be",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/aeroflex/greth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.34"
},
{
"lessThan": "2.6.34",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.336",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.336",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.302",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.269",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "2.6.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nethernet: aeroflex: fix potential skb leak in greth_init_rings()\n\nThe greth_init_rings() function won\u0027t free the newly allocated skb when\ndma_mapping_error() returns error, so add dev_kfree_skb() to fix it.\n\nCompile tested only."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:56.189Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/223654e2e2c8d05347cd8e300f8d1ec6023103dd"
},
{
"url": "https://git.kernel.org/stable/c/cb1e293f858e5e1152b8791047ed4bdaaf392189"
},
{
"url": "https://git.kernel.org/stable/c/bfaa8f6c5b84b295dd73b0138b57c5555ca12b1c"
},
{
"url": "https://git.kernel.org/stable/c/99669d94ce145389f1d6f197e6e18ed50d43fb76"
},
{
"url": "https://git.kernel.org/stable/c/87277bdf2c370ab2d07cfe77dfa9b37f82bbe1e5"
},
{
"url": "https://git.kernel.org/stable/c/c7adcbd0fd3fde1b19150c3e955fb4a30c5bd9b7"
},
{
"url": "https://git.kernel.org/stable/c/dd62867a6383f78f75f07039394aac25924a3307"
},
{
"url": "https://git.kernel.org/stable/c/063a932b64db3317ec020c94466fe52923a15f60"
}
],
"title": "ethernet: aeroflex: fix potential skb leak in greth_init_rings()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48958",
"datePublished": "2024-10-21T20:05:43.778Z",
"dateReserved": "2024-08-22T01:27:53.627Z",
"dateUpdated": "2025-05-04T08:26:56.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49982 (GCVE-0-2024-49982)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:24
VLAI?
EPSS
Title
aoe: fix the potential use-after-free problem in more places
Summary
In the Linux kernel, the following vulnerability has been resolved:
aoe: fix the potential use-after-free problem in more places
For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potential
use-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put()
instead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs
into use-after-free.
Then Nicolai Stange found more places in aoe have potential use-after-free
problem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe()
and aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push
packet to tx queue. So they should also use dev_hold() to increase the
refcnt of skb->dev.
On the other hand, moving dev_put() to tx() causes that the refcnt of
skb->dev be reduced to a negative value, because corresponding
dev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(),
probe(), and aoecmd_cfg_rsp(). This patch fixed this issue.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
ad80c34944d7175fa1f5c7a55066020002921a99 , < 12f7b89dd72b25da4eeaa22097877963cad6418e
(git)
Affected: 1a54aa506b3b2f31496731039e49778f54eee881 , < a786265aecf39015418e4f930cc1c14603a01490 (git) Affected: faf0b4c5e00bb680e8e43ac936df24d3f48c8e65 , < f63461af2c1a86af4217910e47a5c46e3372e645 (git) Affected: 7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4 , < 07b418d50ccbbca7e5d87a3a0d41d436cefebf79 (git) Affected: 74ca3ef68d2f449bc848c0a814cefc487bf755fa , < bc2cbf7525ac288e07d465f5a1d8cb8fb9599254 (git) Affected: eb48680b0255a9e8a9bdc93d6a55b11c31262e62 , < acc5103a0a8c200a52af7d732c36a8477436a3d3 (git) Affected: f98364e926626c678fb4b9004b75cacf92ff0662 , < 89d9a69ae0c667e4d9d028028e2dcc837bae626f (git) Affected: f98364e926626c678fb4b9004b75cacf92ff0662 , < 8253a60c89ec35c8f36fb2cc08cdf854c7a3eb58 (git) Affected: f98364e926626c678fb4b9004b75cacf92ff0662 , < 6d6e54fc71ad1ab0a87047fd9c211e75d86084a3 (git) Affected: 079cba4f4e307c69878226fdf5228c20aa1c969c (git) Affected: a16fbb80064634b254520a46395e36b87ca4731e (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49982",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:32:22.974285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:44.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:24:03.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/block/aoe/aoecmd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "12f7b89dd72b25da4eeaa22097877963cad6418e",
"status": "affected",
"version": "ad80c34944d7175fa1f5c7a55066020002921a99",
"versionType": "git"
},
{
"lessThan": "a786265aecf39015418e4f930cc1c14603a01490",
"status": "affected",
"version": "1a54aa506b3b2f31496731039e49778f54eee881",
"versionType": "git"
},
{
"lessThan": "f63461af2c1a86af4217910e47a5c46e3372e645",
"status": "affected",
"version": "faf0b4c5e00bb680e8e43ac936df24d3f48c8e65",
"versionType": "git"
},
{
"lessThan": "07b418d50ccbbca7e5d87a3a0d41d436cefebf79",
"status": "affected",
"version": "7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4",
"versionType": "git"
},
{
"lessThan": "bc2cbf7525ac288e07d465f5a1d8cb8fb9599254",
"status": "affected",
"version": "74ca3ef68d2f449bc848c0a814cefc487bf755fa",
"versionType": "git"
},
{
"lessThan": "acc5103a0a8c200a52af7d732c36a8477436a3d3",
"status": "affected",
"version": "eb48680b0255a9e8a9bdc93d6a55b11c31262e62",
"versionType": "git"
},
{
"lessThan": "89d9a69ae0c667e4d9d028028e2dcc837bae626f",
"status": "affected",
"version": "f98364e926626c678fb4b9004b75cacf92ff0662",
"versionType": "git"
},
{
"lessThan": "8253a60c89ec35c8f36fb2cc08cdf854c7a3eb58",
"status": "affected",
"version": "f98364e926626c678fb4b9004b75cacf92ff0662",
"versionType": "git"
},
{
"lessThan": "6d6e54fc71ad1ab0a87047fd9c211e75d86084a3",
"status": "affected",
"version": "f98364e926626c678fb4b9004b75cacf92ff0662",
"versionType": "git"
},
{
"status": "affected",
"version": "079cba4f4e307c69878226fdf5228c20aa1c969c",
"versionType": "git"
},
{
"status": "affected",
"version": "a16fbb80064634b254520a46395e36b87ca4731e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/block/aoe/aoecmd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.19.311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "5.4.273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.10.214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.15.153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "6.1.83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "6.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: fix the potential use-after-free problem in more places\n\nFor fixing CVE-2023-6270, f98364e92662 (\"aoe: fix the potential\nuse-after-free problem in aoecmd_cfg_pkts\") makes tx() calling dev_put()\ninstead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs\ninto use-after-free.\n\nThen Nicolai Stange found more places in aoe have potential use-after-free\nproblem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe()\nand aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push\npacket to tx queue. So they should also use dev_hold() to increase the\nrefcnt of skb-\u003edev.\n\nOn the other hand, moving dev_put() to tx() causes that the refcnt of\nskb-\u003edev be reduced to a negative value, because corresponding\ndev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(),\nprobe(), and aoecmd_cfg_rsp(). This patch fixed this issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:59:17.641Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/12f7b89dd72b25da4eeaa22097877963cad6418e"
},
{
"url": "https://git.kernel.org/stable/c/a786265aecf39015418e4f930cc1c14603a01490"
},
{
"url": "https://git.kernel.org/stable/c/f63461af2c1a86af4217910e47a5c46e3372e645"
},
{
"url": "https://git.kernel.org/stable/c/07b418d50ccbbca7e5d87a3a0d41d436cefebf79"
},
{
"url": "https://git.kernel.org/stable/c/bc2cbf7525ac288e07d465f5a1d8cb8fb9599254"
},
{
"url": "https://git.kernel.org/stable/c/acc5103a0a8c200a52af7d732c36a8477436a3d3"
},
{
"url": "https://git.kernel.org/stable/c/89d9a69ae0c667e4d9d028028e2dcc837bae626f"
},
{
"url": "https://git.kernel.org/stable/c/8253a60c89ec35c8f36fb2cc08cdf854c7a3eb58"
},
{
"url": "https://git.kernel.org/stable/c/6d6e54fc71ad1ab0a87047fd9c211e75d86084a3"
}
],
"title": "aoe: fix the potential use-after-free problem in more places",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49982",
"datePublished": "2024-10-21T18:02:27.820Z",
"dateReserved": "2024-10-21T12:17:06.052Z",
"dateUpdated": "2025-11-03T22:24:03.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47589 (GCVE-0-2021-47589)
Vulnerability from cvelistv5 – Published: 2024-06-19 14:53 – Updated: 2025-05-04 07:14
VLAI?
EPSS
Title
igbvf: fix double free in `igbvf_probe`
Summary
In the Linux kernel, the following vulnerability has been resolved:
igbvf: fix double free in `igbvf_probe`
In `igbvf_probe`, if register_netdev() fails, the program will go to
label err_hw_init, and then to label err_ioremap. In free_netdev() which
is just below label err_ioremap, there is `list_for_each_entry_safe` and
`netif_napi_del` which aims to delete all entries in `dev->napi_list`.
The program has added an entry `adapter->rx_ring->napi` which is added by
`netif_napi_add` in igbvf_alloc_queues(). However, adapter->rx_ring has
been freed below label err_hw_init. So this a UAF.
In terms of how to patch the problem, we can refer to igbvf_remove() and
delete the entry before `adapter->rx_ring`.
The KASAN logs are as follows:
[ 35.126075] BUG: KASAN: use-after-free in free_netdev+0x1fd/0x450
[ 35.127170] Read of size 8 at addr ffff88810126d990 by task modprobe/366
[ 35.128360]
[ 35.128643] CPU: 1 PID: 366 Comm: modprobe Not tainted 5.15.0-rc2+ #14
[ 35.129789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[ 35.131749] Call Trace:
[ 35.132199] dump_stack_lvl+0x59/0x7b
[ 35.132865] print_address_description+0x7c/0x3b0
[ 35.133707] ? free_netdev+0x1fd/0x450
[ 35.134378] __kasan_report+0x160/0x1c0
[ 35.135063] ? free_netdev+0x1fd/0x450
[ 35.135738] kasan_report+0x4b/0x70
[ 35.136367] free_netdev+0x1fd/0x450
[ 35.137006] igbvf_probe+0x121d/0x1a10 [igbvf]
[ 35.137808] ? igbvf_vlan_rx_add_vid+0x100/0x100 [igbvf]
[ 35.138751] local_pci_probe+0x13c/0x1f0
[ 35.139461] pci_device_probe+0x37e/0x6c0
[ 35.165526]
[ 35.165806] Allocated by task 366:
[ 35.166414] ____kasan_kmalloc+0xc4/0xf0
[ 35.167117] foo_kmem_cache_alloc_trace+0x3c/0x50 [igbvf]
[ 35.168078] igbvf_probe+0x9c5/0x1a10 [igbvf]
[ 35.168866] local_pci_probe+0x13c/0x1f0
[ 35.169565] pci_device_probe+0x37e/0x6c0
[ 35.179713]
[ 35.179993] Freed by task 366:
[ 35.180539] kasan_set_track+0x4c/0x80
[ 35.181211] kasan_set_free_info+0x1f/0x40
[ 35.181942] ____kasan_slab_free+0x103/0x140
[ 35.182703] kfree+0xe3/0x250
[ 35.183239] igbvf_probe+0x1173/0x1a10 [igbvf]
[ 35.184040] local_pci_probe+0x13c/0x1f0
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
d4e0fe01a38a073568aee541a0247fe734095979 , < ffe1695b678729edec04037e691007900a2b2beb
(git)
Affected: d4e0fe01a38a073568aee541a0247fe734095979 , < 79d9b092035dcdbe636b70433149df9cc6db1e49 (git) Affected: d4e0fe01a38a073568aee541a0247fe734095979 , < 8d0c927a9fb2b4065230936b77b54f857a3754fc (git) Affected: d4e0fe01a38a073568aee541a0247fe734095979 , < cc9b655bb84f1be283293dfea94dff9a31b106ac (git) Affected: d4e0fe01a38a073568aee541a0247fe734095979 , < 8addba6cab94ce01686ea2e80ed1530f9dc33a9a (git) Affected: d4e0fe01a38a073568aee541a0247fe734095979 , < 74a16e062b23332d8db017ff4a41e16279c44411 (git) Affected: d4e0fe01a38a073568aee541a0247fe734095979 , < 944b8be08131f5faf2cd2440aa1c24a39a163a54 (git) Affected: d4e0fe01a38a073568aee541a0247fe734095979 , < b6d335a60dc624c0d279333b22c737faa765b028 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T17:58:29.700241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T17:58:40.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:39:59.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ffe1695b678729edec04037e691007900a2b2beb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79d9b092035dcdbe636b70433149df9cc6db1e49"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d0c927a9fb2b4065230936b77b54f857a3754fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cc9b655bb84f1be283293dfea94dff9a31b106ac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8addba6cab94ce01686ea2e80ed1530f9dc33a9a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/74a16e062b23332d8db017ff4a41e16279c44411"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/944b8be08131f5faf2cd2440aa1c24a39a163a54"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6d335a60dc624c0d279333b22c737faa765b028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/igbvf/netdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ffe1695b678729edec04037e691007900a2b2beb",
"status": "affected",
"version": "d4e0fe01a38a073568aee541a0247fe734095979",
"versionType": "git"
},
{
"lessThan": "79d9b092035dcdbe636b70433149df9cc6db1e49",
"status": "affected",
"version": "d4e0fe01a38a073568aee541a0247fe734095979",
"versionType": "git"
},
{
"lessThan": "8d0c927a9fb2b4065230936b77b54f857a3754fc",
"status": "affected",
"version": "d4e0fe01a38a073568aee541a0247fe734095979",
"versionType": "git"
},
{
"lessThan": "cc9b655bb84f1be283293dfea94dff9a31b106ac",
"status": "affected",
"version": "d4e0fe01a38a073568aee541a0247fe734095979",
"versionType": "git"
},
{
"lessThan": "8addba6cab94ce01686ea2e80ed1530f9dc33a9a",
"status": "affected",
"version": "d4e0fe01a38a073568aee541a0247fe734095979",
"versionType": "git"
},
{
"lessThan": "74a16e062b23332d8db017ff4a41e16279c44411",
"status": "affected",
"version": "d4e0fe01a38a073568aee541a0247fe734095979",
"versionType": "git"
},
{
"lessThan": "944b8be08131f5faf2cd2440aa1c24a39a163a54",
"status": "affected",
"version": "d4e0fe01a38a073568aee541a0247fe734095979",
"versionType": "git"
},
{
"lessThan": "b6d335a60dc624c0d279333b22c737faa765b028",
"status": "affected",
"version": "d4e0fe01a38a073568aee541a0247fe734095979",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/igbvf/netdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.296",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.294",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.259",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.296",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.294",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.259",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.222",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.168",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.88",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.11",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigbvf: fix double free in `igbvf_probe`\n\nIn `igbvf_probe`, if register_netdev() fails, the program will go to\nlabel err_hw_init, and then to label err_ioremap. In free_netdev() which\nis just below label err_ioremap, there is `list_for_each_entry_safe` and\n`netif_napi_del` which aims to delete all entries in `dev-\u003enapi_list`.\nThe program has added an entry `adapter-\u003erx_ring-\u003enapi` which is added by\n`netif_napi_add` in igbvf_alloc_queues(). However, adapter-\u003erx_ring has\nbeen freed below label err_hw_init. So this a UAF.\n\nIn terms of how to patch the problem, we can refer to igbvf_remove() and\ndelete the entry before `adapter-\u003erx_ring`.\n\nThe KASAN logs are as follows:\n\n[ 35.126075] BUG: KASAN: use-after-free in free_netdev+0x1fd/0x450\n[ 35.127170] Read of size 8 at addr ffff88810126d990 by task modprobe/366\n[ 35.128360]\n[ 35.128643] CPU: 1 PID: 366 Comm: modprobe Not tainted 5.15.0-rc2+ #14\n[ 35.129789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014\n[ 35.131749] Call Trace:\n[ 35.132199] dump_stack_lvl+0x59/0x7b\n[ 35.132865] print_address_description+0x7c/0x3b0\n[ 35.133707] ? free_netdev+0x1fd/0x450\n[ 35.134378] __kasan_report+0x160/0x1c0\n[ 35.135063] ? free_netdev+0x1fd/0x450\n[ 35.135738] kasan_report+0x4b/0x70\n[ 35.136367] free_netdev+0x1fd/0x450\n[ 35.137006] igbvf_probe+0x121d/0x1a10 [igbvf]\n[ 35.137808] ? igbvf_vlan_rx_add_vid+0x100/0x100 [igbvf]\n[ 35.138751] local_pci_probe+0x13c/0x1f0\n[ 35.139461] pci_device_probe+0x37e/0x6c0\n[ 35.165526]\n[ 35.165806] Allocated by task 366:\n[ 35.166414] ____kasan_kmalloc+0xc4/0xf0\n[ 35.167117] foo_kmem_cache_alloc_trace+0x3c/0x50 [igbvf]\n[ 35.168078] igbvf_probe+0x9c5/0x1a10 [igbvf]\n[ 35.168866] local_pci_probe+0x13c/0x1f0\n[ 35.169565] pci_device_probe+0x37e/0x6c0\n[ 35.179713]\n[ 35.179993] Freed by task 366:\n[ 35.180539] kasan_set_track+0x4c/0x80\n[ 35.181211] kasan_set_free_info+0x1f/0x40\n[ 35.181942] ____kasan_slab_free+0x103/0x140\n[ 35.182703] kfree+0xe3/0x250\n[ 35.183239] igbvf_probe+0x1173/0x1a10 [igbvf]\n[ 35.184040] local_pci_probe+0x13c/0x1f0"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:14:15.834Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ffe1695b678729edec04037e691007900a2b2beb"
},
{
"url": "https://git.kernel.org/stable/c/79d9b092035dcdbe636b70433149df9cc6db1e49"
},
{
"url": "https://git.kernel.org/stable/c/8d0c927a9fb2b4065230936b77b54f857a3754fc"
},
{
"url": "https://git.kernel.org/stable/c/cc9b655bb84f1be283293dfea94dff9a31b106ac"
},
{
"url": "https://git.kernel.org/stable/c/8addba6cab94ce01686ea2e80ed1530f9dc33a9a"
},
{
"url": "https://git.kernel.org/stable/c/74a16e062b23332d8db017ff4a41e16279c44411"
},
{
"url": "https://git.kernel.org/stable/c/944b8be08131f5faf2cd2440aa1c24a39a163a54"
},
{
"url": "https://git.kernel.org/stable/c/b6d335a60dc624c0d279333b22c737faa765b028"
}
],
"title": "igbvf: fix double free in `igbvf_probe`",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47589",
"datePublished": "2024-06-19T14:53:53.565Z",
"dateReserved": "2024-05-24T15:11:00.732Z",
"dateUpdated": "2025-05-04T07:14:15.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46814 (GCVE-0-2024-46814)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-11-03 22:18
VLAI?
EPSS
Title
drm/amd/display: Check msg_id before processing transcation
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check msg_id before processing transcation
[WHY & HOW]
HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid
array index, and it needs checking before used.
This fixes 4 OVERRUN issues reported by Coverity.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
4c283fdac08abf3211533f70623c90a34f41d08d , < 916083054670060023d3f8a8ace895d710e268f4
(git)
Affected: 4c283fdac08abf3211533f70623c90a34f41d08d , < fe63daf7b10253b0faaa60c55d6153cd276927aa (git) Affected: 4c283fdac08abf3211533f70623c90a34f41d08d , < 0147505f08220c89b3a9c90eb608191276e263a8 (git) Affected: 4c283fdac08abf3211533f70623c90a34f41d08d , < cb63090a17d3abb87f132851fa3711281249b7d2 (git) Affected: 4c283fdac08abf3211533f70623c90a34f41d08d , < 6590643c5de74098d27933b7d224d5ac065d7755 (git) Affected: 4c283fdac08abf3211533f70623c90a34f41d08d , < fa71face755e27dc44bc296416ebdf2c67163316 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:18:22.999076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:18:35.019Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:18:56.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "916083054670060023d3f8a8ace895d710e268f4",
"status": "affected",
"version": "4c283fdac08abf3211533f70623c90a34f41d08d",
"versionType": "git"
},
{
"lessThan": "fe63daf7b10253b0faaa60c55d6153cd276927aa",
"status": "affected",
"version": "4c283fdac08abf3211533f70623c90a34f41d08d",
"versionType": "git"
},
{
"lessThan": "0147505f08220c89b3a9c90eb608191276e263a8",
"status": "affected",
"version": "4c283fdac08abf3211533f70623c90a34f41d08d",
"versionType": "git"
},
{
"lessThan": "cb63090a17d3abb87f132851fa3711281249b7d2",
"status": "affected",
"version": "4c283fdac08abf3211533f70623c90a34f41d08d",
"versionType": "git"
},
{
"lessThan": "6590643c5de74098d27933b7d224d5ac065d7755",
"status": "affected",
"version": "4c283fdac08abf3211533f70623c90a34f41d08d",
"versionType": "git"
},
{
"lessThan": "fa71face755e27dc44bc296416ebdf2c67163316",
"status": "affected",
"version": "4c283fdac08abf3211533f70623c90a34f41d08d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.50",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.109",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.50",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check msg_id before processing transcation\n\n[WHY \u0026 HOW]\nHDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid\narray index, and it needs checking before used.\n\nThis fixes 4 OVERRUN issues reported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:16.245Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/916083054670060023d3f8a8ace895d710e268f4"
},
{
"url": "https://git.kernel.org/stable/c/fe63daf7b10253b0faaa60c55d6153cd276927aa"
},
{
"url": "https://git.kernel.org/stable/c/0147505f08220c89b3a9c90eb608191276e263a8"
},
{
"url": "https://git.kernel.org/stable/c/cb63090a17d3abb87f132851fa3711281249b7d2"
},
{
"url": "https://git.kernel.org/stable/c/6590643c5de74098d27933b7d224d5ac065d7755"
},
{
"url": "https://git.kernel.org/stable/c/fa71face755e27dc44bc296416ebdf2c67163316"
}
],
"title": "drm/amd/display: Check msg_id before processing transcation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46814",
"datePublished": "2024-09-27T12:35:56.434Z",
"dateReserved": "2024-09-11T15:12:18.283Z",
"dateUpdated": "2025-11-03T22:18:56.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46841 (GCVE-0-2024-46841)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:39 – Updated: 2026-01-05 10:53
VLAI?
EPSS
Title
btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()
We handle errors here properly, ENOMEM isn't fatal, return the error.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
2c47e605a91dde6b0514f689645e7ab336c8592a , < c1406d8329f500e4594cd9730cd313aebc3a4333
(git)
Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 6a0648f96c3ca647c71c6c1ddbc7c353bab79f64 (git) Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 44a2c518ab221c0cadcb8c45ca86f83a52dd4da6 (git) Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 135b4819f6fba87fd5a2693023133e78ac73f1d3 (git) Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 704c359b4093a2af650a20eaa030c435d7c30f91 (git) Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < a580fb2c3479d993556e1c31b237c9e5be4944a3 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T13:59:30.938920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T13:59:35.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:39:20.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/extent-tree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c1406d8329f500e4594cd9730cd313aebc3a4333",
"status": "affected",
"version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
"versionType": "git"
},
{
"lessThan": "6a0648f96c3ca647c71c6c1ddbc7c353bab79f64",
"status": "affected",
"version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
"versionType": "git"
},
{
"lessThan": "44a2c518ab221c0cadcb8c45ca86f83a52dd4da6",
"status": "affected",
"version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
"versionType": "git"
},
{
"lessThan": "135b4819f6fba87fd5a2693023133e78ac73f1d3",
"status": "affected",
"version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
"versionType": "git"
},
{
"lessThan": "704c359b4093a2af650a20eaa030c435d7c30f91",
"status": "affected",
"version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
"versionType": "git"
},
{
"lessThan": "a580fb2c3479d993556e1c31b237c9e5be4944a3",
"status": "affected",
"version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/extent-tree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.31"
},
{
"lessThan": "2.6.31",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.231",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don\u0027t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()\n\nWe handle errors here properly, ENOMEM isn\u0027t fatal, return the error."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:53:36.779Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c1406d8329f500e4594cd9730cd313aebc3a4333"
},
{
"url": "https://git.kernel.org/stable/c/6a0648f96c3ca647c71c6c1ddbc7c353bab79f64"
},
{
"url": "https://git.kernel.org/stable/c/44a2c518ab221c0cadcb8c45ca86f83a52dd4da6"
},
{
"url": "https://git.kernel.org/stable/c/135b4819f6fba87fd5a2693023133e78ac73f1d3"
},
{
"url": "https://git.kernel.org/stable/c/704c359b4093a2af650a20eaa030c435d7c30f91"
},
{
"url": "https://git.kernel.org/stable/c/a580fb2c3479d993556e1c31b237c9e5be4944a3"
}
],
"title": "btrfs: don\u0027t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46841",
"datePublished": "2024-09-27T12:39:35.633Z",
"dateReserved": "2024-09-11T15:12:18.288Z",
"dateUpdated": "2026-01-05T10:53:36.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50024 (GCVE-0-2024-50024)
Vulnerability from cvelistv5 – Published: 2024-10-21 19:39 – Updated: 2025-11-03 22:24
VLAI?
EPSS
Title
net: Fix an unsafe loop on the list
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: Fix an unsafe loop on the list
The kernel may crash when deleting a genetlink family if there are still
listeners for that family:
Oops: Kernel access of bad area, sig: 11 [#1]
...
NIP [c000000000c080bc] netlink_update_socket_mc+0x3c/0xc0
LR [c000000000c0f764] __netlink_clear_multicast_users+0x74/0xc0
Call Trace:
__netlink_clear_multicast_users+0x74/0xc0
genl_unregister_family+0xd4/0x2d0
Change the unsafe loop on the list to a safe one, because inside the
loop there is an element removal from this list.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
b8273570f802a7658827dcb077b0b517ba75a289 , < 464801a0f6ccb52b21faa33bac6014fd74cc5e10
(git)
Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 8e0766fcf37ad8eed289dd3853628dd9b01b58b0 (git) Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 68ad5da6ca630a276f0a5c924179e57724d00013 (git) Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 1cdec792b2450105b1314c5123a9a0452cb2c2f0 (git) Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 5f03a7f601f33cda1f710611625235dc86fd8a9e (git) Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 3be342e0332a7c83eb26fbb22bf156fdca467a5d (git) Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 49f9b726bf2bf3dd2caf0d27cadf4bc1ccf7a7dd (git) Affected: b8273570f802a7658827dcb077b0b517ba75a289 , < 1dae9f1187189bc09ff6d25ca97ead711f7e26f9 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:27:00.388543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:46.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:24:35.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/sock.h",
"net/netlink/af_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "464801a0f6ccb52b21faa33bac6014fd74cc5e10",
"status": "affected",
"version": "b8273570f802a7658827dcb077b0b517ba75a289",
"versionType": "git"
},
{
"lessThan": "8e0766fcf37ad8eed289dd3853628dd9b01b58b0",
"status": "affected",
"version": "b8273570f802a7658827dcb077b0b517ba75a289",
"versionType": "git"
},
{
"lessThan": "68ad5da6ca630a276f0a5c924179e57724d00013",
"status": "affected",
"version": "b8273570f802a7658827dcb077b0b517ba75a289",
"versionType": "git"
},
{
"lessThan": "1cdec792b2450105b1314c5123a9a0452cb2c2f0",
"status": "affected",
"version": "b8273570f802a7658827dcb077b0b517ba75a289",
"versionType": "git"
},
{
"lessThan": "5f03a7f601f33cda1f710611625235dc86fd8a9e",
"status": "affected",
"version": "b8273570f802a7658827dcb077b0b517ba75a289",
"versionType": "git"
},
{
"lessThan": "3be342e0332a7c83eb26fbb22bf156fdca467a5d",
"status": "affected",
"version": "b8273570f802a7658827dcb077b0b517ba75a289",
"versionType": "git"
},
{
"lessThan": "49f9b726bf2bf3dd2caf0d27cadf4bc1ccf7a7dd",
"status": "affected",
"version": "b8273570f802a7658827dcb077b0b517ba75a289",
"versionType": "git"
},
{
"lessThan": "1dae9f1187189bc09ff6d25ca97ead711f7e26f9",
"status": "affected",
"version": "b8273570f802a7658827dcb077b0b517ba75a289",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/sock.h",
"net/netlink/af_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.32"
},
{
"lessThan": "2.6.32",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.57",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.57",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.4",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix an unsafe loop on the list\n\nThe kernel may crash when deleting a genetlink family if there are still\nlisteners for that family:\n\nOops: Kernel access of bad area, sig: 11 [#1]\n ...\n NIP [c000000000c080bc] netlink_update_socket_mc+0x3c/0xc0\n LR [c000000000c0f764] __netlink_clear_multicast_users+0x74/0xc0\n Call Trace:\n__netlink_clear_multicast_users+0x74/0xc0\ngenl_unregister_family+0xd4/0x2d0\n\nChange the unsafe loop on the list to a safe one, because inside the\nloop there is an element removal from this list."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:44:03.890Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/464801a0f6ccb52b21faa33bac6014fd74cc5e10"
},
{
"url": "https://git.kernel.org/stable/c/8e0766fcf37ad8eed289dd3853628dd9b01b58b0"
},
{
"url": "https://git.kernel.org/stable/c/68ad5da6ca630a276f0a5c924179e57724d00013"
},
{
"url": "https://git.kernel.org/stable/c/1cdec792b2450105b1314c5123a9a0452cb2c2f0"
},
{
"url": "https://git.kernel.org/stable/c/5f03a7f601f33cda1f710611625235dc86fd8a9e"
},
{
"url": "https://git.kernel.org/stable/c/3be342e0332a7c83eb26fbb22bf156fdca467a5d"
},
{
"url": "https://git.kernel.org/stable/c/49f9b726bf2bf3dd2caf0d27cadf4bc1ccf7a7dd"
},
{
"url": "https://git.kernel.org/stable/c/1dae9f1187189bc09ff6d25ca97ead711f7e26f9"
}
],
"title": "net: Fix an unsafe loop on the list",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50024",
"datePublished": "2024-10-21T19:39:29.203Z",
"dateReserved": "2024-10-21T12:17:06.065Z",
"dateUpdated": "2025-11-03T22:24:35.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49966 (GCVE-0-2024-49966)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
ocfs2: cancel dqi_sync_work before freeing oinfo
Summary
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: cancel dqi_sync_work before freeing oinfo
ocfs2_global_read_info() will initialize and schedule dqi_sync_work at the
end, if error occurs after successfully reading global quota, it will
trigger the following warning with CONFIG_DEBUG_OBJECTS_* enabled:
ODEBUG: free active (active state 0) object: 00000000d8b0ce28 object type: timer_list hint: qsync_work_fn+0x0/0x16c
This reports that there is an active delayed work when freeing oinfo in
error handling, so cancel dqi_sync_work first. BTW, return status instead
of -1 when .read_file_info fails.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < fc5cc716dfbdc5fd5f373ff3b51358174cf88bfc
(git)
Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < 89043e7ed63c7fc141e68ea5a79758ed24b6c699 (git) Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < 14114d8148db07e7946fb06b56a50cfa425e26c7 (git) Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < 4173d1277c00baeedaaca76783e98b8fd0e3c08d (git) Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < bbf41277df8b33fbedf4750a9300c147e8f104eb (git) Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < ef768020366f47d23f39c4f57bcb03af6d1e24b3 (git) Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < a4346c04d055bf7e184c18a73dbd23b6a9811118 (git) Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < 0d707a33c84b371cb66120e198eed3374726ddd8 (git) Affected: 171bf93ce11f4c9929fdce6ce63df8da2f3c4475 , < 35fccce29feb3706f649726d410122dd81b92c18 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:34:26.104655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:46.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:48.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/quota_local.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fc5cc716dfbdc5fd5f373ff3b51358174cf88bfc",
"status": "affected",
"version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
"versionType": "git"
},
{
"lessThan": "89043e7ed63c7fc141e68ea5a79758ed24b6c699",
"status": "affected",
"version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
"versionType": "git"
},
{
"lessThan": "14114d8148db07e7946fb06b56a50cfa425e26c7",
"status": "affected",
"version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
"versionType": "git"
},
{
"lessThan": "4173d1277c00baeedaaca76783e98b8fd0e3c08d",
"status": "affected",
"version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
"versionType": "git"
},
{
"lessThan": "bbf41277df8b33fbedf4750a9300c147e8f104eb",
"status": "affected",
"version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
"versionType": "git"
},
{
"lessThan": "ef768020366f47d23f39c4f57bcb03af6d1e24b3",
"status": "affected",
"version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
"versionType": "git"
},
{
"lessThan": "a4346c04d055bf7e184c18a73dbd23b6a9811118",
"status": "affected",
"version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
"versionType": "git"
},
{
"lessThan": "0d707a33c84b371cb66120e198eed3374726ddd8",
"status": "affected",
"version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
"versionType": "git"
},
{
"lessThan": "35fccce29feb3706f649726d410122dd81b92c18",
"status": "affected",
"version": "171bf93ce11f4c9929fdce6ce63df8da2f3c4475",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/quota_local.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.29"
},
{
"lessThan": "2.6.29",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: cancel dqi_sync_work before freeing oinfo\n\nocfs2_global_read_info() will initialize and schedule dqi_sync_work at the\nend, if error occurs after successfully reading global quota, it will\ntrigger the following warning with CONFIG_DEBUG_OBJECTS_* enabled:\n\nODEBUG: free active (active state 0) object: 00000000d8b0ce28 object type: timer_list hint: qsync_work_fn+0x0/0x16c\n\nThis reports that there is an active delayed work when freeing oinfo in\nerror handling, so cancel dqi_sync_work first. BTW, return status instead\nof -1 when .read_file_info fails."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:42:34.255Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fc5cc716dfbdc5fd5f373ff3b51358174cf88bfc"
},
{
"url": "https://git.kernel.org/stable/c/89043e7ed63c7fc141e68ea5a79758ed24b6c699"
},
{
"url": "https://git.kernel.org/stable/c/14114d8148db07e7946fb06b56a50cfa425e26c7"
},
{
"url": "https://git.kernel.org/stable/c/4173d1277c00baeedaaca76783e98b8fd0e3c08d"
},
{
"url": "https://git.kernel.org/stable/c/bbf41277df8b33fbedf4750a9300c147e8f104eb"
},
{
"url": "https://git.kernel.org/stable/c/ef768020366f47d23f39c4f57bcb03af6d1e24b3"
},
{
"url": "https://git.kernel.org/stable/c/a4346c04d055bf7e184c18a73dbd23b6a9811118"
},
{
"url": "https://git.kernel.org/stable/c/0d707a33c84b371cb66120e198eed3374726ddd8"
},
{
"url": "https://git.kernel.org/stable/c/35fccce29feb3706f649726d410122dd81b92c18"
}
],
"title": "ocfs2: cancel dqi_sync_work before freeing oinfo",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49966",
"datePublished": "2024-10-21T18:02:17.076Z",
"dateReserved": "2024-10-21T12:17:06.050Z",
"dateUpdated": "2025-11-03T22:23:48.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48788 (GCVE-0-2022-48788)
Vulnerability from cvelistv5 – Published: 2024-07-16 11:43 – Updated: 2025-12-20 08:50
VLAI?
EPSS
Title
nvme-rdma: fix possible use-after-free in transport error_recovery work
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvme-rdma: fix possible use-after-free in transport error_recovery work
While nvme_rdma_submit_async_event_work is checking the ctrl and queue
state before preparing the AER command and scheduling io_work, in order
to fully prevent a race where this check is not reliable the error
recovery work must flush async_event_work before continuing to destroy
the admin queue after setting the ctrl state to RESETTING such that
there is no race .submit_async_event and the error recovery handler
itself changing the ctrl state.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
7110230719602852481c2793d054f866b2bf4a2b , < 5593f72d1922403c11749532e3a0aa4cf61414e9
(git)
Affected: 7110230719602852481c2793d054f866b2bf4a2b , < d411b2a5da68b8a130c23097014434ac140a2ace (git) Affected: 7110230719602852481c2793d054f866b2bf4a2b , < 324f5bdc52ecb6a6dadb31a62823ef8c709d1439 (git) Affected: 7110230719602852481c2793d054f866b2bf4a2b , < 646952b2210f19e584d2bf9eb5d092abdca2fcc1 (git) Affected: 7110230719602852481c2793d054f866b2bf4a2b , < ea86027ac467a055849c4945906f799e7f65ab99 (git) Affected: 7110230719602852481c2793d054f866b2bf4a2b , < b6bb1722f34bbdbabed27acdceaf585d300c5fd2 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:25:00.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5593f72d1922403c11749532e3a0aa4cf61414e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d411b2a5da68b8a130c23097014434ac140a2ace"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/324f5bdc52ecb6a6dadb31a62823ef8c709d1439"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/646952b2210f19e584d2bf9eb5d092abdca2fcc1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea86027ac467a055849c4945906f799e7f65ab99"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6bb1722f34bbdbabed27acdceaf585d300c5fd2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:59:45.973242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:16.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/rdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5593f72d1922403c11749532e3a0aa4cf61414e9",
"status": "affected",
"version": "7110230719602852481c2793d054f866b2bf4a2b",
"versionType": "git"
},
{
"lessThan": "d411b2a5da68b8a130c23097014434ac140a2ace",
"status": "affected",
"version": "7110230719602852481c2793d054f866b2bf4a2b",
"versionType": "git"
},
{
"lessThan": "324f5bdc52ecb6a6dadb31a62823ef8c709d1439",
"status": "affected",
"version": "7110230719602852481c2793d054f866b2bf4a2b",
"versionType": "git"
},
{
"lessThan": "646952b2210f19e584d2bf9eb5d092abdca2fcc1",
"status": "affected",
"version": "7110230719602852481c2793d054f866b2bf4a2b",
"versionType": "git"
},
{
"lessThan": "ea86027ac467a055849c4945906f799e7f65ab99",
"status": "affected",
"version": "7110230719602852481c2793d054f866b2bf4a2b",
"versionType": "git"
},
{
"lessThan": "b6bb1722f34bbdbabed27acdceaf585d300c5fd2",
"status": "affected",
"version": "7110230719602852481c2793d054f866b2bf4a2b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/rdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.102",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.25",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.231",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.181",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.102",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.25",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.11",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-rdma: fix possible use-after-free in transport error_recovery work\n\nWhile nvme_rdma_submit_async_event_work is checking the ctrl and queue\nstate before preparing the AER command and scheduling io_work, in order\nto fully prevent a race where this check is not reliable the error\nrecovery work must flush async_event_work before continuing to destroy\nthe admin queue after setting the ctrl state to RESETTING such that\nthere is no race .submit_async_event and the error recovery handler\nitself changing the ctrl state."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-20T08:50:46.067Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5593f72d1922403c11749532e3a0aa4cf61414e9"
},
{
"url": "https://git.kernel.org/stable/c/d411b2a5da68b8a130c23097014434ac140a2ace"
},
{
"url": "https://git.kernel.org/stable/c/324f5bdc52ecb6a6dadb31a62823ef8c709d1439"
},
{
"url": "https://git.kernel.org/stable/c/646952b2210f19e584d2bf9eb5d092abdca2fcc1"
},
{
"url": "https://git.kernel.org/stable/c/ea86027ac467a055849c4945906f799e7f65ab99"
},
{
"url": "https://git.kernel.org/stable/c/b6bb1722f34bbdbabed27acdceaf585d300c5fd2"
}
],
"title": "nvme-rdma: fix possible use-after-free in transport error_recovery work",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48788",
"datePublished": "2024-07-16T11:43:45.213Z",
"dateReserved": "2024-07-16T11:38:08.892Z",
"dateUpdated": "2025-12-20T08:50:46.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46809 (GCVE-0-2024-46809)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:35 – Updated: 2025-11-03 20:39
VLAI?
EPSS
Title
drm/amd/display: Check BIOS images before it is used
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check BIOS images before it is used
BIOS images may fail to load and null checks are added before they are
used.
This fixes 6 NULL_RETURNS issues reported by Coverity.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 4fcd903a5d9e897420d7d8b3ca55c6e5dbb47379
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < c5cb98554c4c6265b494d040c1c62f1db2fa28a6 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < eef7301e674438913134539e77dd887960949f20 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < e50bec62acaeec03afc6fa5dfb2426e52d049cf5 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < e46b70a7cfed71cb84e985c785c39c16df5c28cb (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:19:32.235332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:19:44.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:39:17.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/bios/bios_parser.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4fcd903a5d9e897420d7d8b3ca55c6e5dbb47379",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "c5cb98554c4c6265b494d040c1c62f1db2fa28a6",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "eef7301e674438913134539e77dd887960949f20",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "e50bec62acaeec03afc6fa5dfb2426e52d049cf5",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "e46b70a7cfed71cb84e985c785c39c16df5c28cb",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/bios/bios_parser.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.50",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.231",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.50",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check BIOS images before it is used\n\nBIOS images may fail to load and null checks are added before they are\nused.\n\nThis fixes 6 NULL_RETURNS issues reported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:20:34.699Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4fcd903a5d9e897420d7d8b3ca55c6e5dbb47379"
},
{
"url": "https://git.kernel.org/stable/c/c5cb98554c4c6265b494d040c1c62f1db2fa28a6"
},
{
"url": "https://git.kernel.org/stable/c/eef7301e674438913134539e77dd887960949f20"
},
{
"url": "https://git.kernel.org/stable/c/e50bec62acaeec03afc6fa5dfb2426e52d049cf5"
},
{
"url": "https://git.kernel.org/stable/c/e46b70a7cfed71cb84e985c785c39c16df5c28cb"
},
{
"url": "https://git.kernel.org/stable/c/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c"
}
],
"title": "drm/amd/display: Check BIOS images before it is used",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46809",
"datePublished": "2024-09-27T12:35:53.127Z",
"dateReserved": "2024-09-11T15:12:18.282Z",
"dateUpdated": "2025-11-03T20:39:17.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52752 (GCVE-0-2023-52752)
Vulnerability from cvelistv5 – Published: 2024-05-21 15:30 – Updated: 2026-01-05 10:17
VLAI?
EPSS
Title
smb: client: fix use-after-free bug in cifs_debug_data_proc_show()
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix use-after-free bug in cifs_debug_data_proc_show()
Skip SMB sessions that are being teared down
(e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show()
to avoid use-after-free in @ses.
This fixes the following GPF when reading from /proc/fs/cifs/DebugData
while mounting and umounting
[ 816.251274] general protection fault, probably for non-canonical
address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI
...
[ 816.260138] Call Trace:
[ 816.260329] <TASK>
[ 816.260499] ? die_addr+0x36/0x90
[ 816.260762] ? exc_general_protection+0x1b3/0x410
[ 816.261126] ? asm_exc_general_protection+0x26/0x30
[ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs]
[ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs]
[ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs]
[ 816.262689] ? seq_read_iter+0x379/0x470
[ 816.262995] seq_read_iter+0x118/0x470
[ 816.263291] proc_reg_read_iter+0x53/0x90
[ 816.263596] ? srso_alias_return_thunk+0x5/0x7f
[ 816.263945] vfs_read+0x201/0x350
[ 816.264211] ksys_read+0x75/0x100
[ 816.264472] do_syscall_64+0x3f/0x90
[ 816.264750] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[ 816.265135] RIP: 0033:0x7fd5e669d381
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 2abdf136784b7edaec7ffe0f4b461b63f9c4c4de
(git)
Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 336a066990bb3962c46daf574ace596bda9303ce (git) Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 558817597d5fbd7af31f891b67b0fd20f0d047b7 (git) Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 89929ea46f9cc11ba66d2c64713aa5d5dc723b09 (git) Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 0ab6f842452ce2cae04209d4671ac6289d0aef8a (git) Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < d328c09ee9f15ee5a26431f5aad7c9239fa85e62 (git) Affected: a67172a013953664b1dad03c648200c70b90506c (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.7"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.6.3"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "1da177e4c3f4"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.1.64"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.5.13"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52752",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T17:22:07.851461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:50:52.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:28:47.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/558817597d5fbd7af31f891b67b0fd20f0d047b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89929ea46f9cc11ba66d2c64713aa5d5dc723b09"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0ab6f842452ce2cae04209d4671ac6289d0aef8a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d328c09ee9f15ee5a26431f5aad7c9239fa85e62"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/client/cifs_debug.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2abdf136784b7edaec7ffe0f4b461b63f9c4c4de",
"status": "affected",
"version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
"versionType": "git"
},
{
"lessThan": "336a066990bb3962c46daf574ace596bda9303ce",
"status": "affected",
"version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
"versionType": "git"
},
{
"lessThan": "558817597d5fbd7af31f891b67b0fd20f0d047b7",
"status": "affected",
"version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
"versionType": "git"
},
{
"lessThan": "89929ea46f9cc11ba66d2c64713aa5d5dc723b09",
"status": "affected",
"version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
"versionType": "git"
},
{
"lessThan": "0ab6f842452ce2cae04209d4671ac6289d0aef8a",
"status": "affected",
"version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
"versionType": "git"
},
{
"lessThan": "d328c09ee9f15ee5a26431f5aad7c9239fa85e62",
"status": "affected",
"version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
"versionType": "git"
},
{
"status": "affected",
"version": "a67172a013953664b1dad03c648200c70b90506c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/client/cifs_debug.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.13"
},
{
"lessThan": "3.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.237",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.181",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.12.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free bug in cifs_debug_data_proc_show()\n\nSkip SMB sessions that are being teared down\n(e.g. @ses-\u003eses_status == SES_EXITING) in cifs_debug_data_proc_show()\nto avoid use-after-free in @ses.\n\nThis fixes the following GPF when reading from /proc/fs/cifs/DebugData\nwhile mounting and umounting\n\n [ 816.251274] general protection fault, probably for non-canonical\n address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI\n ...\n [ 816.260138] Call Trace:\n [ 816.260329] \u003cTASK\u003e\n [ 816.260499] ? die_addr+0x36/0x90\n [ 816.260762] ? exc_general_protection+0x1b3/0x410\n [ 816.261126] ? asm_exc_general_protection+0x26/0x30\n [ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs]\n [ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs]\n [ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs]\n [ 816.262689] ? seq_read_iter+0x379/0x470\n [ 816.262995] seq_read_iter+0x118/0x470\n [ 816.263291] proc_reg_read_iter+0x53/0x90\n [ 816.263596] ? srso_alias_return_thunk+0x5/0x7f\n [ 816.263945] vfs_read+0x201/0x350\n [ 816.264211] ksys_read+0x75/0x100\n [ 816.264472] do_syscall_64+0x3f/0x90\n [ 816.264750] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n [ 816.265135] RIP: 0033:0x7fd5e669d381"
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:17:08.336Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2abdf136784b7edaec7ffe0f4b461b63f9c4c4de"
},
{
"url": "https://git.kernel.org/stable/c/336a066990bb3962c46daf574ace596bda9303ce"
},
{
"url": "https://git.kernel.org/stable/c/558817597d5fbd7af31f891b67b0fd20f0d047b7"
},
{
"url": "https://git.kernel.org/stable/c/89929ea46f9cc11ba66d2c64713aa5d5dc723b09"
},
{
"url": "https://git.kernel.org/stable/c/0ab6f842452ce2cae04209d4671ac6289d0aef8a"
},
{
"url": "https://git.kernel.org/stable/c/d328c09ee9f15ee5a26431f5aad7c9239fa85e62"
}
],
"title": "smb: client: fix use-after-free bug in cifs_debug_data_proc_show()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52752",
"datePublished": "2024-05-21T15:30:40.901Z",
"dateReserved": "2024-05-21T15:19:24.234Z",
"dateUpdated": "2026-01-05T10:17:08.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49022 (GCVE-0-2022-49022)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration
Fix possible out-of-bound access in ieee80211_get_rate_duration routine
as reported by the following UBSAN report:
UBSAN: array-index-out-of-bounds in net/mac80211/airtime.c:455:47
index 15 is out of range for type 'u16 [12]'
CPU: 2 PID: 217 Comm: kworker/u32:10 Not tainted 6.1.0-060100rc3-generic
Hardware name: Acer Aspire TC-281/Aspire TC-281, BIOS R01-A2 07/18/2017
Workqueue: mt76 mt76u_tx_status_data [mt76_usb]
Call Trace:
<TASK>
show_stack+0x4e/0x61
dump_stack_lvl+0x4a/0x6f
dump_stack+0x10/0x18
ubsan_epilogue+0x9/0x43
__ubsan_handle_out_of_bounds.cold+0x42/0x47
ieee80211_get_rate_duration.constprop.0+0x22f/0x2a0 [mac80211]
? ieee80211_tx_status_ext+0x32e/0x640 [mac80211]
ieee80211_calc_rx_airtime+0xda/0x120 [mac80211]
ieee80211_calc_tx_airtime+0xb4/0x100 [mac80211]
mt76x02_send_tx_status+0x266/0x480 [mt76x02_lib]
mt76x02_tx_status_data+0x52/0x80 [mt76x02_lib]
mt76u_tx_status_data+0x67/0xd0 [mt76_usb]
process_one_work+0x225/0x400
worker_thread+0x50/0x3e0
? process_one_work+0x400/0x400
kthread+0xe9/0x110
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x22/0x30
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
db3e1c40cf2f973fbdd52ae0b59a9472b1c04f4a , < 0184ede0ec61b9cd075babfaa45081b1bf322234
(git)
Affected: db3e1c40cf2f973fbdd52ae0b59a9472b1c04f4a , < 59b54f0563b6546c94bdb6823d3b382c75407019 (git) Affected: db3e1c40cf2f973fbdd52ae0b59a9472b1c04f4a , < f0fcad4c7201ecfaa17357f4ce0c50b4708df22d (git) Affected: db3e1c40cf2f973fbdd52ae0b59a9472b1c04f4a , < 3e8f7abcc3473bc9603323803aeaed4ffcc3a2ab (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:12:26.001640Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:37.055Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mac80211/airtime.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0184ede0ec61b9cd075babfaa45081b1bf322234",
"status": "affected",
"version": "db3e1c40cf2f973fbdd52ae0b59a9472b1c04f4a",
"versionType": "git"
},
{
"lessThan": "59b54f0563b6546c94bdb6823d3b382c75407019",
"status": "affected",
"version": "db3e1c40cf2f973fbdd52ae0b59a9472b1c04f4a",
"versionType": "git"
},
{
"lessThan": "f0fcad4c7201ecfaa17357f4ce0c50b4708df22d",
"status": "affected",
"version": "db3e1c40cf2f973fbdd52ae0b59a9472b1c04f4a",
"versionType": "git"
},
{
"lessThan": "3e8f7abcc3473bc9603323803aeaed4ffcc3a2ab",
"status": "affected",
"version": "db3e1c40cf2f973fbdd52ae0b59a9472b1c04f4a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mac80211/airtime.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac8021: fix possible oob access in ieee80211_get_rate_duration\n\nFix possible out-of-bound access in ieee80211_get_rate_duration routine\nas reported by the following UBSAN report:\n\nUBSAN: array-index-out-of-bounds in net/mac80211/airtime.c:455:47\nindex 15 is out of range for type \u0027u16 [12]\u0027\nCPU: 2 PID: 217 Comm: kworker/u32:10 Not tainted 6.1.0-060100rc3-generic\nHardware name: Acer Aspire TC-281/Aspire TC-281, BIOS R01-A2 07/18/2017\nWorkqueue: mt76 mt76u_tx_status_data [mt76_usb]\nCall Trace:\n \u003cTASK\u003e\n show_stack+0x4e/0x61\n dump_stack_lvl+0x4a/0x6f\n dump_stack+0x10/0x18\n ubsan_epilogue+0x9/0x43\n __ubsan_handle_out_of_bounds.cold+0x42/0x47\nieee80211_get_rate_duration.constprop.0+0x22f/0x2a0 [mac80211]\n ? ieee80211_tx_status_ext+0x32e/0x640 [mac80211]\n ieee80211_calc_rx_airtime+0xda/0x120 [mac80211]\n ieee80211_calc_tx_airtime+0xb4/0x100 [mac80211]\n mt76x02_send_tx_status+0x266/0x480 [mt76x02_lib]\n mt76x02_tx_status_data+0x52/0x80 [mt76x02_lib]\n mt76u_tx_status_data+0x67/0xd0 [mt76_usb]\n process_one_work+0x225/0x400\n worker_thread+0x50/0x3e0\n ? process_one_work+0x400/0x400\n kthread+0xe9/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:15.655Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0184ede0ec61b9cd075babfaa45081b1bf322234"
},
{
"url": "https://git.kernel.org/stable/c/59b54f0563b6546c94bdb6823d3b382c75407019"
},
{
"url": "https://git.kernel.org/stable/c/f0fcad4c7201ecfaa17357f4ce0c50b4708df22d"
},
{
"url": "https://git.kernel.org/stable/c/3e8f7abcc3473bc9603323803aeaed4ffcc3a2ab"
}
],
"title": "wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49022",
"datePublished": "2024-10-21T20:06:29.239Z",
"dateReserved": "2024-08-22T01:27:53.649Z",
"dateUpdated": "2025-05-04T08:28:15.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-44958 (GCVE-0-2024-44958)
Vulnerability from cvelistv5 – Published: 2024-09-04 18:35 – Updated: 2025-11-03 22:14
VLAI?
EPSS
Title
sched/smt: Fix unbalance sched_smt_present dec/inc
Summary
In the Linux kernel, the following vulnerability has been resolved:
sched/smt: Fix unbalance sched_smt_present dec/inc
I got the following warn report while doing stress test:
jump label: negative count!
WARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0
Call Trace:
<TASK>
__static_key_slow_dec_cpuslocked+0x16/0x70
sched_cpu_deactivate+0x26e/0x2a0
cpuhp_invoke_callback+0x3ad/0x10d0
cpuhp_thread_fun+0x3f5/0x680
smpboot_thread_fn+0x56d/0x8d0
kthread+0x309/0x400
ret_from_fork+0x41/0x70
ret_from_fork_asm+0x1b/0x30
</TASK>
Because when cpuset_cpu_inactive() fails in sched_cpu_deactivate(),
the cpu offline failed, but sched_smt_present is decremented before
calling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so
fix it by incrementing sched_smt_present in the error path.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
c5511d03ec090980732e929c318a7a6374b5550e , < 2a3548c7ef2e135aee40e7e5e44e7d11b893e7c4
(git)
Affected: c5511d03ec090980732e929c318a7a6374b5550e , < 2cf7665efe451e48d27953e6b5bc627d518c902b (git) Affected: c5511d03ec090980732e929c318a7a6374b5550e , < 65727331b60197b742089855ac09464c22b96f66 (git) Affected: c5511d03ec090980732e929c318a7a6374b5550e , < d0c87a3c6be10a57aa3463c32c3fc6b2a47c3dab (git) Affected: c5511d03ec090980732e929c318a7a6374b5550e , < e22f910a26cc2a3ac9c66b8e935ef2a7dd881117 (git) Affected: 01659361c63fdc91c0af239d08cdd211d590a656 (git) Affected: a2c094816f894b7a265851fad858e994fa0f78b3 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44958",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:39:57.304687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:36.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:14:05.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/sched/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2a3548c7ef2e135aee40e7e5e44e7d11b893e7c4",
"status": "affected",
"version": "c5511d03ec090980732e929c318a7a6374b5550e",
"versionType": "git"
},
{
"lessThan": "2cf7665efe451e48d27953e6b5bc627d518c902b",
"status": "affected",
"version": "c5511d03ec090980732e929c318a7a6374b5550e",
"versionType": "git"
},
{
"lessThan": "65727331b60197b742089855ac09464c22b96f66",
"status": "affected",
"version": "c5511d03ec090980732e929c318a7a6374b5550e",
"versionType": "git"
},
{
"lessThan": "d0c87a3c6be10a57aa3463c32c3fc6b2a47c3dab",
"status": "affected",
"version": "c5511d03ec090980732e929c318a7a6374b5550e",
"versionType": "git"
},
{
"lessThan": "e22f910a26cc2a3ac9c66b8e935ef2a7dd881117",
"status": "affected",
"version": "c5511d03ec090980732e929c318a7a6374b5550e",
"versionType": "git"
},
{
"status": "affected",
"version": "01659361c63fdc91c0af239d08cdd211d590a656",
"versionType": "git"
},
{
"status": "affected",
"version": "a2c094816f894b7a265851fad858e994fa0f78b3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/sched/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.105",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.105",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/smt: Fix unbalance sched_smt_present dec/inc\n\nI got the following warn report while doing stress test:\n\njump label: negative count!\nWARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0\nCall Trace:\n \u003cTASK\u003e\n __static_key_slow_dec_cpuslocked+0x16/0x70\n sched_cpu_deactivate+0x26e/0x2a0\n cpuhp_invoke_callback+0x3ad/0x10d0\n cpuhp_thread_fun+0x3f5/0x680\n smpboot_thread_fn+0x56d/0x8d0\n kthread+0x309/0x400\n ret_from_fork+0x41/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nBecause when cpuset_cpu_inactive() fails in sched_cpu_deactivate(),\nthe cpu offline failed, but sched_smt_present is decremented before\ncalling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so\nfix it by incrementing sched_smt_present in the error path."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:58:27.307Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2a3548c7ef2e135aee40e7e5e44e7d11b893e7c4"
},
{
"url": "https://git.kernel.org/stable/c/2cf7665efe451e48d27953e6b5bc627d518c902b"
},
{
"url": "https://git.kernel.org/stable/c/65727331b60197b742089855ac09464c22b96f66"
},
{
"url": "https://git.kernel.org/stable/c/d0c87a3c6be10a57aa3463c32c3fc6b2a47c3dab"
},
{
"url": "https://git.kernel.org/stable/c/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117"
}
],
"title": "sched/smt: Fix unbalance sched_smt_present dec/inc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-44958",
"datePublished": "2024-09-04T18:35:56.655Z",
"dateReserved": "2024-08-21T05:34:56.666Z",
"dateUpdated": "2025-11-03T22:14:05.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48947 (GCVE-0-2022-48947)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-12-23 13:21
VLAI?
EPSS
Title
Bluetooth: L2CAP: Fix u8 overflow
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: L2CAP: Fix u8 overflow
By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases
multiple times and eventually it will wrap around the maximum number
(i.e., 255).
This patch prevents this by adding a boundary check with
L2CAP_MAX_CONF_RSP
Btmon log:
Bluetooth monitor ver 5.64
= Note: Linux version 6.1.0-rc2 (x86_64) 0.264594
= Note: Bluetooth subsystem version 2.22 0.264636
@ MGMT Open: btmon (privileged) version 1.22 {0x0001} 0.272191
= New Index: 00:00:00:00:00:00 (Primary,Virtual,hci0) [hci0] 13.877604
@ RAW Open: 9496 (privileged) version 2.22 {0x0002} 13.890741
= Open Index: 00:00:00:00:00:00 [hci0] 13.900426
(...)
> ACL Data RX: Handle 200 flags 0x00 dlen 1033 #32 [hci0] 14.273106
invalid packet size (12 != 1033)
08 00 01 00 02 01 04 00 01 10 ff ff ............
> ACL Data RX: Handle 200 flags 0x00 dlen 1547 #33 [hci0] 14.273561
invalid packet size (14 != 1547)
0a 00 01 00 04 01 06 00 40 00 00 00 00 00 ........@.....
> ACL Data RX: Handle 200 flags 0x00 dlen 2061 #34 [hci0] 14.274390
invalid packet size (16 != 2061)
0c 00 01 00 04 01 08 00 40 00 00 00 00 00 00 04 ........@.......
> ACL Data RX: Handle 200 flags 0x00 dlen 2061 #35 [hci0] 14.274932
invalid packet size (16 != 2061)
0c 00 01 00 04 01 08 00 40 00 00 00 07 00 03 00 ........@.......
= bluetoothd: Bluetooth daemon 5.43 14.401828
> ACL Data RX: Handle 200 flags 0x00 dlen 1033 #36 [hci0] 14.275753
invalid packet size (12 != 1033)
08 00 01 00 04 01 04 00 40 00 00 00 ........@...
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
f2fcfcd670257236ebf2088bbdf26f6a8ef459fe , < 49d5867819ab7c744852b45509e8469839c07e0e
(git)
Affected: f2fcfcd670257236ebf2088bbdf26f6a8ef459fe , < 95f1847a361c7b4bf7d74c06ecb6968455082c1a (git) Affected: f2fcfcd670257236ebf2088bbdf26f6a8ef459fe , < ad528fde0702903208d0a79d88d5a42ae3fc235b (git) Affected: f2fcfcd670257236ebf2088bbdf26f6a8ef459fe , < 9fdc79b571434af7bc742da40a3405f038b637a7 (git) Affected: f2fcfcd670257236ebf2088bbdf26f6a8ef459fe , < f3fe6817156a2ad4b06f01afab04638a34d7c9a6 (git) Affected: f2fcfcd670257236ebf2088bbdf26f6a8ef459fe , < 19a78143961a197de8502f4f29c453b913dc3c29 (git) Affected: f2fcfcd670257236ebf2088bbdf26f6a8ef459fe , < 5550bbf709c323194881737fd290c4bada9e6ead (git) Affected: f2fcfcd670257236ebf2088bbdf26f6a8ef459fe , < bcd70260ef56e0aee8a4fc6cd214a419900b0765 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:22:07.757358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:41.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/l2cap_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "49d5867819ab7c744852b45509e8469839c07e0e",
"status": "affected",
"version": "f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
"versionType": "git"
},
{
"lessThan": "95f1847a361c7b4bf7d74c06ecb6968455082c1a",
"status": "affected",
"version": "f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
"versionType": "git"
},
{
"lessThan": "ad528fde0702903208d0a79d88d5a42ae3fc235b",
"status": "affected",
"version": "f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
"versionType": "git"
},
{
"lessThan": "9fdc79b571434af7bc742da40a3405f038b637a7",
"status": "affected",
"version": "f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
"versionType": "git"
},
{
"lessThan": "f3fe6817156a2ad4b06f01afab04638a34d7c9a6",
"status": "affected",
"version": "f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
"versionType": "git"
},
{
"lessThan": "19a78143961a197de8502f4f29c453b913dc3c29",
"status": "affected",
"version": "f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
"versionType": "git"
},
{
"lessThan": "5550bbf709c323194881737fd290c4bada9e6ead",
"status": "affected",
"version": "f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
"versionType": "git"
},
{
"lessThan": "bcd70260ef56e0aee8a4fc6cd214a419900b0765",
"status": "affected",
"version": "f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/l2cap_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.32"
},
{
"lessThan": "2.6.32",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.337",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.303",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.337",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.303",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.161",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.85",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.15",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "2.6.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix u8 overflow\n\nBy keep sending L2CAP_CONF_REQ packets, chan-\u003enum_conf_rsp increases\nmultiple times and eventually it will wrap around the maximum number\n(i.e., 255).\nThis patch prevents this by adding a boundary check with\nL2CAP_MAX_CONF_RSP\n\nBtmon log:\nBluetooth monitor ver 5.64\n= Note: Linux version 6.1.0-rc2 (x86_64) 0.264594\n= Note: Bluetooth subsystem version 2.22 0.264636\n@ MGMT Open: btmon (privileged) version 1.22 {0x0001} 0.272191\n= New Index: 00:00:00:00:00:00 (Primary,Virtual,hci0) [hci0] 13.877604\n@ RAW Open: 9496 (privileged) version 2.22 {0x0002} 13.890741\n= Open Index: 00:00:00:00:00:00 [hci0] 13.900426\n(...)\n\u003e ACL Data RX: Handle 200 flags 0x00 dlen 1033 #32 [hci0] 14.273106\n invalid packet size (12 != 1033)\n 08 00 01 00 02 01 04 00 01 10 ff ff ............\n\u003e ACL Data RX: Handle 200 flags 0x00 dlen 1547 #33 [hci0] 14.273561\n invalid packet size (14 != 1547)\n 0a 00 01 00 04 01 06 00 40 00 00 00 00 00 ........@.....\n\u003e ACL Data RX: Handle 200 flags 0x00 dlen 2061 #34 [hci0] 14.274390\n invalid packet size (16 != 2061)\n 0c 00 01 00 04 01 08 00 40 00 00 00 00 00 00 04 ........@.......\n\u003e ACL Data RX: Handle 200 flags 0x00 dlen 2061 #35 [hci0] 14.274932\n invalid packet size (16 != 2061)\n 0c 00 01 00 04 01 08 00 40 00 00 00 07 00 03 00 ........@.......\n= bluetoothd: Bluetooth daemon 5.43 14.401828\n\u003e ACL Data RX: Handle 200 flags 0x00 dlen 1033 #36 [hci0] 14.275753\n invalid packet size (12 != 1033)\n 08 00 01 00 04 01 04 00 40 00 00 00 ........@..."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T13:21:14.514Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/49d5867819ab7c744852b45509e8469839c07e0e"
},
{
"url": "https://git.kernel.org/stable/c/95f1847a361c7b4bf7d74c06ecb6968455082c1a"
},
{
"url": "https://git.kernel.org/stable/c/ad528fde0702903208d0a79d88d5a42ae3fc235b"
},
{
"url": "https://git.kernel.org/stable/c/9fdc79b571434af7bc742da40a3405f038b637a7"
},
{
"url": "https://git.kernel.org/stable/c/f3fe6817156a2ad4b06f01afab04638a34d7c9a6"
},
{
"url": "https://git.kernel.org/stable/c/19a78143961a197de8502f4f29c453b913dc3c29"
},
{
"url": "https://git.kernel.org/stable/c/5550bbf709c323194881737fd290c4bada9e6ead"
},
{
"url": "https://git.kernel.org/stable/c/bcd70260ef56e0aee8a4fc6cd214a419900b0765"
}
],
"title": "Bluetooth: L2CAP: Fix u8 overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48947",
"datePublished": "2024-10-21T20:05:36.491Z",
"dateReserved": "2024-08-22T01:27:53.624Z",
"dateUpdated": "2025-12-23T13:21:14.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49014 (GCVE-0-2022-49014)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
net: tun: Fix use-after-free in tun_detach()
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: tun: Fix use-after-free in tun_detach()
syzbot reported use-after-free in tun_detach() [1]. This causes call
trace like below:
==================================================================
BUG: KASAN: use-after-free in notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75
Read of size 8 at addr ffff88807324e2a8 by task syz-executor.0/3673
CPU: 0 PID: 3673 Comm: syz-executor.0 Not tainted 6.1.0-rc5-syzkaller-00044-gcc675d22e422 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:284 [inline]
print_report+0x15e/0x461 mm/kasan/report.c:395
kasan_report+0xbf/0x1f0 mm/kasan/report.c:495
notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75
call_netdevice_notifiers_info+0x86/0x130 net/core/dev.c:1942
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_wait_allrefs_any net/core/dev.c:10237 [inline]
netdev_run_todo+0xbc6/0x1100 net/core/dev.c:10351
tun_detach drivers/net/tun.c:704 [inline]
tun_chr_close+0xe4/0x190 drivers/net/tun.c:3467
__fput+0x27c/0xa90 fs/file_table.c:320
task_work_run+0x16f/0x270 kernel/task_work.c:179
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0xb3d/0x2a30 kernel/exit.c:820
do_group_exit+0xd4/0x2a0 kernel/exit.c:950
get_signal+0x21b1/0x2440 kernel/signal.c:2858
arch_do_signal_or_restart+0x86/0x2300 arch/x86/kernel/signal.c:869
exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203
__syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296
do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x63/0xcd
The cause of the issue is that sock_put() from __tun_detach() drops
last reference count for struct net, and then notifier_call_chain()
from netdev_state_change() accesses that struct net.
This patch fixes the issue by calling sock_put() from tun_detach()
after all necessary accesses for the struct net has done.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
83c1f36f9880814b24cdf6c2f91f66f61db65326 , < 1f23f1890d91812c35d32eab1b49621b6d32dc7b
(git)
Affected: 83c1f36f9880814b24cdf6c2f91f66f61db65326 , < 16c244bc65d1175775325ec0489a5a5c830e02c7 (git) Affected: 83c1f36f9880814b24cdf6c2f91f66f61db65326 , < 5f442e1d403e0496bacb74a58e2be7f500695e6f (git) Affected: 83c1f36f9880814b24cdf6c2f91f66f61db65326 , < 04b995e963229501401810dab89dc73e7f12d054 (git) Affected: 83c1f36f9880814b24cdf6c2f91f66f61db65326 , < 4cde8da2d814a3b7b176db81922d4ddaad7c0f0e (git) Affected: 83c1f36f9880814b24cdf6c2f91f66f61db65326 , < 5daadc86f27ea4d691e2131c04310d0418c6cd12 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:13:28.883740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:38.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/tun.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1f23f1890d91812c35d32eab1b49621b6d32dc7b",
"status": "affected",
"version": "83c1f36f9880814b24cdf6c2f91f66f61db65326",
"versionType": "git"
},
{
"lessThan": "16c244bc65d1175775325ec0489a5a5c830e02c7",
"status": "affected",
"version": "83c1f36f9880814b24cdf6c2f91f66f61db65326",
"versionType": "git"
},
{
"lessThan": "5f442e1d403e0496bacb74a58e2be7f500695e6f",
"status": "affected",
"version": "83c1f36f9880814b24cdf6c2f91f66f61db65326",
"versionType": "git"
},
{
"lessThan": "04b995e963229501401810dab89dc73e7f12d054",
"status": "affected",
"version": "83c1f36f9880814b24cdf6c2f91f66f61db65326",
"versionType": "git"
},
{
"lessThan": "4cde8da2d814a3b7b176db81922d4ddaad7c0f0e",
"status": "affected",
"version": "83c1f36f9880814b24cdf6c2f91f66f61db65326",
"versionType": "git"
},
{
"lessThan": "5daadc86f27ea4d691e2131c04310d0418c6cd12",
"status": "affected",
"version": "83c1f36f9880814b24cdf6c2f91f66f61db65326",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/tun.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.268",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tun: Fix use-after-free in tun_detach()\n\nsyzbot reported use-after-free in tun_detach() [1]. This causes call\ntrace like below:\n\n==================================================================\nBUG: KASAN: use-after-free in notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75\nRead of size 8 at addr ffff88807324e2a8 by task syz-executor.0/3673\n\nCPU: 0 PID: 3673 Comm: syz-executor.0 Not tainted 6.1.0-rc5-syzkaller-00044-gcc675d22e422 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x15e/0x461 mm/kasan/report.c:395\n kasan_report+0xbf/0x1f0 mm/kasan/report.c:495\n notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75\n call_netdevice_notifiers_info+0x86/0x130 net/core/dev.c:1942\n call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]\n call_netdevice_notifiers net/core/dev.c:1997 [inline]\n netdev_wait_allrefs_any net/core/dev.c:10237 [inline]\n netdev_run_todo+0xbc6/0x1100 net/core/dev.c:10351\n tun_detach drivers/net/tun.c:704 [inline]\n tun_chr_close+0xe4/0x190 drivers/net/tun.c:3467\n __fput+0x27c/0xa90 fs/file_table.c:320\n task_work_run+0x16f/0x270 kernel/task_work.c:179\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0xb3d/0x2a30 kernel/exit.c:820\n do_group_exit+0xd4/0x2a0 kernel/exit.c:950\n get_signal+0x21b1/0x2440 kernel/signal.c:2858\n arch_do_signal_or_restart+0x86/0x2300 arch/x86/kernel/signal.c:869\n exit_to_user_mode_loop kernel/entry/common.c:168 [inline]\n exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203\n __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]\n syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296\n do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe cause of the issue is that sock_put() from __tun_detach() drops\nlast reference count for struct net, and then notifier_call_chain()\nfrom netdev_state_change() accesses that struct net.\n\nThis patch fixes the issue by calling sock_put() from tun_detach()\nafter all necessary accesses for the struct net has done."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:05.831Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1f23f1890d91812c35d32eab1b49621b6d32dc7b"
},
{
"url": "https://git.kernel.org/stable/c/16c244bc65d1175775325ec0489a5a5c830e02c7"
},
{
"url": "https://git.kernel.org/stable/c/5f442e1d403e0496bacb74a58e2be7f500695e6f"
},
{
"url": "https://git.kernel.org/stable/c/04b995e963229501401810dab89dc73e7f12d054"
},
{
"url": "https://git.kernel.org/stable/c/4cde8da2d814a3b7b176db81922d4ddaad7c0f0e"
},
{
"url": "https://git.kernel.org/stable/c/5daadc86f27ea4d691e2131c04310d0418c6cd12"
}
],
"title": "net: tun: Fix use-after-free in tun_detach()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49014",
"datePublished": "2024-10-21T20:06:24.020Z",
"dateReserved": "2024-08-22T01:27:53.645Z",
"dateUpdated": "2025-05-04T08:28:05.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49996 (GCVE-0-2024-49996)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 20:42
VLAI?
EPSS
Title
cifs: Fix buffer overflow when parsing NFS reparse points
Summary
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix buffer overflow when parsing NFS reparse points
ReparseDataLength is sum of the InodeType size and DataBuffer size.
So to get DataBuffer size it is needed to subtract InodeType's size from
ReparseDataLength.
Function cifs_strndup_from_utf16() is currentlly accessing buf->DataBuffer
at position after the end of the buffer because it does not subtract
InodeType size from the length. Fix this problem and correctly subtract
variable len.
Member InodeType is present only when reparse buffer is large enough. Check
for ReparseDataLength before accessing InodeType to prevent another invalid
memory access.
Major and minor rdev values are present also only when reparse buffer is
large enough. Check for reparse buffer size before calling reparse_mkdev().
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
d5ecebc4900df7f6e8dff0717574668885110553 , < 7b222d6cb87077faf56a687a72af1951cf78c8a9
(git)
Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < 73b078e3314d4854fd8286f3ba65c860ddd3a3dd (git) Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < 01cdddde39b065074fd48f07027757783cbf5b7d (git) Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < ec79e6170bcae8a6036a4b6960f5e7e59a785601 (git) Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < c6db81c550cea0c73bd72ef55f579991e0e4ba07 (git) Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < 803b3a39cb096d8718c0aebc03fd19f11c7dc919 (git) Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < c173d47b69f07cd7ca08efb4e458adbd4725d8e9 (git) Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < e2a8910af01653c1c268984855629d71fb81f404 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:30:36.265660Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:41.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:42:50.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/client/reparse.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7b222d6cb87077faf56a687a72af1951cf78c8a9",
"status": "affected",
"version": "d5ecebc4900df7f6e8dff0717574668885110553",
"versionType": "git"
},
{
"lessThan": "73b078e3314d4854fd8286f3ba65c860ddd3a3dd",
"status": "affected",
"version": "d5ecebc4900df7f6e8dff0717574668885110553",
"versionType": "git"
},
{
"lessThan": "01cdddde39b065074fd48f07027757783cbf5b7d",
"status": "affected",
"version": "d5ecebc4900df7f6e8dff0717574668885110553",
"versionType": "git"
},
{
"lessThan": "ec79e6170bcae8a6036a4b6960f5e7e59a785601",
"status": "affected",
"version": "d5ecebc4900df7f6e8dff0717574668885110553",
"versionType": "git"
},
{
"lessThan": "c6db81c550cea0c73bd72ef55f579991e0e4ba07",
"status": "affected",
"version": "d5ecebc4900df7f6e8dff0717574668885110553",
"versionType": "git"
},
{
"lessThan": "803b3a39cb096d8718c0aebc03fd19f11c7dc919",
"status": "affected",
"version": "d5ecebc4900df7f6e8dff0717574668885110553",
"versionType": "git"
},
{
"lessThan": "c173d47b69f07cd7ca08efb4e458adbd4725d8e9",
"status": "affected",
"version": "d5ecebc4900df7f6e8dff0717574668885110553",
"versionType": "git"
},
{
"lessThan": "e2a8910af01653c1c268984855629d71fb81f404",
"status": "affected",
"version": "d5ecebc4900df7f6e8dff0717574668885110553",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/client/reparse.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.287",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.287",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.231",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix buffer overflow when parsing NFS reparse points\n\nReparseDataLength is sum of the InodeType size and DataBuffer size.\nSo to get DataBuffer size it is needed to subtract InodeType\u0027s size from\nReparseDataLength.\n\nFunction cifs_strndup_from_utf16() is currentlly accessing buf-\u003eDataBuffer\nat position after the end of the buffer because it does not subtract\nInodeType size from the length. Fix this problem and correctly subtract\nvariable len.\n\nMember InodeType is present only when reparse buffer is large enough. Check\nfor ReparseDataLength before accessing InodeType to prevent another invalid\nmemory access.\n\nMajor and minor rdev values are present also only when reparse buffer is\nlarge enough. Check for reparse buffer size before calling reparse_mkdev()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:43:17.347Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7b222d6cb87077faf56a687a72af1951cf78c8a9"
},
{
"url": "https://git.kernel.org/stable/c/73b078e3314d4854fd8286f3ba65c860ddd3a3dd"
},
{
"url": "https://git.kernel.org/stable/c/01cdddde39b065074fd48f07027757783cbf5b7d"
},
{
"url": "https://git.kernel.org/stable/c/ec79e6170bcae8a6036a4b6960f5e7e59a785601"
},
{
"url": "https://git.kernel.org/stable/c/c6db81c550cea0c73bd72ef55f579991e0e4ba07"
},
{
"url": "https://git.kernel.org/stable/c/803b3a39cb096d8718c0aebc03fd19f11c7dc919"
},
{
"url": "https://git.kernel.org/stable/c/c173d47b69f07cd7ca08efb4e458adbd4725d8e9"
},
{
"url": "https://git.kernel.org/stable/c/e2a8910af01653c1c268984855629d71fb81f404"
}
],
"title": "cifs: Fix buffer overflow when parsing NFS reparse points",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49996",
"datePublished": "2024-10-21T18:02:37.046Z",
"dateReserved": "2024-10-21T12:17:06.056Z",
"dateUpdated": "2025-11-03T20:42:50.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26852 (GCVE-0-2024-26852)
Vulnerability from cvelistv5 – Published: 2024-04-17 10:17 – Updated: 2025-05-04 08:57
VLAI?
EPSS
Title
net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
syzbot found another use-after-free in ip6_route_mpath_notify() [1]
Commit f7225172f25a ("net/ipv6: prevent use after free in
ip6_route_mpath_notify") was not able to fix the root cause.
We need to defer the fib6_info_release() calls after
ip6_route_mpath_notify(), in the cleanup phase.
[1]
BUG: KASAN: slab-use-after-free in rt6_fill_node+0x1460/0x1ac0
Read of size 4 at addr ffff88809a07fc64 by task syz-executor.2/23037
CPU: 0 PID: 23037 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-01035-gea7f3cfaa588 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:377 [inline]
print_report+0x167/0x540 mm/kasan/report.c:488
kasan_report+0x142/0x180 mm/kasan/report.c:601
rt6_fill_node+0x1460/0x1ac0
inet6_rt_notify+0x13b/0x290 net/ipv6/route.c:6184
ip6_route_mpath_notify net/ipv6/route.c:5198 [inline]
ip6_route_multipath_add net/ipv6/route.c:5404 [inline]
inet6_rtm_newroute+0x1d0f/0x2300 net/ipv6/route.c:5517
rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597
netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367
netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:745
____sys_sendmsg+0x525/0x7d0 net/socket.c:2584
___sys_sendmsg net/socket.c:2638 [inline]
__sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667
do_syscall_64+0xf9/0x240
entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7f73dd87dda9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f73de6550c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f73dd9ac050 RCX: 00007f73dd87dda9
RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005
RBP: 00007f73dd8ca47a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000006e R14: 00007f73dd9ac050 R15: 00007ffdbdeb7858
</TASK>
Allocated by task 23037:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:372 [inline]
__kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:389
kasan_kmalloc include/linux/kasan.h:211 [inline]
__do_kmalloc_node mm/slub.c:3981 [inline]
__kmalloc+0x22e/0x490 mm/slub.c:3994
kmalloc include/linux/slab.h:594 [inline]
kzalloc include/linux/slab.h:711 [inline]
fib6_info_alloc+0x2e/0xf0 net/ipv6/ip6_fib.c:155
ip6_route_info_create+0x445/0x12b0 net/ipv6/route.c:3758
ip6_route_multipath_add net/ipv6/route.c:5298 [inline]
inet6_rtm_newroute+0x744/0x2300 net/ipv6/route.c:5517
rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597
netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367
netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:745
____sys_sendmsg+0x525/0x7d0 net/socket.c:2584
___sys_sendmsg net/socket.c:2638 [inline]
__sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667
do_syscall_64+0xf9/0x240
entry_SYSCALL_64_after_hwframe+0x6f/0x77
Freed by task 16:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
kasan_save_free_info+0x4e/0x60 mm/kasan/generic.c:640
poison_slab_object+0xa6/0xe0 m
---truncated---
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
3b1137fe74829e021f483756a648cbb87c8a1b4a , < 31ea5bcc7d4cd1423de6be327a2c034725704136
(git)
Affected: 3b1137fe74829e021f483756a648cbb87c8a1b4a , < 664f9c647260cc9d68b4e31d9899530d89dd045e (git) Affected: 3b1137fe74829e021f483756a648cbb87c8a1b4a , < 79ce2e54cc0ae366f45516c00bf1b19aa43e9abe (git) Affected: 3b1137fe74829e021f483756a648cbb87c8a1b4a , < cae3303257950d03ffec2df4a45e836f10d26c24 (git) Affected: 3b1137fe74829e021f483756a648cbb87c8a1b4a , < 394334fe2ae3b9f1e2332b873857e84cb28aac18 (git) Affected: 3b1137fe74829e021f483756a648cbb87c8a1b4a , < ed883060c38721ed828061f6c0c30e5147326c9a (git) Affected: 3b1137fe74829e021f483756a648cbb87c8a1b4a , < 61b34f73cdbdb8eaf9ea12e9e2eb3b29716c4dda (git) Affected: 3b1137fe74829e021f483756a648cbb87c8a1b4a , < 685f7d531264599b3f167f1e94bbd22f120e5fab (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31ea5bcc7d4cd1423de6be327a2c034725704136"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/664f9c647260cc9d68b4e31d9899530d89dd045e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79ce2e54cc0ae366f45516c00bf1b19aa43e9abe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cae3303257950d03ffec2df4a45e836f10d26c24"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/394334fe2ae3b9f1e2332b873857e84cb28aac18"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed883060c38721ed828061f6c0c30e5147326c9a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/61b34f73cdbdb8eaf9ea12e9e2eb3b29716c4dda"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/685f7d531264599b3f167f1e94bbd22f120e5fab"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "31ea5bcc7d4c",
"status": "affected",
"version": "3b1137fe7482",
"versionType": "custom"
},
{
"lessThan": "664f9c647260",
"status": "affected",
"version": "3b1137fe7482",
"versionType": "custom"
},
{
"lessThan": "79ce2e54cc0a",
"status": "affected",
"version": "3b1137fe7482",
"versionType": "custom"
},
{
"lessThan": "cae330325795",
"status": "affected",
"version": "3b1137fe7482",
"versionType": "custom"
},
{
"lessThan": "394334fe2ae3",
"status": "affected",
"version": "3b1137fe7482",
"versionType": "custom"
},
{
"lessThan": "ed883060c387",
"status": "affected",
"version": "3b1137fe7482",
"versionType": "custom"
},
{
"lessThan": "61b34f73cdbd",
"status": "affected",
"version": "3b1137fe7482",
"versionType": "custom"
},
{
"lessThan": "685f7d531264",
"status": "affected",
"version": "3b1137fe7482",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.20",
"status": "unaffected",
"version": "4.19.310",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.5",
"status": "unaffected",
"version": "5.4.272",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.213",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.152",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.82",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.22",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8",
"status": "unaffected",
"version": "6.7.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26852",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-19T20:41:29.771297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T21:48:49.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "31ea5bcc7d4cd1423de6be327a2c034725704136",
"status": "affected",
"version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
"versionType": "git"
},
{
"lessThan": "664f9c647260cc9d68b4e31d9899530d89dd045e",
"status": "affected",
"version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
"versionType": "git"
},
{
"lessThan": "79ce2e54cc0ae366f45516c00bf1b19aa43e9abe",
"status": "affected",
"version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
"versionType": "git"
},
{
"lessThan": "cae3303257950d03ffec2df4a45e836f10d26c24",
"status": "affected",
"version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
"versionType": "git"
},
{
"lessThan": "394334fe2ae3b9f1e2332b873857e84cb28aac18",
"status": "affected",
"version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
"versionType": "git"
},
{
"lessThan": "ed883060c38721ed828061f6c0c30e5147326c9a",
"status": "affected",
"version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
"versionType": "git"
},
{
"lessThan": "61b34f73cdbdb8eaf9ea12e9e2eb3b29716c4dda",
"status": "affected",
"version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
"versionType": "git"
},
{
"lessThan": "685f7d531264599b3f167f1e94bbd22f120e5fab",
"status": "affected",
"version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.310",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.272",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.213",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.152",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.310",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.272",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.213",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.152",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.82",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.22",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.10",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/ipv6: avoid possible UAF in ip6_route_mpath_notify()\n\nsyzbot found another use-after-free in ip6_route_mpath_notify() [1]\n\nCommit f7225172f25a (\"net/ipv6: prevent use after free in\nip6_route_mpath_notify\") was not able to fix the root cause.\n\nWe need to defer the fib6_info_release() calls after\nip6_route_mpath_notify(), in the cleanup phase.\n\n[1]\nBUG: KASAN: slab-use-after-free in rt6_fill_node+0x1460/0x1ac0\nRead of size 4 at addr ffff88809a07fc64 by task syz-executor.2/23037\n\nCPU: 0 PID: 23037 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-01035-gea7f3cfaa588 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x167/0x540 mm/kasan/report.c:488\n kasan_report+0x142/0x180 mm/kasan/report.c:601\n rt6_fill_node+0x1460/0x1ac0\n inet6_rt_notify+0x13b/0x290 net/ipv6/route.c:6184\n ip6_route_mpath_notify net/ipv6/route.c:5198 [inline]\n ip6_route_multipath_add net/ipv6/route.c:5404 [inline]\n inet6_rtm_newroute+0x1d0f/0x2300 net/ipv6/route.c:5517\n rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367\n netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\nRIP: 0033:0x7f73dd87dda9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f73de6550c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f73dd9ac050 RCX: 00007f73dd87dda9\nRDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005\nRBP: 00007f73dd8ca47a R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000006e R14: 00007f73dd9ac050 R15: 00007ffdbdeb7858\n \u003c/TASK\u003e\n\nAllocated by task 23037:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:372 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:389\n kasan_kmalloc include/linux/kasan.h:211 [inline]\n __do_kmalloc_node mm/slub.c:3981 [inline]\n __kmalloc+0x22e/0x490 mm/slub.c:3994\n kmalloc include/linux/slab.h:594 [inline]\n kzalloc include/linux/slab.h:711 [inline]\n fib6_info_alloc+0x2e/0xf0 net/ipv6/ip6_fib.c:155\n ip6_route_info_create+0x445/0x12b0 net/ipv6/route.c:3758\n ip6_route_multipath_add net/ipv6/route.c:5298 [inline]\n inet6_rtm_newroute+0x744/0x2300 net/ipv6/route.c:5517\n rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367\n netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n\nFreed by task 16:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x4e/0x60 mm/kasan/generic.c:640\n poison_slab_object+0xa6/0xe0 m\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:58.505Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/31ea5bcc7d4cd1423de6be327a2c034725704136"
},
{
"url": "https://git.kernel.org/stable/c/664f9c647260cc9d68b4e31d9899530d89dd045e"
},
{
"url": "https://git.kernel.org/stable/c/79ce2e54cc0ae366f45516c00bf1b19aa43e9abe"
},
{
"url": "https://git.kernel.org/stable/c/cae3303257950d03ffec2df4a45e836f10d26c24"
},
{
"url": "https://git.kernel.org/stable/c/394334fe2ae3b9f1e2332b873857e84cb28aac18"
},
{
"url": "https://git.kernel.org/stable/c/ed883060c38721ed828061f6c0c30e5147326c9a"
},
{
"url": "https://git.kernel.org/stable/c/61b34f73cdbdb8eaf9ea12e9e2eb3b29716c4dda"
},
{
"url": "https://git.kernel.org/stable/c/685f7d531264599b3f167f1e94bbd22f120e5fab"
}
],
"title": "net/ipv6: avoid possible UAF in ip6_route_mpath_notify()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26852",
"datePublished": "2024-04-17T10:17:15.923Z",
"dateReserved": "2024-02-19T14:20:24.183Z",
"dateUpdated": "2025-05-04T08:57:58.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49027 (GCVE-0-2022-49027)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
iavf: Fix error handling in iavf_init_module()
Summary
In the Linux kernel, the following vulnerability has been resolved:
iavf: Fix error handling in iavf_init_module()
The iavf_init_module() won't destroy workqueue when pci_register_driver()
failed. Call destroy_workqueue() when pci_register_driver() failed to
prevent the resource leak.
Similar to the handling of u132_hcd_init in commit f276e002793c
("usb: u132-hcd: fix resource leak")
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
2803b16c10ea7eec170c485388f5f26ae30e92fe , < 971c55f0763b480e63ceb7a22beb19be2509e5ed
(git)
Affected: 2803b16c10ea7eec170c485388f5f26ae30e92fe , < 0d9f5bd54b913018031c5b964fc1f9a31f5f6cb5 (git) Affected: 2803b16c10ea7eec170c485388f5f26ae30e92fe , < bd477b891a4fa084561234eed4afacb3001dd359 (git) Affected: 2803b16c10ea7eec170c485388f5f26ae30e92fe , < 227d8d2f7f2278b8468c5531b0cd0f2a905b4486 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49027",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:11:47.379081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:36.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/iavf/iavf_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "971c55f0763b480e63ceb7a22beb19be2509e5ed",
"status": "affected",
"version": "2803b16c10ea7eec170c485388f5f26ae30e92fe",
"versionType": "git"
},
{
"lessThan": "0d9f5bd54b913018031c5b964fc1f9a31f5f6cb5",
"status": "affected",
"version": "2803b16c10ea7eec170c485388f5f26ae30e92fe",
"versionType": "git"
},
{
"lessThan": "bd477b891a4fa084561234eed4afacb3001dd359",
"status": "affected",
"version": "2803b16c10ea7eec170c485388f5f26ae30e92fe",
"versionType": "git"
},
{
"lessThan": "227d8d2f7f2278b8468c5531b0cd0f2a905b4486",
"status": "affected",
"version": "2803b16c10ea7eec170c485388f5f26ae30e92fe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/iavf/iavf_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.6"
},
{
"lessThan": "4.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix error handling in iavf_init_module()\n\nThe iavf_init_module() won\u0027t destroy workqueue when pci_register_driver()\nfailed. Call destroy_workqueue() when pci_register_driver() failed to\nprevent the resource leak.\n\nSimilar to the handling of u132_hcd_init in commit f276e002793c\n(\"usb: u132-hcd: fix resource leak\")"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:21.885Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/971c55f0763b480e63ceb7a22beb19be2509e5ed"
},
{
"url": "https://git.kernel.org/stable/c/0d9f5bd54b913018031c5b964fc1f9a31f5f6cb5"
},
{
"url": "https://git.kernel.org/stable/c/bd477b891a4fa084561234eed4afacb3001dd359"
},
{
"url": "https://git.kernel.org/stable/c/227d8d2f7f2278b8468c5531b0cd0f2a905b4486"
}
],
"title": "iavf: Fix error handling in iavf_init_module()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49027",
"datePublished": "2024-10-21T20:06:32.560Z",
"dateReserved": "2024-08-22T01:27:53.651Z",
"dateUpdated": "2025-05-04T08:28:21.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40954 (GCVE-0-2024-40954)
Vulnerability from cvelistv5 – Published: 2024-07-12 12:31 – Updated: 2025-11-03 21:58
VLAI?
EPSS
Title
net: do not leave a dangling sk pointer, when socket creation fails
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: do not leave a dangling sk pointer, when socket creation fails
It is possible to trigger a use-after-free by:
* attaching an fentry probe to __sock_release() and the probe calling the
bpf_get_socket_cookie() helper
* running traceroute -I 1.1.1.1 on a freshly booted VM
A KASAN enabled kernel will log something like below (decoded and stripped):
==================================================================
BUG: KASAN: slab-use-after-free in __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)
Read of size 8 at addr ffff888007110dd8 by task traceroute/299
CPU: 2 PID: 299 Comm: traceroute Tainted: G E 6.10.0-rc2+ #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl (lib/dump_stack.c:117 (discriminator 1))
print_report (mm/kasan/report.c:378 mm/kasan/report.c:488)
? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)
kasan_report (mm/kasan/report.c:603)
? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)
kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)
__sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)
bpf_get_socket_ptr_cookie (./arch/x86/include/asm/preempt.h:94 ./include/linux/sock_diag.h:42 net/core/filter.c:5094 net/core/filter.c:5092)
bpf_prog_875642cf11f1d139___sock_release+0x6e/0x8e
bpf_trampoline_6442506592+0x47/0xaf
__sock_release (net/socket.c:652)
__sock_create (net/socket.c:1601)
...
Allocated by task 299 on cpu 2 at 78.328492s:
kasan_save_stack (mm/kasan/common.c:48)
kasan_save_track (mm/kasan/common.c:68)
__kasan_slab_alloc (mm/kasan/common.c:312 mm/kasan/common.c:338)
kmem_cache_alloc_noprof (mm/slub.c:3941 mm/slub.c:4000 mm/slub.c:4007)
sk_prot_alloc (net/core/sock.c:2075)
sk_alloc (net/core/sock.c:2134)
inet_create (net/ipv4/af_inet.c:327 net/ipv4/af_inet.c:252)
__sock_create (net/socket.c:1572)
__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)
__x64_sys_socket (net/socket.c:1718)
do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
Freed by task 299 on cpu 2 at 78.328502s:
kasan_save_stack (mm/kasan/common.c:48)
kasan_save_track (mm/kasan/common.c:68)
kasan_save_free_info (mm/kasan/generic.c:582)
poison_slab_object (mm/kasan/common.c:242)
__kasan_slab_free (mm/kasan/common.c:256)
kmem_cache_free (mm/slub.c:4437 mm/slub.c:4511)
__sk_destruct (net/core/sock.c:2117 net/core/sock.c:2208)
inet_create (net/ipv4/af_inet.c:397 net/ipv4/af_inet.c:252)
__sock_create (net/socket.c:1572)
__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)
__x64_sys_socket (net/socket.c:1718)
do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
Fix this by clearing the struct socket reference in sk_common_release() to cover
all protocol families create functions, which may already attached the
reference to the sk object with sock_init_data().
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd , < 78e4aa528a7b1204219d808310524344f627d069
(git)
Affected: c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd , < 893eeba94c40d513cd0fe6539330ebdaea208c0e (git) Affected: c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd , < 454c454ed645fed051216b79622f7cb69c1638f5 (git) Affected: c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd , < 5dfe2408fd7dc4d2e7ac38a116ff0a37b1cfd3b9 (git) Affected: c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd , < 6cd4a78d962bebbaf8beb7d2ead3f34120e3f7b2 (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:58:18.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/78e4aa528a7b1204219d808310524344f627d069"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/893eeba94c40d513cd0fe6539330ebdaea208c0e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/454c454ed645fed051216b79622f7cb69c1638f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5dfe2408fd7dc4d2e7ac38a116ff0a37b1cfd3b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6cd4a78d962bebbaf8beb7d2ead3f34120e3f7b2"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:03:48.944366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:24.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/sock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "78e4aa528a7b1204219d808310524344f627d069",
"status": "affected",
"version": "c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd",
"versionType": "git"
},
{
"lessThan": "893eeba94c40d513cd0fe6539330ebdaea208c0e",
"status": "affected",
"version": "c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd",
"versionType": "git"
},
{
"lessThan": "454c454ed645fed051216b79622f7cb69c1638f5",
"status": "affected",
"version": "c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd",
"versionType": "git"
},
{
"lessThan": "5dfe2408fd7dc4d2e7ac38a116ff0a37b1cfd3b9",
"status": "affected",
"version": "c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd",
"versionType": "git"
},
{
"lessThan": "6cd4a78d962bebbaf8beb7d2ead3f34120e3f7b2",
"status": "affected",
"version": "c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/sock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.96",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.96",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.36",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.7",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not leave a dangling sk pointer, when socket creation fails\n\nIt is possible to trigger a use-after-free by:\n * attaching an fentry probe to __sock_release() and the probe calling the\n bpf_get_socket_cookie() helper\n * running traceroute -I 1.1.1.1 on a freshly booted VM\n\nA KASAN enabled kernel will log something like below (decoded and stripped):\n==================================================================\nBUG: KASAN: slab-use-after-free in __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nRead of size 8 at addr ffff888007110dd8 by task traceroute/299\n\nCPU: 2 PID: 299 Comm: traceroute Tainted: G E 6.10.0-rc2+ #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\ndump_stack_lvl (lib/dump_stack.c:117 (discriminator 1))\nprint_report (mm/kasan/report.c:378 mm/kasan/report.c:488)\n? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nkasan_report (mm/kasan/report.c:603)\n? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nkasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)\n__sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nbpf_get_socket_ptr_cookie (./arch/x86/include/asm/preempt.h:94 ./include/linux/sock_diag.h:42 net/core/filter.c:5094 net/core/filter.c:5092)\nbpf_prog_875642cf11f1d139___sock_release+0x6e/0x8e\nbpf_trampoline_6442506592+0x47/0xaf\n__sock_release (net/socket.c:652)\n__sock_create (net/socket.c:1601)\n...\nAllocated by task 299 on cpu 2 at 78.328492s:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (mm/kasan/common.c:68)\n__kasan_slab_alloc (mm/kasan/common.c:312 mm/kasan/common.c:338)\nkmem_cache_alloc_noprof (mm/slub.c:3941 mm/slub.c:4000 mm/slub.c:4007)\nsk_prot_alloc (net/core/sock.c:2075)\nsk_alloc (net/core/sock.c:2134)\ninet_create (net/ipv4/af_inet.c:327 net/ipv4/af_inet.c:252)\n__sock_create (net/socket.c:1572)\n__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)\n__x64_sys_socket (net/socket.c:1718)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFreed by task 299 on cpu 2 at 78.328502s:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (mm/kasan/common.c:68)\nkasan_save_free_info (mm/kasan/generic.c:582)\npoison_slab_object (mm/kasan/common.c:242)\n__kasan_slab_free (mm/kasan/common.c:256)\nkmem_cache_free (mm/slub.c:4437 mm/slub.c:4511)\n__sk_destruct (net/core/sock.c:2117 net/core/sock.c:2208)\ninet_create (net/ipv4/af_inet.c:397 net/ipv4/af_inet.c:252)\n__sock_create (net/socket.c:1572)\n__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)\n__x64_sys_socket (net/socket.c:1718)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFix this by clearing the struct socket reference in sk_common_release() to cover\nall protocol families create functions, which may already attached the\nreference to the sk object with sock_init_data()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:18:42.155Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/78e4aa528a7b1204219d808310524344f627d069"
},
{
"url": "https://git.kernel.org/stable/c/893eeba94c40d513cd0fe6539330ebdaea208c0e"
},
{
"url": "https://git.kernel.org/stable/c/454c454ed645fed051216b79622f7cb69c1638f5"
},
{
"url": "https://git.kernel.org/stable/c/5dfe2408fd7dc4d2e7ac38a116ff0a37b1cfd3b9"
},
{
"url": "https://git.kernel.org/stable/c/6cd4a78d962bebbaf8beb7d2ead3f34120e3f7b2"
}
],
"title": "net: do not leave a dangling sk pointer, when socket creation fails",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40954",
"datePublished": "2024-07-12T12:31:57.517Z",
"dateReserved": "2024-07-12T12:17:45.592Z",
"dateUpdated": "2025-11-03T21:58:18.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-42114 (GCVE-0-2024-42114)
Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-11-03 22:01
VLAI?
EPSS
Title
wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
syzbot is able to trigger softlockups, setting NL80211_ATTR_TXQ_QUANTUM
to 2^31.
We had a similar issue in sch_fq, fixed with commit
d9e15a273306 ("pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM")
watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [kworker/1:0:24]
Modules linked in:
irq event stamp: 131135
hardirqs last enabled at (131134): [<ffff80008ae8778c>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:85 [inline]
hardirqs last enabled at (131134): [<ffff80008ae8778c>] exit_to_kernel_mode+0xdc/0x10c arch/arm64/kernel/entry-common.c:95
hardirqs last disabled at (131135): [<ffff80008ae85378>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]
hardirqs last disabled at (131135): [<ffff80008ae85378>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551
softirqs last enabled at (125892): [<ffff80008907e82c>] neigh_hh_init net/core/neighbour.c:1538 [inline]
softirqs last enabled at (125892): [<ffff80008907e82c>] neigh_resolve_output+0x268/0x658 net/core/neighbour.c:1553
softirqs last disabled at (125896): [<ffff80008904166c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
CPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: mld mld_ifc_work
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __list_del include/linux/list.h:195 [inline]
pc : __list_del_entry include/linux/list.h:218 [inline]
pc : list_move_tail include/linux/list.h:310 [inline]
pc : fq_tin_dequeue include/net/fq_impl.h:112 [inline]
pc : ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854
lr : __list_del_entry include/linux/list.h:218 [inline]
lr : list_move_tail include/linux/list.h:310 [inline]
lr : fq_tin_dequeue include/net/fq_impl.h:112 [inline]
lr : ieee80211_tx_dequeue+0x67c/0x3b4c net/mac80211/tx.c:3854
sp : ffff800093d36700
x29: ffff800093d36a60 x28: ffff800093d36960 x27: dfff800000000000
x26: ffff0000d800ad50 x25: ffff0000d800abe0 x24: ffff0000d800abf0
x23: ffff0000e0032468 x22: ffff0000e00324d4 x21: ffff0000d800abf0
x20: ffff0000d800abf8 x19: ffff0000d800abf0 x18: ffff800093d363c0
x17: 000000000000d476 x16: ffff8000805519dc x15: ffff7000127a6cc8
x14: 1ffff000127a6cc8 x13: 0000000000000004 x12: ffffffffffffffff
x11: ffff7000127a6cc8 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff80009287aa08 x4 : 0000000000000008 x3 : ffff80008034c7fc
x2 : ffff0000e0032468 x1 : 00000000da0e46b8 x0 : ffff0000e0032470
Call trace:
__list_del include/linux/list.h:195 [inline]
__list_del_entry include/linux/list.h:218 [inline]
list_move_tail include/linux/list.h:310 [inline]
fq_tin_dequeue include/net/fq_impl.h:112 [inline]
ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854
wake_tx_push_queue net/mac80211/util.c:294 [inline]
ieee80211_handle_wake_tx_queue+0x118/0x274 net/mac80211/util.c:315
drv_wake_tx_queue net/mac80211/driver-ops.h:1350 [inline]
schedule_and_wake_txq net/mac80211/driver-ops.h:1357 [inline]
ieee80211_queue_skb+0x18e8/0x2244 net/mac80211/tx.c:1664
ieee80211_tx+0x260/0x400 net/mac80211/tx.c:1966
ieee80211_xmit+0x278/0x354 net/mac80211/tx.c:2062
__ieee80211_subif_start_xmit+0xab8/0x122c net/mac80211/tx.c:4338
ieee80211_subif_start_xmit+0xe0/0x438 net/mac80211/tx.c:4532
__netdev_start_xmit include/linux/netdevice.h:4903 [inline]
netdev_start_xmit include/linux/netdevice.h:4917 [inline]
xmit_one net/core/dev.c:3531 [inline]
dev_hard_start_xmit+0x27c/0x938 net/core/dev.c:3547
__dev_queue_xmit+0x1678/0x33fc net/core/dev.c:4341
dev_queue_xmit include/linux/netdevice.h:3091 [inline]
neigh_resolve_output+0x558/0x658 net/core/neighbour.c:1563
neigh_output include/net/neighbour.h:542 [inline]
ip6_fini
---truncated---
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
52539ca89f365d3db530535fbffa88a3cca4d2ec , < 80ac0cc9c0bef984e29637b1efa93d7214b42f53
(git)
Affected: 52539ca89f365d3db530535fbffa88a3cca4d2ec , < 33ac5a4eb3d4bea2146658f1b6d1fa86d62d2b22 (git) Affected: 52539ca89f365d3db530535fbffa88a3cca4d2ec , < 3fc06f6d142d2840735543216a60d0a8c345bdec (git) Affected: 52539ca89f365d3db530535fbffa88a3cca4d2ec , < 8a3ac7fb36962c34698f884bd697938054ff2afa (git) Affected: 52539ca89f365d3db530535fbffa88a3cca4d2ec , < e87c2f098f52aa2fe20258a5bb1738d6a74e9ed7 (git) Affected: 52539ca89f365d3db530535fbffa88a3cca4d2ec , < d1cba2ea8121e7fdbe1328cea782876b1dd80993 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:01:48.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e87c2f098f52aa2fe20258a5bb1738d6a74e9ed7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d1cba2ea8121e7fdbe1328cea782876b1dd80993"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42114",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:17:20.245237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:06.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/wireless/nl80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "80ac0cc9c0bef984e29637b1efa93d7214b42f53",
"status": "affected",
"version": "52539ca89f365d3db530535fbffa88a3cca4d2ec",
"versionType": "git"
},
{
"lessThan": "33ac5a4eb3d4bea2146658f1b6d1fa86d62d2b22",
"status": "affected",
"version": "52539ca89f365d3db530535fbffa88a3cca4d2ec",
"versionType": "git"
},
{
"lessThan": "3fc06f6d142d2840735543216a60d0a8c345bdec",
"status": "affected",
"version": "52539ca89f365d3db530535fbffa88a3cca4d2ec",
"versionType": "git"
},
{
"lessThan": "8a3ac7fb36962c34698f884bd697938054ff2afa",
"status": "affected",
"version": "52539ca89f365d3db530535fbffa88a3cca4d2ec",
"versionType": "git"
},
{
"lessThan": "e87c2f098f52aa2fe20258a5bb1738d6a74e9ed7",
"status": "affected",
"version": "52539ca89f365d3db530535fbffa88a3cca4d2ec",
"versionType": "git"
},
{
"lessThan": "d1cba2ea8121e7fdbe1328cea782876b1dd80993",
"status": "affected",
"version": "52539ca89f365d3db530535fbffa88a3cca4d2ec",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/wireless/nl80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.106",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.106",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.47",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values\n\nsyzbot is able to trigger softlockups, setting NL80211_ATTR_TXQ_QUANTUM\nto 2^31.\n\nWe had a similar issue in sch_fq, fixed with commit\nd9e15a273306 (\"pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM\")\n\nwatchdog: BUG: soft lockup - CPU#1 stuck for 26s! [kworker/1:0:24]\nModules linked in:\nirq event stamp: 131135\n hardirqs last enabled at (131134): [\u003cffff80008ae8778c\u003e] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:85 [inline]\n hardirqs last enabled at (131134): [\u003cffff80008ae8778c\u003e] exit_to_kernel_mode+0xdc/0x10c arch/arm64/kernel/entry-common.c:95\n hardirqs last disabled at (131135): [\u003cffff80008ae85378\u003e] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\n hardirqs last disabled at (131135): [\u003cffff80008ae85378\u003e] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\n softirqs last enabled at (125892): [\u003cffff80008907e82c\u003e] neigh_hh_init net/core/neighbour.c:1538 [inline]\n softirqs last enabled at (125892): [\u003cffff80008907e82c\u003e] neigh_resolve_output+0x268/0x658 net/core/neighbour.c:1553\n softirqs last disabled at (125896): [\u003cffff80008904166c\u003e] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19\nCPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nWorkqueue: mld mld_ifc_work\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __list_del include/linux/list.h:195 [inline]\n pc : __list_del_entry include/linux/list.h:218 [inline]\n pc : list_move_tail include/linux/list.h:310 [inline]\n pc : fq_tin_dequeue include/net/fq_impl.h:112 [inline]\n pc : ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854\n lr : __list_del_entry include/linux/list.h:218 [inline]\n lr : list_move_tail include/linux/list.h:310 [inline]\n lr : fq_tin_dequeue include/net/fq_impl.h:112 [inline]\n lr : ieee80211_tx_dequeue+0x67c/0x3b4c net/mac80211/tx.c:3854\nsp : ffff800093d36700\nx29: ffff800093d36a60 x28: ffff800093d36960 x27: dfff800000000000\nx26: ffff0000d800ad50 x25: ffff0000d800abe0 x24: ffff0000d800abf0\nx23: ffff0000e0032468 x22: ffff0000e00324d4 x21: ffff0000d800abf0\nx20: ffff0000d800abf8 x19: ffff0000d800abf0 x18: ffff800093d363c0\nx17: 000000000000d476 x16: ffff8000805519dc x15: ffff7000127a6cc8\nx14: 1ffff000127a6cc8 x13: 0000000000000004 x12: ffffffffffffffff\nx11: ffff7000127a6cc8 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffff80009287aa08 x4 : 0000000000000008 x3 : ffff80008034c7fc\nx2 : ffff0000e0032468 x1 : 00000000da0e46b8 x0 : ffff0000e0032470\nCall trace:\n __list_del include/linux/list.h:195 [inline]\n __list_del_entry include/linux/list.h:218 [inline]\n list_move_tail include/linux/list.h:310 [inline]\n fq_tin_dequeue include/net/fq_impl.h:112 [inline]\n ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854\n wake_tx_push_queue net/mac80211/util.c:294 [inline]\n ieee80211_handle_wake_tx_queue+0x118/0x274 net/mac80211/util.c:315\n drv_wake_tx_queue net/mac80211/driver-ops.h:1350 [inline]\n schedule_and_wake_txq net/mac80211/driver-ops.h:1357 [inline]\n ieee80211_queue_skb+0x18e8/0x2244 net/mac80211/tx.c:1664\n ieee80211_tx+0x260/0x400 net/mac80211/tx.c:1966\n ieee80211_xmit+0x278/0x354 net/mac80211/tx.c:2062\n __ieee80211_subif_start_xmit+0xab8/0x122c net/mac80211/tx.c:4338\n ieee80211_subif_start_xmit+0xe0/0x438 net/mac80211/tx.c:4532\n __netdev_start_xmit include/linux/netdevice.h:4903 [inline]\n netdev_start_xmit include/linux/netdevice.h:4917 [inline]\n xmit_one net/core/dev.c:3531 [inline]\n dev_hard_start_xmit+0x27c/0x938 net/core/dev.c:3547\n __dev_queue_xmit+0x1678/0x33fc net/core/dev.c:4341\n dev_queue_xmit include/linux/netdevice.h:3091 [inline]\n neigh_resolve_output+0x558/0x658 net/core/neighbour.c:1563\n neigh_output include/net/neighbour.h:542 [inline]\n ip6_fini\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:23:18.984Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/80ac0cc9c0bef984e29637b1efa93d7214b42f53"
},
{
"url": "https://git.kernel.org/stable/c/33ac5a4eb3d4bea2146658f1b6d1fa86d62d2b22"
},
{
"url": "https://git.kernel.org/stable/c/3fc06f6d142d2840735543216a60d0a8c345bdec"
},
{
"url": "https://git.kernel.org/stable/c/8a3ac7fb36962c34698f884bd697938054ff2afa"
},
{
"url": "https://git.kernel.org/stable/c/e87c2f098f52aa2fe20258a5bb1738d6a74e9ed7"
},
{
"url": "https://git.kernel.org/stable/c/d1cba2ea8121e7fdbe1328cea782876b1dd80993"
}
],
"title": "wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42114",
"datePublished": "2024-07-30T07:46:07.596Z",
"dateReserved": "2024-07-29T15:50:41.178Z",
"dateUpdated": "2025-11-03T22:01:48.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49877 (GCVE-0-2024-49877)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 22:22
VLAI?
EPSS
Title
ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
Summary
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
When doing cleanup, if flags without OCFS2_BH_READAHEAD, it may trigger
NULL pointer dereference in the following ocfs2_set_buffer_uptodate() if
bh is NULL.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
6c150df9c2e80b5cf86f5a0d98beb7390ad63bfc , < 190d98bcd61117a78fe185222d162180f061a6ca
(git)
Affected: cf76c78595ca87548ca5e45c862ac9e0949c4687 , < e68c8323355e8cedfbe0bec7d5a39009f61640b6 (git) Affected: cf76c78595ca87548ca5e45c862ac9e0949c4687 , < 61b84013e560382cbe7dd56758be3154d43a3988 (git) Affected: cf76c78595ca87548ca5e45c862ac9e0949c4687 , < df944dc46d06af65a75191183d52be017e6b9dbe (git) Affected: cf76c78595ca87548ca5e45c862ac9e0949c4687 , < 01cb2e751cc61ade454c9bc1aaa2eac1f8197112 (git) Affected: cf76c78595ca87548ca5e45c862ac9e0949c4687 , < d52c5652e7dcb7a0648bbb8642cc3e617070ab49 (git) Affected: cf76c78595ca87548ca5e45c862ac9e0949c4687 , < 46b1edf0536a5291a8ad2337f88c926214b209d9 (git) Affected: cf76c78595ca87548ca5e45c862ac9e0949c4687 , < 4846e72ab5a0726e49ad4188b9d9df091ae78c64 (git) Affected: cf76c78595ca87548ca5e45c862ac9e0949c4687 , < 33b525cef4cff49e216e4133cc48452e11c0391e (git) Affected: 01f93d5e36753fc4d06ec67f05ce78c9c6f2dd56 (git) Affected: 65cbd1279f4b999d56a838344a30642db24cd215 (git) Affected: 97e1db17bc1ef4c2e1789bc9323c7be44fba53f8 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49877",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:46:09.612488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:51.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:42.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/buffer_head_io.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "190d98bcd61117a78fe185222d162180f061a6ca",
"status": "affected",
"version": "6c150df9c2e80b5cf86f5a0d98beb7390ad63bfc",
"versionType": "git"
},
{
"lessThan": "e68c8323355e8cedfbe0bec7d5a39009f61640b6",
"status": "affected",
"version": "cf76c78595ca87548ca5e45c862ac9e0949c4687",
"versionType": "git"
},
{
"lessThan": "61b84013e560382cbe7dd56758be3154d43a3988",
"status": "affected",
"version": "cf76c78595ca87548ca5e45c862ac9e0949c4687",
"versionType": "git"
},
{
"lessThan": "df944dc46d06af65a75191183d52be017e6b9dbe",
"status": "affected",
"version": "cf76c78595ca87548ca5e45c862ac9e0949c4687",
"versionType": "git"
},
{
"lessThan": "01cb2e751cc61ade454c9bc1aaa2eac1f8197112",
"status": "affected",
"version": "cf76c78595ca87548ca5e45c862ac9e0949c4687",
"versionType": "git"
},
{
"lessThan": "d52c5652e7dcb7a0648bbb8642cc3e617070ab49",
"status": "affected",
"version": "cf76c78595ca87548ca5e45c862ac9e0949c4687",
"versionType": "git"
},
{
"lessThan": "46b1edf0536a5291a8ad2337f88c926214b209d9",
"status": "affected",
"version": "cf76c78595ca87548ca5e45c862ac9e0949c4687",
"versionType": "git"
},
{
"lessThan": "4846e72ab5a0726e49ad4188b9d9df091ae78c64",
"status": "affected",
"version": "cf76c78595ca87548ca5e45c862ac9e0949c4687",
"versionType": "git"
},
{
"lessThan": "33b525cef4cff49e216e4133cc48452e11c0391e",
"status": "affected",
"version": "cf76c78595ca87548ca5e45c862ac9e0949c4687",
"versionType": "git"
},
{
"status": "affected",
"version": "01f93d5e36753fc4d06ec67f05ce78c9c6f2dd56",
"versionType": "git"
},
{
"status": "affected",
"version": "65cbd1279f4b999d56a838344a30642db24cd215",
"versionType": "git"
},
{
"status": "affected",
"version": "97e1db17bc1ef4c2e1789bc9323c7be44fba53f8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/buffer_head_io.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.19.87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.157",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate\n\nWhen doing cleanup, if flags without OCFS2_BH_READAHEAD, it may trigger\nNULL pointer dereference in the following ocfs2_set_buffer_uptodate() if\nbh is NULL."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:59:10.237Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/190d98bcd61117a78fe185222d162180f061a6ca"
},
{
"url": "https://git.kernel.org/stable/c/e68c8323355e8cedfbe0bec7d5a39009f61640b6"
},
{
"url": "https://git.kernel.org/stable/c/61b84013e560382cbe7dd56758be3154d43a3988"
},
{
"url": "https://git.kernel.org/stable/c/df944dc46d06af65a75191183d52be017e6b9dbe"
},
{
"url": "https://git.kernel.org/stable/c/01cb2e751cc61ade454c9bc1aaa2eac1f8197112"
},
{
"url": "https://git.kernel.org/stable/c/d52c5652e7dcb7a0648bbb8642cc3e617070ab49"
},
{
"url": "https://git.kernel.org/stable/c/46b1edf0536a5291a8ad2337f88c926214b209d9"
},
{
"url": "https://git.kernel.org/stable/c/4846e72ab5a0726e49ad4188b9d9df091ae78c64"
},
{
"url": "https://git.kernel.org/stable/c/33b525cef4cff49e216e4133cc48452e11c0391e"
}
],
"title": "ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49877",
"datePublished": "2024-10-21T18:01:16.788Z",
"dateReserved": "2024-10-21T12:17:06.021Z",
"dateUpdated": "2025-11-03T22:22:42.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48789 (GCVE-0-2022-48789)
Vulnerability from cvelistv5 – Published: 2024-07-16 11:43 – Updated: 2025-07-11 17:19
VLAI?
EPSS
Title
nvme-tcp: fix possible use-after-free in transport error_recovery work
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvme-tcp: fix possible use-after-free in transport error_recovery work
While nvme_tcp_submit_async_event_work is checking the ctrl and queue
state before preparing the AER command and scheduling io_work, in order
to fully prevent a race where this check is not reliable the error
recovery work must flush async_event_work before continuing to destroy
the admin queue after setting the ctrl state to RESETTING such that
there is no race .submit_async_event and the error recovery handler
itself changing the ctrl state.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
3f2304f8c6d6ed97849057bd16fee99e434ca796 , < 61a26ffd5ad3ece456d74c4c79f7b5e3f440a141
(git)
Affected: 3f2304f8c6d6ed97849057bd16fee99e434ca796 , < e192184cf8bce8dd55d619f5611a2eaba996fa05 (git) Affected: 3f2304f8c6d6ed97849057bd16fee99e434ca796 , < 5e42fca37ccc76f39f73732661bd47254cad5982 (git) Affected: 3f2304f8c6d6ed97849057bd16fee99e434ca796 , < bb0d8fb35c4ff00a503c2c4dca4cce8d102a21c4 (git) Affected: 3f2304f8c6d6ed97849057bd16fee99e434ca796 , < ff9fc7ebf5c06de1ef72a69f9b1ab40af8b07f9e (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:25:01.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/61a26ffd5ad3ece456d74c4c79f7b5e3f440a141"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e192184cf8bce8dd55d619f5611a2eaba996fa05"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5e42fca37ccc76f39f73732661bd47254cad5982"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bb0d8fb35c4ff00a503c2c4dca4cce8d102a21c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ff9fc7ebf5c06de1ef72a69f9b1ab40af8b07f9e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:59:42.520787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:15.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/tcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "61a26ffd5ad3ece456d74c4c79f7b5e3f440a141",
"status": "affected",
"version": "3f2304f8c6d6ed97849057bd16fee99e434ca796",
"versionType": "git"
},
{
"lessThan": "e192184cf8bce8dd55d619f5611a2eaba996fa05",
"status": "affected",
"version": "3f2304f8c6d6ed97849057bd16fee99e434ca796",
"versionType": "git"
},
{
"lessThan": "5e42fca37ccc76f39f73732661bd47254cad5982",
"status": "affected",
"version": "3f2304f8c6d6ed97849057bd16fee99e434ca796",
"versionType": "git"
},
{
"lessThan": "bb0d8fb35c4ff00a503c2c4dca4cce8d102a21c4",
"status": "affected",
"version": "3f2304f8c6d6ed97849057bd16fee99e434ca796",
"versionType": "git"
},
{
"lessThan": "ff9fc7ebf5c06de1ef72a69f9b1ab40af8b07f9e",
"status": "affected",
"version": "3f2304f8c6d6ed97849057bd16fee99e434ca796",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/tcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.102",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.25",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.181",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.102",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.25",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.11",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix possible use-after-free in transport error_recovery work\n\nWhile nvme_tcp_submit_async_event_work is checking the ctrl and queue\nstate before preparing the AER command and scheduling io_work, in order\nto fully prevent a race where this check is not reliable the error\nrecovery work must flush async_event_work before continuing to destroy\nthe admin queue after setting the ctrl state to RESETTING such that\nthere is no race .submit_async_event and the error recovery handler\nitself changing the ctrl state."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:19:02.549Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/61a26ffd5ad3ece456d74c4c79f7b5e3f440a141"
},
{
"url": "https://git.kernel.org/stable/c/e192184cf8bce8dd55d619f5611a2eaba996fa05"
},
{
"url": "https://git.kernel.org/stable/c/5e42fca37ccc76f39f73732661bd47254cad5982"
},
{
"url": "https://git.kernel.org/stable/c/bb0d8fb35c4ff00a503c2c4dca4cce8d102a21c4"
},
{
"url": "https://git.kernel.org/stable/c/ff9fc7ebf5c06de1ef72a69f9b1ab40af8b07f9e"
}
],
"title": "nvme-tcp: fix possible use-after-free in transport error_recovery work",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48789",
"datePublished": "2024-07-16T11:43:45.894Z",
"dateReserved": "2024-07-16T11:38:08.892Z",
"dateUpdated": "2025-07-11T17:19:02.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52918 (GCVE-0-2023-52918)
Vulnerability from cvelistv5 – Published: 2024-10-22 07:37 – Updated: 2026-01-05 10:17
VLAI?
EPSS
Title
media: pci: cx23885: check cx23885_vdev_init() return
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: pci: cx23885: check cx23885_vdev_init() return
cx23885_vdev_init() can return a NULL pointer, but that pointer
is used in the next line without a check.
Add a NULL pointer check and go to the error unwind if it is NULL.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
e47f30b140333525ea682ec672641b470da1e599 , < 8e31b096e2e1949bc8f0be019c9ae70d414404c6
(git)
Affected: e47f30b140333525ea682ec672641b470da1e599 , < 199a42fc4c45e8b7f19efeb15dbc36889a599ac2 (git) Affected: e47f30b140333525ea682ec672641b470da1e599 , < e7385510e2550a9f8b6f3d5f33c5b894ab9ba976 (git) Affected: e47f30b140333525ea682ec672641b470da1e599 , < a5f1d30c51c485cec7a7de60205667c3ff86c303 (git) Affected: e47f30b140333525ea682ec672641b470da1e599 , < 06ee04a907d64ee3910fecedd05d7f1be4b1b70e (git) Affected: e47f30b140333525ea682ec672641b470da1e599 , < b1397fb4a779fca560c43d2acf6702d41b4a495b (git) Affected: e47f30b140333525ea682ec672641b470da1e599 , < 15126b916e39b0cb67026b0af3c014bfeb1f76b3 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:10:51.331784Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:35.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:50:35.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/pci/cx23885/cx23885-video.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8e31b096e2e1949bc8f0be019c9ae70d414404c6",
"status": "affected",
"version": "e47f30b140333525ea682ec672641b470da1e599",
"versionType": "git"
},
{
"lessThan": "199a42fc4c45e8b7f19efeb15dbc36889a599ac2",
"status": "affected",
"version": "e47f30b140333525ea682ec672641b470da1e599",
"versionType": "git"
},
{
"lessThan": "e7385510e2550a9f8b6f3d5f33c5b894ab9ba976",
"status": "affected",
"version": "e47f30b140333525ea682ec672641b470da1e599",
"versionType": "git"
},
{
"lessThan": "a5f1d30c51c485cec7a7de60205667c3ff86c303",
"status": "affected",
"version": "e47f30b140333525ea682ec672641b470da1e599",
"versionType": "git"
},
{
"lessThan": "06ee04a907d64ee3910fecedd05d7f1be4b1b70e",
"status": "affected",
"version": "e47f30b140333525ea682ec672641b470da1e599",
"versionType": "git"
},
{
"lessThan": "b1397fb4a779fca560c43d2acf6702d41b4a495b",
"status": "affected",
"version": "e47f30b140333525ea682ec672641b470da1e599",
"versionType": "git"
},
{
"lessThan": "15126b916e39b0cb67026b0af3c014bfeb1f76b3",
"status": "affected",
"version": "e47f30b140333525ea682ec672641b470da1e599",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/pci/cx23885/cx23885-video.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.25"
},
{
"lessThan": "2.6.25",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.321",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.321",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.283",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.225",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.48",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: cx23885: check cx23885_vdev_init() return\n\ncx23885_vdev_init() can return a NULL pointer, but that pointer\nis used in the next line without a check.\n\nAdd a NULL pointer check and go to the error unwind if it is NULL."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:17:56.468Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8e31b096e2e1949bc8f0be019c9ae70d414404c6"
},
{
"url": "https://git.kernel.org/stable/c/199a42fc4c45e8b7f19efeb15dbc36889a599ac2"
},
{
"url": "https://git.kernel.org/stable/c/e7385510e2550a9f8b6f3d5f33c5b894ab9ba976"
},
{
"url": "https://git.kernel.org/stable/c/a5f1d30c51c485cec7a7de60205667c3ff86c303"
},
{
"url": "https://git.kernel.org/stable/c/06ee04a907d64ee3910fecedd05d7f1be4b1b70e"
},
{
"url": "https://git.kernel.org/stable/c/b1397fb4a779fca560c43d2acf6702d41b4a495b"
},
{
"url": "https://git.kernel.org/stable/c/15126b916e39b0cb67026b0af3c014bfeb1f76b3"
}
],
"title": "media: pci: cx23885: check cx23885_vdev_init() return",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52918",
"datePublished": "2024-10-22T07:37:27.390Z",
"dateReserved": "2024-08-21T06:07:11.017Z",
"dateUpdated": "2026-01-05T10:17:56.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52800 (GCVE-0-2023-52800)
Vulnerability from cvelistv5 – Published: 2024-05-21 15:31 – Updated: 2025-05-04 07:43
VLAI?
EPSS
Title
wifi: ath11k: fix htt pktlog locking
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath11k: fix htt pktlog locking
The ath11k active pdevs are protected by RCU but the htt pktlog handling
code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a
read-side critical section.
Mark the code in question as an RCU read-side critical section to avoid
any potential use-after-free issues.
Compile tested only.
Severity ?
4.4 (Medium)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
d5c65159f2895379e11ca13f62feabe93278985d , < 03ed26935bebf6b6fd8a656490bf3dcc71b72679
(git)
Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 3a51e6b4da71fdfa43ec006d6abc020f3e22d14e (git) Affected: d5c65159f2895379e11ca13f62feabe93278985d , < e3199b3fac65c9f103055390b6fd07c5cffa5961 (git) Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 423762f021825b5e57c3d6f01ff96a9ff19cdcd8 (git) Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 69cede2a5a5f60e3f5602b901b52cb64edd2ea6c (git) Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 3f77c7d605b29df277d77e9ee75d96e7ad145d2d (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T17:43:54.246107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T19:04:08.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/03ed26935bebf6b6fd8a656490bf3dcc71b72679"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a51e6b4da71fdfa43ec006d6abc020f3e22d14e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3199b3fac65c9f103055390b6fd07c5cffa5961"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/423762f021825b5e57c3d6f01ff96a9ff19cdcd8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69cede2a5a5f60e3f5602b901b52cb64edd2ea6c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f77c7d605b29df277d77e9ee75d96e7ad145d2d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath11k/dp_rx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "03ed26935bebf6b6fd8a656490bf3dcc71b72679",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "3a51e6b4da71fdfa43ec006d6abc020f3e22d14e",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "e3199b3fac65c9f103055390b6fd07c5cffa5961",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "423762f021825b5e57c3d6f01ff96a9ff19cdcd8",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "69cede2a5a5f60e3f5602b901b52cb64edd2ea6c",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "3f77c7d605b29df277d77e9ee75d96e7ad145d2d",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath11k/dp_rx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix htt pktlog locking\n\nThe ath11k active pdevs are protected by RCU but the htt pktlog handling\ncode calling ath11k_mac_get_ar_by_pdev_id() was not marked as a\nread-side critical section.\n\nMark the code in question as an RCU read-side critical section to avoid\nany potential use-after-free issues.\n\nCompile tested only."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:26.509Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/03ed26935bebf6b6fd8a656490bf3dcc71b72679"
},
{
"url": "https://git.kernel.org/stable/c/3a51e6b4da71fdfa43ec006d6abc020f3e22d14e"
},
{
"url": "https://git.kernel.org/stable/c/e3199b3fac65c9f103055390b6fd07c5cffa5961"
},
{
"url": "https://git.kernel.org/stable/c/423762f021825b5e57c3d6f01ff96a9ff19cdcd8"
},
{
"url": "https://git.kernel.org/stable/c/69cede2a5a5f60e3f5602b901b52cb64edd2ea6c"
},
{
"url": "https://git.kernel.org/stable/c/3f77c7d605b29df277d77e9ee75d96e7ad145d2d"
}
],
"title": "wifi: ath11k: fix htt pktlog locking",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52800",
"datePublished": "2024-05-21T15:31:13.033Z",
"dateReserved": "2024-05-21T15:19:24.247Z",
"dateUpdated": "2025-05-04T07:43:26.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49851 (GCVE-0-2024-49851)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:18 – Updated: 2025-11-03 22:22
VLAI?
EPSS
Title
tpm: Clean up TPM space after command failure
Summary
In the Linux kernel, the following vulnerability has been resolved:
tpm: Clean up TPM space after command failure
tpm_dev_transmit prepares the TPM space before attempting command
transmission. However if the command fails no rollback of this
preparation is done. This can result in transient handles being leaked
if the device is subsequently closed with no further commands performed.
Fix this by flushing the space in the event of command transmission
failure.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
745b361e989af21ad40811c2586b60229f870a68 , < 87e8134c18977b566f4ec248c8a147244da69402
(git)
Affected: 745b361e989af21ad40811c2586b60229f870a68 , < 2c9b228938e9266a1065a3f4fe5c99b7235dc439 (git) Affected: 745b361e989af21ad40811c2586b60229f870a68 , < ebc4e1f4492d114f9693950621b3ea42b2f82bec (git) Affected: 745b361e989af21ad40811c2586b60229f870a68 , < c84ceb546f30432fccea4891163f7050f5bee5dd (git) Affected: 745b361e989af21ad40811c2586b60229f870a68 , < 82478cb8a23bd4f97935bbe60d64528c6d9918b4 (git) Affected: 745b361e989af21ad40811c2586b60229f870a68 , < adf4ce162561222338cf2c9a2caa294527f7f721 (git) Affected: 745b361e989af21ad40811c2586b60229f870a68 , < 3f9f72d843c92fb6f4ff7460d774413cde7f254c (git) Affected: 745b361e989af21ad40811c2586b60229f870a68 , < e3aaebcbb7c6b403416f442d1de70d437ce313a7 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T12:56:54.610460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:04:11.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:18.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/char/tpm/tpm-dev-common.c",
"drivers/char/tpm/tpm2-space.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "87e8134c18977b566f4ec248c8a147244da69402",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
},
{
"lessThan": "2c9b228938e9266a1065a3f4fe5c99b7235dc439",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
},
{
"lessThan": "ebc4e1f4492d114f9693950621b3ea42b2f82bec",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
},
{
"lessThan": "c84ceb546f30432fccea4891163f7050f5bee5dd",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
},
{
"lessThan": "82478cb8a23bd4f97935bbe60d64528c6d9918b4",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
},
{
"lessThan": "adf4ce162561222338cf2c9a2caa294527f7f721",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
},
{
"lessThan": "3f9f72d843c92fb6f4ff7460d774413cde7f254c",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
},
{
"lessThan": "e3aaebcbb7c6b403416f442d1de70d437ce313a7",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/char/tpm/tpm-dev-common.c",
"drivers/char/tpm/tpm2-space.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Clean up TPM space after command failure\n\ntpm_dev_transmit prepares the TPM space before attempting command\ntransmission. However if the command fails no rollback of this\npreparation is done. This can result in transient handles being leaked\nif the device is subsequently closed with no further commands performed.\n\nFix this by flushing the space in the event of command transmission\nfailure."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:39:31.728Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/87e8134c18977b566f4ec248c8a147244da69402"
},
{
"url": "https://git.kernel.org/stable/c/2c9b228938e9266a1065a3f4fe5c99b7235dc439"
},
{
"url": "https://git.kernel.org/stable/c/ebc4e1f4492d114f9693950621b3ea42b2f82bec"
},
{
"url": "https://git.kernel.org/stable/c/c84ceb546f30432fccea4891163f7050f5bee5dd"
},
{
"url": "https://git.kernel.org/stable/c/82478cb8a23bd4f97935bbe60d64528c6d9918b4"
},
{
"url": "https://git.kernel.org/stable/c/adf4ce162561222338cf2c9a2caa294527f7f721"
},
{
"url": "https://git.kernel.org/stable/c/3f9f72d843c92fb6f4ff7460d774413cde7f254c"
},
{
"url": "https://git.kernel.org/stable/c/e3aaebcbb7c6b403416f442d1de70d437ce313a7"
}
],
"title": "tpm: Clean up TPM space after command failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49851",
"datePublished": "2024-10-21T12:18:44.742Z",
"dateReserved": "2024-10-21T12:17:06.015Z",
"dateUpdated": "2025-11-03T22:22:18.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50035 (GCVE-0-2024-50035)
Vulnerability from cvelistv5 – Published: 2024-10-21 19:39 – Updated: 2025-11-03 22:24
VLAI?
EPSS
Title
ppp: fix ppp_async_encode() illegal access
Summary
In the Linux kernel, the following vulnerability has been resolved:
ppp: fix ppp_async_encode() illegal access
syzbot reported an issue in ppp_async_encode() [1]
In this case, pppoe_sendmsg() is called with a zero size.
Then ppp_async_encode() is called with an empty skb.
BUG: KMSAN: uninit-value in ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]
BUG: KMSAN: uninit-value in ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675
ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]
ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675
ppp_async_send+0x130/0x1b0 drivers/net/ppp/ppp_async.c:634
ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2280 [inline]
ppp_input+0x1f1/0xe60 drivers/net/ppp/ppp_generic.c:2304
pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379
sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113
__release_sock+0x1da/0x330 net/core/sock.c:3072
release_sock+0x6b/0x250 net/core/sock.c:3626
pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903
sock_sendmsg_nosec net/socket.c:729 [inline]
__sock_sendmsg+0x30f/0x380 net/socket.c:744
____sys_sendmsg+0x903/0xb60 net/socket.c:2602
___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656
__sys_sendmmsg+0x3c1/0x960 net/socket.c:2742
__do_sys_sendmmsg net/socket.c:2771 [inline]
__se_sys_sendmmsg net/socket.c:2768 [inline]
__x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768
x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was created at:
slab_post_alloc_hook mm/slub.c:4092 [inline]
slab_alloc_node mm/slub.c:4135 [inline]
kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4187
kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587
__alloc_skb+0x363/0x7b0 net/core/skbuff.c:678
alloc_skb include/linux/skbuff.h:1322 [inline]
sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732
pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867
sock_sendmsg_nosec net/socket.c:729 [inline]
__sock_sendmsg+0x30f/0x380 net/socket.c:744
____sys_sendmsg+0x903/0xb60 net/socket.c:2602
___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656
__sys_sendmmsg+0x3c1/0x960 net/socket.c:2742
__do_sys_sendmmsg net/socket.c:2771 [inline]
__se_sys_sendmmsg net/socket.c:2768 [inline]
__x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768
x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
CPU: 1 UID: 0 PID: 5411 Comm: syz.1.14 Not tainted 6.12.0-rc1-syzkaller-00165-g360c1f1f24c6 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 4151ec65abd755133ebec687218fadd2d2631167
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8dfe93901b410ae41264087427f3b9f389388f83 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 30d91a478d58cbae3dbaa8224d17d0d839f0d71b (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < fadf8fdb3110d3138e05c3765f645535434f8d76 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ce249a4c68d0ce27a8c5d853338d502e2711a314 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8fe992ff3df493d1949922ca234419f3ede08dff (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c007a14797240607038bd3464501109f408940e2 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 40dddd4b8bd08a69471efd96107a4e1c73fabefc (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50035",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:25:33.483652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:45.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:24:40.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ppp/ppp_async.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4151ec65abd755133ebec687218fadd2d2631167",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8dfe93901b410ae41264087427f3b9f389388f83",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "30d91a478d58cbae3dbaa8224d17d0d839f0d71b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fadf8fdb3110d3138e05c3765f645535434f8d76",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ce249a4c68d0ce27a8c5d853338d502e2711a314",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8fe992ff3df493d1949922ca234419f3ede08dff",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c007a14797240607038bd3464501109f408940e2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "40dddd4b8bd08a69471efd96107a4e1c73fabefc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ppp/ppp_async.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.57",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.57",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.4",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix ppp_async_encode() illegal access\n\nsyzbot reported an issue in ppp_async_encode() [1]\n\nIn this case, pppoe_sendmsg() is called with a zero size.\nThen ppp_async_encode() is called with an empty skb.\n\nBUG: KMSAN: uninit-value in ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\n BUG: KMSAN: uninit-value in ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\n ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\n ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\n ppp_async_send+0x130/0x1b0 drivers/net/ppp/ppp_async.c:634\n ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2280 [inline]\n ppp_input+0x1f1/0xe60 drivers/net/ppp/ppp_generic.c:2304\n pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\n __release_sock+0x1da/0x330 net/core/sock.c:3072\n release_sock+0x6b/0x250 net/core/sock.c:3626\n pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4092 [inline]\n slab_alloc_node mm/slub.c:4135 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4187\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1322 [inline]\n sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\n pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 1 UID: 0 PID: 5411 Comm: syz.1.14 Not tainted 6.12.0-rc1-syzkaller-00165-g360c1f1f24c6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:44:20.167Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4151ec65abd755133ebec687218fadd2d2631167"
},
{
"url": "https://git.kernel.org/stable/c/8dfe93901b410ae41264087427f3b9f389388f83"
},
{
"url": "https://git.kernel.org/stable/c/30d91a478d58cbae3dbaa8224d17d0d839f0d71b"
},
{
"url": "https://git.kernel.org/stable/c/fadf8fdb3110d3138e05c3765f645535434f8d76"
},
{
"url": "https://git.kernel.org/stable/c/ce249a4c68d0ce27a8c5d853338d502e2711a314"
},
{
"url": "https://git.kernel.org/stable/c/8fe992ff3df493d1949922ca234419f3ede08dff"
},
{
"url": "https://git.kernel.org/stable/c/c007a14797240607038bd3464501109f408940e2"
},
{
"url": "https://git.kernel.org/stable/c/40dddd4b8bd08a69471efd96107a4e1c73fabefc"
}
],
"title": "ppp: fix ppp_async_encode() illegal access",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50035",
"datePublished": "2024-10-21T19:39:36.460Z",
"dateReserved": "2024-10-21T12:17:06.070Z",
"dateUpdated": "2025-11-03T22:24:40.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50208 (GCVE-0-2024-50208)
Vulnerability from cvelistv5 – Published: 2024-11-08 06:07 – Updated: 2025-11-03 22:27
VLAI?
EPSS
Title
RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
Avoid memory corruption while setting up Level-2 PBL pages for the non MR
resources when num_pages > 256K.
There will be a single PDE page address (contiguous pages in the case of >
PAGE_SIZE), but, current logic assumes multiple pages, leading to invalid
memory access after 256K PBL entries in the PDE.
Severity ?
5.5 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
0c4dcd602817502bb3dced7a834a13ef717d65a4 , < df6fed0a2a1a5e57f033bca40dc316b18e0d0ce6
(git)
Affected: 0c4dcd602817502bb3dced7a834a13ef717d65a4 , < de5857fa7bcc9a496a914c7e21390be873109f26 (git) Affected: 0c4dcd602817502bb3dced7a834a13ef717d65a4 , < ea701c1849e7250ea41a4f7493e0a5f136c1d47e (git) Affected: 0c4dcd602817502bb3dced7a834a13ef717d65a4 , < 87cb3b0054e53e0155b630bdf8fb714ded62565f (git) Affected: 0c4dcd602817502bb3dced7a834a13ef717d65a4 , < daac56dd98e1ba814c878ac0acd482a37f2ab94b (git) Affected: 0c4dcd602817502bb3dced7a834a13ef717d65a4 , < 7988bdbbb85ac85a847baf09879edcd0f70521dc (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:17:28.760065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:27:06.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:02.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/bnxt_re/qplib_res.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "df6fed0a2a1a5e57f033bca40dc316b18e0d0ce6",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
},
{
"lessThan": "de5857fa7bcc9a496a914c7e21390be873109f26",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
},
{
"lessThan": "ea701c1849e7250ea41a4f7493e0a5f136c1d47e",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
},
{
"lessThan": "87cb3b0054e53e0155b630bdf8fb714ded62565f",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
},
{
"lessThan": "daac56dd98e1ba814c878ac0acd482a37f2ab94b",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
},
{
"lessThan": "7988bdbbb85ac85a847baf09879edcd0f70521dc",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/bnxt_re/qplib_res.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.170",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.115",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.59",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.229",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.170",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.115",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.59",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.6",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages\n\nAvoid memory corruption while setting up Level-2 PBL pages for the non MR\nresources when num_pages \u003e 256K.\n\nThere will be a single PDE page address (contiguous pages in the case of \u003e\nPAGE_SIZE), but, current logic assumes multiple pages, leading to invalid\nmemory access after 256K PBL entries in the PDE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:48:46.007Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/df6fed0a2a1a5e57f033bca40dc316b18e0d0ce6"
},
{
"url": "https://git.kernel.org/stable/c/de5857fa7bcc9a496a914c7e21390be873109f26"
},
{
"url": "https://git.kernel.org/stable/c/ea701c1849e7250ea41a4f7493e0a5f136c1d47e"
},
{
"url": "https://git.kernel.org/stable/c/87cb3b0054e53e0155b630bdf8fb714ded62565f"
},
{
"url": "https://git.kernel.org/stable/c/daac56dd98e1ba814c878ac0acd482a37f2ab94b"
},
{
"url": "https://git.kernel.org/stable/c/7988bdbbb85ac85a847baf09879edcd0f70521dc"
}
],
"title": "RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50208",
"datePublished": "2024-11-08T06:07:58.607Z",
"dateReserved": "2024-10-21T19:36:19.970Z",
"dateUpdated": "2025-11-03T22:27:02.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48995 (GCVE-0-2022-48995)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send()
Summary
In the Linux kernel, the following vulnerability has been resolved:
Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send()
There is a kmemleak when test the raydium_i2c_ts with bpf mock device:
unreferenced object 0xffff88812d3675a0 (size 8):
comm "python3", pid 349, jiffies 4294741067 (age 95.695s)
hex dump (first 8 bytes):
11 0e 10 c0 01 00 04 00 ........
backtrace:
[<0000000068427125>] __kmalloc+0x46/0x1b0
[<0000000090180f91>] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts]
[<000000006e631aee>] raydium_i2c_initialize.cold+0xbc/0x3e4 [raydium_i2c_ts]
[<00000000dc6fcf38>] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts]
[<00000000a310de16>] i2c_device_probe+0x651/0x680
[<00000000f5a96bf3>] really_probe+0x17c/0x3f0
[<00000000096ba499>] __driver_probe_device+0xe3/0x170
[<00000000c5acb4d9>] driver_probe_device+0x49/0x120
[<00000000264fe082>] __device_attach_driver+0xf7/0x150
[<00000000f919423c>] bus_for_each_drv+0x114/0x180
[<00000000e067feca>] __device_attach+0x1e5/0x2d0
[<0000000054301fc2>] bus_probe_device+0x126/0x140
[<00000000aad93b22>] device_add+0x810/0x1130
[<00000000c086a53f>] i2c_new_client_device+0x352/0x4e0
[<000000003c2c248c>] of_i2c_register_device+0xf1/0x110
[<00000000ffec4177>] of_i2c_notify+0x100/0x160
unreferenced object 0xffff88812d3675c8 (size 8):
comm "python3", pid 349, jiffies 4294741070 (age 95.692s)
hex dump (first 8 bytes):
22 00 36 2d 81 88 ff ff ".6-....
backtrace:
[<0000000068427125>] __kmalloc+0x46/0x1b0
[<0000000090180f91>] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts]
[<000000001d5c9620>] raydium_i2c_initialize.cold+0x223/0x3e4 [raydium_i2c_ts]
[<00000000dc6fcf38>] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts]
[<00000000a310de16>] i2c_device_probe+0x651/0x680
[<00000000f5a96bf3>] really_probe+0x17c/0x3f0
[<00000000096ba499>] __driver_probe_device+0xe3/0x170
[<00000000c5acb4d9>] driver_probe_device+0x49/0x120
[<00000000264fe082>] __device_attach_driver+0xf7/0x150
[<00000000f919423c>] bus_for_each_drv+0x114/0x180
[<00000000e067feca>] __device_attach+0x1e5/0x2d0
[<0000000054301fc2>] bus_probe_device+0x126/0x140
[<00000000aad93b22>] device_add+0x810/0x1130
[<00000000c086a53f>] i2c_new_client_device+0x352/0x4e0
[<000000003c2c248c>] of_i2c_register_device+0xf1/0x110
[<00000000ffec4177>] of_i2c_notify+0x100/0x160
After BANK_SWITCH command from i2c BUS, no matter success or error
happened, the tx_buf should be freed.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2a , < a82869ac52f3d9db4b2cf8fd41edc2dee7a75a61
(git)
Affected: 3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2a , < 53b9b1201e34ccc895971218559123625c56fbcd (git) Affected: 3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2a , < 097c1c7a28e3da8f2811ba532be6e81faab15aab (git) Affected: 3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2a , < 8c9a59939deb4bfafdc451100c03d1e848b4169b (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:15:57.179359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:41.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/input/touchscreen/raydium_i2c_ts.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a82869ac52f3d9db4b2cf8fd41edc2dee7a75a61",
"status": "affected",
"version": "3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2a",
"versionType": "git"
},
{
"lessThan": "53b9b1201e34ccc895971218559123625c56fbcd",
"status": "affected",
"version": "3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2a",
"versionType": "git"
},
{
"lessThan": "097c1c7a28e3da8f2811ba532be6e81faab15aab",
"status": "affected",
"version": "3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2a",
"versionType": "git"
},
{
"lessThan": "8c9a59939deb4bfafdc451100c03d1e848b4169b",
"status": "affected",
"version": "3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/input/touchscreen/raydium_i2c_ts.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: raydium_ts_i2c - fix memory leak in raydium_i2c_send()\n\nThere is a kmemleak when test the raydium_i2c_ts with bpf mock device:\n\n unreferenced object 0xffff88812d3675a0 (size 8):\n comm \"python3\", pid 349, jiffies 4294741067 (age 95.695s)\n hex dump (first 8 bytes):\n 11 0e 10 c0 01 00 04 00 ........\n backtrace:\n [\u003c0000000068427125\u003e] __kmalloc+0x46/0x1b0\n [\u003c0000000090180f91\u003e] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts]\n [\u003c000000006e631aee\u003e] raydium_i2c_initialize.cold+0xbc/0x3e4 [raydium_i2c_ts]\n [\u003c00000000dc6fcf38\u003e] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts]\n [\u003c00000000a310de16\u003e] i2c_device_probe+0x651/0x680\n [\u003c00000000f5a96bf3\u003e] really_probe+0x17c/0x3f0\n [\u003c00000000096ba499\u003e] __driver_probe_device+0xe3/0x170\n [\u003c00000000c5acb4d9\u003e] driver_probe_device+0x49/0x120\n [\u003c00000000264fe082\u003e] __device_attach_driver+0xf7/0x150\n [\u003c00000000f919423c\u003e] bus_for_each_drv+0x114/0x180\n [\u003c00000000e067feca\u003e] __device_attach+0x1e5/0x2d0\n [\u003c0000000054301fc2\u003e] bus_probe_device+0x126/0x140\n [\u003c00000000aad93b22\u003e] device_add+0x810/0x1130\n [\u003c00000000c086a53f\u003e] i2c_new_client_device+0x352/0x4e0\n [\u003c000000003c2c248c\u003e] of_i2c_register_device+0xf1/0x110\n [\u003c00000000ffec4177\u003e] of_i2c_notify+0x100/0x160\n unreferenced object 0xffff88812d3675c8 (size 8):\n comm \"python3\", pid 349, jiffies 4294741070 (age 95.692s)\n hex dump (first 8 bytes):\n 22 00 36 2d 81 88 ff ff \".6-....\n backtrace:\n [\u003c0000000068427125\u003e] __kmalloc+0x46/0x1b0\n [\u003c0000000090180f91\u003e] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts]\n [\u003c000000001d5c9620\u003e] raydium_i2c_initialize.cold+0x223/0x3e4 [raydium_i2c_ts]\n [\u003c00000000dc6fcf38\u003e] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts]\n [\u003c00000000a310de16\u003e] i2c_device_probe+0x651/0x680\n [\u003c00000000f5a96bf3\u003e] really_probe+0x17c/0x3f0\n [\u003c00000000096ba499\u003e] __driver_probe_device+0xe3/0x170\n [\u003c00000000c5acb4d9\u003e] driver_probe_device+0x49/0x120\n [\u003c00000000264fe082\u003e] __device_attach_driver+0xf7/0x150\n [\u003c00000000f919423c\u003e] bus_for_each_drv+0x114/0x180\n [\u003c00000000e067feca\u003e] __device_attach+0x1e5/0x2d0\n [\u003c0000000054301fc2\u003e] bus_probe_device+0x126/0x140\n [\u003c00000000aad93b22\u003e] device_add+0x810/0x1130\n [\u003c00000000c086a53f\u003e] i2c_new_client_device+0x352/0x4e0\n [\u003c000000003c2c248c\u003e] of_i2c_register_device+0xf1/0x110\n [\u003c00000000ffec4177\u003e] of_i2c_notify+0x100/0x160\n\nAfter BANK_SWITCH command from i2c BUS, no matter success or error\nhappened, the tx_buf should be freed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:42.251Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a82869ac52f3d9db4b2cf8fd41edc2dee7a75a61"
},
{
"url": "https://git.kernel.org/stable/c/53b9b1201e34ccc895971218559123625c56fbcd"
},
{
"url": "https://git.kernel.org/stable/c/097c1c7a28e3da8f2811ba532be6e81faab15aab"
},
{
"url": "https://git.kernel.org/stable/c/8c9a59939deb4bfafdc451100c03d1e848b4169b"
}
],
"title": "Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48995",
"datePublished": "2024-10-21T20:06:11.482Z",
"dateReserved": "2024-08-22T01:27:53.637Z",
"dateUpdated": "2025-05-04T08:27:42.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41082 (GCVE-0-2024-41082)
Vulnerability from cvelistv5 – Published: 2024-07-29 15:04 – Updated: 2026-01-05 10:37
VLAI?
EPSS
Title
nvme-fabrics: use reserved tag for reg read/write command
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvme-fabrics: use reserved tag for reg read/write command
In some scenarios, if too many commands are issued by nvme command in
the same time by user tasks, this may exhaust all tags of admin_q. If
a reset (nvme reset or IO timeout) occurs before these commands finish,
reconnect routine may fail to update nvme regs due to insufficient tags,
which will cause kernel hang forever. In order to workaround this issue,
maybe we can let reg_read32()/reg_read64()/reg_write32() use reserved
tags. This maybe safe for nvmf:
1. For the disable ctrl path, we will not issue connect command
2. For the enable ctrl / fw activate path, since connect and reg_xx()
are called serially.
So the reserved tags may still be enough while reg_xx() use reserved tags.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/165da9c67a26f08c9b956c15d701da7690f45bcb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:21:02.205379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:09.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/fabrics.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "165da9c67a26f08c9b956c15d701da7690f45bcb",
"status": "affected",
"version": "e7832cb48a654cd12b2bc9181b2f0ad49d526ac6",
"versionType": "git"
},
{
"lessThan": "7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa",
"status": "affected",
"version": "e7832cb48a654cd12b2bc9181b2f0ad49d526ac6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/fabrics.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fabrics: use reserved tag for reg read/write command\n\nIn some scenarios, if too many commands are issued by nvme command in\nthe same time by user tasks, this may exhaust all tags of admin_q. If\na reset (nvme reset or IO timeout) occurs before these commands finish,\nreconnect routine may fail to update nvme regs due to insufficient tags,\nwhich will cause kernel hang forever. In order to workaround this issue,\nmaybe we can let reg_read32()/reg_read64()/reg_write32() use reserved\ntags. This maybe safe for nvmf:\n\n1. For the disable ctrl path, we will not issue connect command\n2. For the enable ctrl / fw activate path, since connect and reg_xx()\n are called serially.\n\nSo the reserved tags may still be enough while reg_xx() use reserved tags."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:37:45.950Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/165da9c67a26f08c9b956c15d701da7690f45bcb"
},
{
"url": "https://git.kernel.org/stable/c/7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa"
}
],
"title": "nvme-fabrics: use reserved tag for reg read/write command",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41082",
"datePublished": "2024-07-29T15:04:19.372Z",
"dateReserved": "2024-07-12T12:17:45.633Z",
"dateUpdated": "2026-01-05T10:37:45.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46849 (GCVE-0-2024-46849)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:42 – Updated: 2025-11-03 22:19
VLAI?
EPSS
Title
ASoC: meson: axg-card: fix 'use-after-free'
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: meson: axg-card: fix 'use-after-free'
Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',
so move 'pad' pointer initialization after this function when memory is
already reallocated.
Kasan bug report:
==================================================================
BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc
Read of size 8 at addr ffff000000e8b260 by task modprobe/356
CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1
Call trace:
dump_backtrace+0x94/0xec
show_stack+0x18/0x24
dump_stack_lvl+0x78/0x90
print_report+0xfc/0x5c0
kasan_report+0xb8/0xfc
__asan_load8+0x9c/0xb8
axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]
meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]
platform_probe+0x8c/0xf4
really_probe+0x110/0x39c
__driver_probe_device+0xb8/0x18c
driver_probe_device+0x108/0x1d8
__driver_attach+0xd0/0x25c
bus_for_each_dev+0xe0/0x154
driver_attach+0x34/0x44
bus_add_driver+0x134/0x294
driver_register+0xa8/0x1e8
__platform_driver_register+0x44/0x54
axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]
do_one_initcall+0xdc/0x25c
do_init_module+0x10c/0x334
load_module+0x24c4/0x26cc
init_module_from_file+0xd4/0x128
__arm64_sys_finit_module+0x1f4/0x41c
invoke_syscall+0x60/0x188
el0_svc_common.constprop.0+0x78/0x13c
do_el0_svc+0x30/0x40
el0_svc+0x38/0x78
el0t_64_sync_handler+0x100/0x12c
el0t_64_sync+0x190/0x194
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
7864a79f37b55769b817d5e6c5ae0ca4bfdba93b , < a33145f494e6cb82f3e018662cc7c4febf271f22
(git)
Affected: 7864a79f37b55769b817d5e6c5ae0ca4bfdba93b , < 5a2cc2bb81399e9ebc72560541137eb04d61dc3d (git) Affected: 7864a79f37b55769b817d5e6c5ae0ca4bfdba93b , < fb0530025d502cb79d2b2801b14a9d5261833f1a (git) Affected: 7864a79f37b55769b817d5e6c5ae0ca4bfdba93b , < e1a199ec31617242e1a0ea8f312341e682d0c037 (git) Affected: 7864a79f37b55769b817d5e6c5ae0ca4bfdba93b , < e43364f578cdc2f8083abbc0cb743ea55e827c29 (git) Affected: 7864a79f37b55769b817d5e6c5ae0ca4bfdba93b , < 7d318166bf55e9029d56997c3b134f4ac2ae2607 (git) Affected: 7864a79f37b55769b817d5e6c5ae0ca4bfdba93b , < 4f9a71435953f941969a4f017e2357db62d85a86 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T13:58:41.870222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T13:58:47.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:19:35.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/meson/axg-card.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a33145f494e6cb82f3e018662cc7c4febf271f22",
"status": "affected",
"version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b",
"versionType": "git"
},
{
"lessThan": "5a2cc2bb81399e9ebc72560541137eb04d61dc3d",
"status": "affected",
"version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b",
"versionType": "git"
},
{
"lessThan": "fb0530025d502cb79d2b2801b14a9d5261833f1a",
"status": "affected",
"version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b",
"versionType": "git"
},
{
"lessThan": "e1a199ec31617242e1a0ea8f312341e682d0c037",
"status": "affected",
"version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b",
"versionType": "git"
},
{
"lessThan": "e43364f578cdc2f8083abbc0cb743ea55e827c29",
"status": "affected",
"version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b",
"versionType": "git"
},
{
"lessThan": "7d318166bf55e9029d56997c3b134f4ac2ae2607",
"status": "affected",
"version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b",
"versionType": "git"
},
{
"lessThan": "4f9a71435953f941969a4f017e2357db62d85a86",
"status": "affected",
"version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/meson/axg-card.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.52",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.111",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.52",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.11",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: meson: axg-card: fix \u0027use-after-free\u0027\n\nBuffer \u0027card-\u003edai_link\u0027 is reallocated in \u0027meson_card_reallocate_links()\u0027,\nso move \u0027pad\u0027 pointer initialization after this function when memory is\nalready reallocated.\n\nKasan bug report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\n\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:35:53.431Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a33145f494e6cb82f3e018662cc7c4febf271f22"
},
{
"url": "https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d"
},
{
"url": "https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a"
},
{
"url": "https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037"
},
{
"url": "https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29"
},
{
"url": "https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607"
},
{
"url": "https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86"
}
],
"title": "ASoC: meson: axg-card: fix \u0027use-after-free\u0027",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46849",
"datePublished": "2024-09-27T12:42:43.316Z",
"dateReserved": "2024-09-11T15:12:18.290Z",
"dateUpdated": "2025-11-03T22:19:35.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-3435 (GCVE-0-2022-3435)
Vulnerability from cvelistv5 – Published: 2022-10-08 00:00 – Updated: 2025-04-15 13:46
VLAI?
EPSS
Title
Linux Kernel IPv4 fib_semantics.c fib_nh_match out-of-bounds
Summary
A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability.
Severity ?
4.3 (Medium)
CWE
- CWE-119 - Memory Corruption -> CWE-125 Out-of-Bounds Read
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/netdev/20221005181257.8897-1-dsahern%40kernel.org/T/#u"
},
{
"tags": [
"x_transferred"
],
"url": "https://vuldb.com/?id.210357"
},
{
"name": "FEDORA-2022-2cfbe17910",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/"
},
{
"name": "FEDORA-2022-b948fc3cfb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/"
},
{
"name": "FEDORA-2022-1a5b125ac6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/"
},
{
"name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:10:02.272892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:46:07.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Memory Corruption -\u003e CWE-125 Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"url": "https://lore.kernel.org/netdev/20221005181257.8897-1-dsahern%40kernel.org/T/#u"
},
{
"url": "https://vuldb.com/?id.210357"
},
{
"name": "FEDORA-2022-2cfbe17910",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/"
},
{
"name": "FEDORA-2022-b948fc3cfb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/"
},
{
"name": "FEDORA-2022-1a5b125ac6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/"
},
{
"name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"
}
],
"title": "Linux Kernel IPv4 fib_semantics.c fib_nh_match out-of-bounds",
"x_generator": "vuldb.com"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-3435",
"datePublished": "2022-10-08T00:00:00.000Z",
"dateReserved": "2022-10-08T00:00:00.000Z",
"dateUpdated": "2025-04-15T13:46:07.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48988 (GCVE-0-2022-48988)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
memcg: fix possible use-after-free in memcg_write_event_control()
Summary
In the Linux kernel, the following vulnerability has been resolved:
memcg: fix possible use-after-free in memcg_write_event_control()
memcg_write_event_control() accesses the dentry->d_name of the specified
control fd to route the write call. As a cgroup interface file can't be
renamed, it's safe to access d_name as long as the specified file is a
regular cgroup file. Also, as these cgroup interface files can't be
removed before the directory, it's safe to access the parent too.
Prior to 347c4a874710 ("memcg: remove cgroup_event->cft"), there was a
call to __file_cft() which verified that the specified file is a regular
cgroupfs file before further accesses. The cftype pointer returned from
__file_cft() was no longer necessary and the commit inadvertently dropped
the file type check with it allowing any file to slip through. With the
invarients broken, the d_name and parent accesses can now race against
renames and removals of arbitrary files and cause use-after-free's.
Fix the bug by resurrecting the file type check in __file_cft(). Now that
cgroupfs is implemented through kernfs, checking the file operations needs
to go through a layer of indirection. Instead, let's check the superblock
and dentry type.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
347c4a8747104a945ecced358944e42879176ca5 , < b77600e26fd48727a95ffd50ba1e937efb548125
(git)
Affected: 347c4a8747104a945ecced358944e42879176ca5 , < e1ae97624ecf400ea56c238bff23e5cd139df0b8 (git) Affected: 347c4a8747104a945ecced358944e42879176ca5 , < 35963b31821920908e397146502066f6b032c917 (git) Affected: 347c4a8747104a945ecced358944e42879176ca5 , < f1f7f36cf682fa59db15e2089039a2eeb58ff2ad (git) Affected: 347c4a8747104a945ecced358944e42879176ca5 , < aad8bbd17a1d586005feb9226c2e9cfce1432e13 (git) Affected: 347c4a8747104a945ecced358944e42879176ca5 , < 0ed074317b835caa6c03bcfa8f133365324673dc (git) Affected: 347c4a8747104a945ecced358944e42879176ca5 , < 4a7ba45b1a435e7097ca0f79a847d0949d0eb088 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:16:57.577077Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:42.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/cgroup.h",
"kernel/cgroup/cgroup-internal.h",
"mm/memcontrol.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b77600e26fd48727a95ffd50ba1e937efb548125",
"status": "affected",
"version": "347c4a8747104a945ecced358944e42879176ca5",
"versionType": "git"
},
{
"lessThan": "e1ae97624ecf400ea56c238bff23e5cd139df0b8",
"status": "affected",
"version": "347c4a8747104a945ecced358944e42879176ca5",
"versionType": "git"
},
{
"lessThan": "35963b31821920908e397146502066f6b032c917",
"status": "affected",
"version": "347c4a8747104a945ecced358944e42879176ca5",
"versionType": "git"
},
{
"lessThan": "f1f7f36cf682fa59db15e2089039a2eeb58ff2ad",
"status": "affected",
"version": "347c4a8747104a945ecced358944e42879176ca5",
"versionType": "git"
},
{
"lessThan": "aad8bbd17a1d586005feb9226c2e9cfce1432e13",
"status": "affected",
"version": "347c4a8747104a945ecced358944e42879176ca5",
"versionType": "git"
},
{
"lessThan": "0ed074317b835caa6c03bcfa8f133365324673dc",
"status": "affected",
"version": "347c4a8747104a945ecced358944e42879176ca5",
"versionType": "git"
},
{
"lessThan": "4a7ba45b1a435e7097ca0f79a847d0949d0eb088",
"status": "affected",
"version": "347c4a8747104a945ecced358944e42879176ca5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/cgroup.h",
"kernel/cgroup/cgroup-internal.h",
"mm/memcontrol.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.14"
},
{
"lessThan": "3.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.302",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.269",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "3.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg: fix possible use-after-free in memcg_write_event_control()\n\nmemcg_write_event_control() accesses the dentry-\u003ed_name of the specified\ncontrol fd to route the write call. As a cgroup interface file can\u0027t be\nrenamed, it\u0027s safe to access d_name as long as the specified file is a\nregular cgroup file. Also, as these cgroup interface files can\u0027t be\nremoved before the directory, it\u0027s safe to access the parent too.\n\nPrior to 347c4a874710 (\"memcg: remove cgroup_event-\u003ecft\"), there was a\ncall to __file_cft() which verified that the specified file is a regular\ncgroupfs file before further accesses. The cftype pointer returned from\n__file_cft() was no longer necessary and the commit inadvertently dropped\nthe file type check with it allowing any file to slip through. With the\ninvarients broken, the d_name and parent accesses can now race against\nrenames and removals of arbitrary files and cause use-after-free\u0027s.\n\nFix the bug by resurrecting the file type check in __file_cft(). Now that\ncgroupfs is implemented through kernfs, checking the file operations needs\nto go through a layer of indirection. Instead, let\u0027s check the superblock\nand dentry type."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:35.599Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b77600e26fd48727a95ffd50ba1e937efb548125"
},
{
"url": "https://git.kernel.org/stable/c/e1ae97624ecf400ea56c238bff23e5cd139df0b8"
},
{
"url": "https://git.kernel.org/stable/c/35963b31821920908e397146502066f6b032c917"
},
{
"url": "https://git.kernel.org/stable/c/f1f7f36cf682fa59db15e2089039a2eeb58ff2ad"
},
{
"url": "https://git.kernel.org/stable/c/aad8bbd17a1d586005feb9226c2e9cfce1432e13"
},
{
"url": "https://git.kernel.org/stable/c/0ed074317b835caa6c03bcfa8f133365324673dc"
},
{
"url": "https://git.kernel.org/stable/c/4a7ba45b1a435e7097ca0f79a847d0949d0eb088"
}
],
"title": "memcg: fix possible use-after-free in memcg_write_event_control()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48988",
"datePublished": "2024-10-21T20:06:04.601Z",
"dateReserved": "2024-08-22T01:27:53.634Z",
"dateUpdated": "2025-05-04T08:27:35.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48946 (GCVE-0-2022-48946)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-12-23 13:21
VLAI?
EPSS
Title
udf: Fix preallocation discarding at indirect extent boundary
Summary
In the Linux kernel, the following vulnerability has been resolved:
udf: Fix preallocation discarding at indirect extent boundary
When preallocation extent is the first one in the extent block, the
code would corrupt extent tree header instead. Fix the problem and use
udf_delete_aext() for deleting extent to avoid some code duplication.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c8b6fa4511a7900db9fb0353b630d4d2ed1ba99c
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7665857f88557c372da35534165721156756f77f (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 72f651c96c8aadf087fd782d551bf7db648a8c2e (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 4d835efd561dfb9bf5409f11f4ecd428d5d29226 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1a075f4a549481ce6e8518d8379f193ccec6b746 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 63dbbd8f1499b0a161e701a04aa50148d60bd1f7 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ae56d9a017724f130cf1a263dd82a78d2a6e3852 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 12a88f572d6d94b5c0b72e2d1782cc2e96ac06cf (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < cfe4c1b25dd6d2f056afc00b7c98bcb3dd0b1fc3 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:22:15.056500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:41.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/udf/truncate.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c8b6fa4511a7900db9fb0353b630d4d2ed1ba99c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7665857f88557c372da35534165721156756f77f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "72f651c96c8aadf087fd782d551bf7db648a8c2e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4d835efd561dfb9bf5409f11f4ecd428d5d29226",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1a075f4a549481ce6e8518d8379f193ccec6b746",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "63dbbd8f1499b0a161e701a04aa50148d60bd1f7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ae56d9a017724f130cf1a263dd82a78d2a6e3852",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "12a88f572d6d94b5c0b72e2d1782cc2e96ac06cf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cfe4c1b25dd6d2f056afc00b7c98bcb3dd0b1fc3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/udf/truncate.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.337",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.303",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.337",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.303",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.161",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.85",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.15",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.1",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix preallocation discarding at indirect extent boundary\n\nWhen preallocation extent is the first one in the extent block, the\ncode would corrupt extent tree header instead. Fix the problem and use\nudf_delete_aext() for deleting extent to avoid some code duplication."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T13:21:13.097Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c8b6fa4511a7900db9fb0353b630d4d2ed1ba99c"
},
{
"url": "https://git.kernel.org/stable/c/7665857f88557c372da35534165721156756f77f"
},
{
"url": "https://git.kernel.org/stable/c/72f651c96c8aadf087fd782d551bf7db648a8c2e"
},
{
"url": "https://git.kernel.org/stable/c/4d835efd561dfb9bf5409f11f4ecd428d5d29226"
},
{
"url": "https://git.kernel.org/stable/c/1a075f4a549481ce6e8518d8379f193ccec6b746"
},
{
"url": "https://git.kernel.org/stable/c/63dbbd8f1499b0a161e701a04aa50148d60bd1f7"
},
{
"url": "https://git.kernel.org/stable/c/ae56d9a017724f130cf1a263dd82a78d2a6e3852"
},
{
"url": "https://git.kernel.org/stable/c/12a88f572d6d94b5c0b72e2d1782cc2e96ac06cf"
},
{
"url": "https://git.kernel.org/stable/c/cfe4c1b25dd6d2f056afc00b7c98bcb3dd0b1fc3"
}
],
"title": "udf: Fix preallocation discarding at indirect extent boundary",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48946",
"datePublished": "2024-10-21T20:05:35.818Z",
"dateReserved": "2024-08-22T01:27:53.624Z",
"dateUpdated": "2025-12-23T13:21:13.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49003 (GCVE-0-2022-49003)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
nvme: fix SRCU protection of nvme_ns_head list
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvme: fix SRCU protection of nvme_ns_head list
Walking the nvme_ns_head siblings list is protected by the head's srcu
in nvme_ns_head_submit_bio() but not nvme_mpath_revalidate_paths().
Removing namespaces from the list also fails to synchronize the srcu.
Concurrent scan work can therefore cause use-after-frees.
Hold the head's srcu lock in nvme_mpath_revalidate_paths() and
synchronize with the srcu, not the global RCU, in nvme_ns_remove().
Observed the following panic when making NVMe/RDMA connections
with native multipath on the Rocky Linux 8.6 kernel
(it seems the upstream kernel has the same race condition).
Disassembly shows the faulting instruction is cmp 0x50(%rdx),%rcx;
computing capacity != get_capacity(ns->disk).
Address 0x50 is dereferenced because ns->disk is NULL.
The NULL disk appears to be the result of concurrent scan work
freeing the namespace (note the log line in the middle of the panic).
[37314.206036] BUG: unable to handle kernel NULL pointer dereference at 0000000000000050
[37314.206036] nvme0n3: detected capacity change from 0 to 11811160064
[37314.299753] PGD 0 P4D 0
[37314.299756] Oops: 0000 [#1] SMP PTI
[37314.299759] CPU: 29 PID: 322046 Comm: kworker/u98:3 Kdump: loaded Tainted: G W X --------- - - 4.18.0-372.32.1.el8test86.x86_64 #1
[37314.299762] Hardware name: Dell Inc. PowerEdge R720/0JP31P, BIOS 2.7.0 05/23/2018
[37314.299763] Workqueue: nvme-wq nvme_scan_work [nvme_core]
[37314.299783] RIP: 0010:nvme_mpath_revalidate_paths+0x26/0xb0 [nvme_core]
[37314.299790] Code: 1f 44 00 00 66 66 66 66 90 55 53 48 8b 5f 50 48 8b 83 c8 c9 00 00 48 8b 13 48 8b 48 50 48 39 d3 74 20 48 8d 42 d0 48 8b 50 20 <48> 3b 4a 50 74 05 f0 80 60 70 ef 48 8b 50 30 48 8d 42 d0 48 39 d3
[37315.058803] RSP: 0018:ffffabe28f913d10 EFLAGS: 00010202
[37315.121316] RAX: ffff927a077da800 RBX: ffff92991dd70000 RCX: 0000000001600000
[37315.206704] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff92991b719800
[37315.292106] RBP: ffff929a6b70c000 R08: 000000010234cd4a R09: c0000000ffff7fff
[37315.377501] R10: 0000000000000001 R11: ffffabe28f913a30 R12: 0000000000000000
[37315.462889] R13: ffff92992716600c R14: ffff929964e6e030 R15: ffff92991dd70000
[37315.548286] FS: 0000000000000000(0000) GS:ffff92b87fb80000(0000) knlGS:0000000000000000
[37315.645111] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[37315.713871] CR2: 0000000000000050 CR3: 0000002208810006 CR4: 00000000000606e0
[37315.799267] Call Trace:
[37315.828515] nvme_update_ns_info+0x1ac/0x250 [nvme_core]
[37315.892075] nvme_validate_or_alloc_ns+0x2ff/0xa00 [nvme_core]
[37315.961871] ? __blk_mq_free_request+0x6b/0x90
[37316.015021] nvme_scan_work+0x151/0x240 [nvme_core]
[37316.073371] process_one_work+0x1a7/0x360
[37316.121318] ? create_worker+0x1a0/0x1a0
[37316.168227] worker_thread+0x30/0x390
[37316.212024] ? create_worker+0x1a0/0x1a0
[37316.258939] kthread+0x10a/0x120
[37316.297557] ? set_kthread_struct+0x50/0x50
[37316.347590] ret_from_fork+0x35/0x40
[37316.390360] Modules linked in: nvme_rdma nvme_tcp(X) nvme_fabrics nvme_core netconsole iscsi_tcp libiscsi_tcp dm_queue_length dm_service_time nf_conntrack_netlink br_netfilter bridge stp llc overlay nft_chain_nat ipt_MASQUERADE nf_nat xt_addrtype xt_CT nft_counter xt_state xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment xt_multiport nft_compat nf_tables libcrc32c nfnetlink dm_multipath tg3 rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm intel_rapl_msr iTCO_wdt iTCO_vendor_support dcdbas intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel ipmi_ssif kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel ib_uverbs rapl intel_cstate intel_uncore ib_core ipmi_si joydev mei_me pcspkr ipmi_devintf mei lpc_ich wmi ipmi_msghandler acpi_power_meter ex
---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
e7d65803e2bb5bc739548b67a5fc72c626cf7e3b , < 787d81d4eb150e443e5d1276c6e8f03cfecc2302
(git)
Affected: e7d65803e2bb5bc739548b67a5fc72c626cf7e3b , < 5b566d09ab1b975566a53f9c5466ee260d087582 (git) Affected: e7d65803e2bb5bc739548b67a5fc72c626cf7e3b , < 899d2a05dc14733cfba6224083c6b0dd5a738590 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:14:55.180723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:40.333Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/core.c",
"drivers/nvme/host/multipath.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "787d81d4eb150e443e5d1276c6e8f03cfecc2302",
"status": "affected",
"version": "e7d65803e2bb5bc739548b67a5fc72c626cf7e3b",
"versionType": "git"
},
{
"lessThan": "5b566d09ab1b975566a53f9c5466ee260d087582",
"status": "affected",
"version": "e7d65803e2bb5bc739548b67a5fc72c626cf7e3b",
"versionType": "git"
},
{
"lessThan": "899d2a05dc14733cfba6224083c6b0dd5a738590",
"status": "affected",
"version": "e7d65803e2bb5bc739548b67a5fc72c626cf7e3b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/core.c",
"drivers/nvme/host/multipath.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix SRCU protection of nvme_ns_head list\n\nWalking the nvme_ns_head siblings list is protected by the head\u0027s srcu\nin nvme_ns_head_submit_bio() but not nvme_mpath_revalidate_paths().\nRemoving namespaces from the list also fails to synchronize the srcu.\nConcurrent scan work can therefore cause use-after-frees.\n\nHold the head\u0027s srcu lock in nvme_mpath_revalidate_paths() and\nsynchronize with the srcu, not the global RCU, in nvme_ns_remove().\n\nObserved the following panic when making NVMe/RDMA connections\nwith native multipath on the Rocky Linux 8.6 kernel\n(it seems the upstream kernel has the same race condition).\nDisassembly shows the faulting instruction is cmp 0x50(%rdx),%rcx;\ncomputing capacity != get_capacity(ns-\u003edisk).\nAddress 0x50 is dereferenced because ns-\u003edisk is NULL.\nThe NULL disk appears to be the result of concurrent scan work\nfreeing the namespace (note the log line in the middle of the panic).\n\n[37314.206036] BUG: unable to handle kernel NULL pointer dereference at 0000000000000050\n[37314.206036] nvme0n3: detected capacity change from 0 to 11811160064\n[37314.299753] PGD 0 P4D 0\n[37314.299756] Oops: 0000 [#1] SMP PTI\n[37314.299759] CPU: 29 PID: 322046 Comm: kworker/u98:3 Kdump: loaded Tainted: G W X --------- - - 4.18.0-372.32.1.el8test86.x86_64 #1\n[37314.299762] Hardware name: Dell Inc. PowerEdge R720/0JP31P, BIOS 2.7.0 05/23/2018\n[37314.299763] Workqueue: nvme-wq nvme_scan_work [nvme_core]\n[37314.299783] RIP: 0010:nvme_mpath_revalidate_paths+0x26/0xb0 [nvme_core]\n[37314.299790] Code: 1f 44 00 00 66 66 66 66 90 55 53 48 8b 5f 50 48 8b 83 c8 c9 00 00 48 8b 13 48 8b 48 50 48 39 d3 74 20 48 8d 42 d0 48 8b 50 20 \u003c48\u003e 3b 4a 50 74 05 f0 80 60 70 ef 48 8b 50 30 48 8d 42 d0 48 39 d3\n[37315.058803] RSP: 0018:ffffabe28f913d10 EFLAGS: 00010202\n[37315.121316] RAX: ffff927a077da800 RBX: ffff92991dd70000 RCX: 0000000001600000\n[37315.206704] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff92991b719800\n[37315.292106] RBP: ffff929a6b70c000 R08: 000000010234cd4a R09: c0000000ffff7fff\n[37315.377501] R10: 0000000000000001 R11: ffffabe28f913a30 R12: 0000000000000000\n[37315.462889] R13: ffff92992716600c R14: ffff929964e6e030 R15: ffff92991dd70000\n[37315.548286] FS: 0000000000000000(0000) GS:ffff92b87fb80000(0000) knlGS:0000000000000000\n[37315.645111] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[37315.713871] CR2: 0000000000000050 CR3: 0000002208810006 CR4: 00000000000606e0\n[37315.799267] Call Trace:\n[37315.828515] nvme_update_ns_info+0x1ac/0x250 [nvme_core]\n[37315.892075] nvme_validate_or_alloc_ns+0x2ff/0xa00 [nvme_core]\n[37315.961871] ? __blk_mq_free_request+0x6b/0x90\n[37316.015021] nvme_scan_work+0x151/0x240 [nvme_core]\n[37316.073371] process_one_work+0x1a7/0x360\n[37316.121318] ? create_worker+0x1a0/0x1a0\n[37316.168227] worker_thread+0x30/0x390\n[37316.212024] ? create_worker+0x1a0/0x1a0\n[37316.258939] kthread+0x10a/0x120\n[37316.297557] ? set_kthread_struct+0x50/0x50\n[37316.347590] ret_from_fork+0x35/0x40\n[37316.390360] Modules linked in: nvme_rdma nvme_tcp(X) nvme_fabrics nvme_core netconsole iscsi_tcp libiscsi_tcp dm_queue_length dm_service_time nf_conntrack_netlink br_netfilter bridge stp llc overlay nft_chain_nat ipt_MASQUERADE nf_nat xt_addrtype xt_CT nft_counter xt_state xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment xt_multiport nft_compat nf_tables libcrc32c nfnetlink dm_multipath tg3 rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm intel_rapl_msr iTCO_wdt iTCO_vendor_support dcdbas intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel ipmi_ssif kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel ib_uverbs rapl intel_cstate intel_uncore ib_core ipmi_si joydev mei_me pcspkr ipmi_devintf mei lpc_ich wmi ipmi_msghandler acpi_power_meter ex\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:51.238Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/787d81d4eb150e443e5d1276c6e8f03cfecc2302"
},
{
"url": "https://git.kernel.org/stable/c/5b566d09ab1b975566a53f9c5466ee260d087582"
},
{
"url": "https://git.kernel.org/stable/c/899d2a05dc14733cfba6224083c6b0dd5a738590"
}
],
"title": "nvme: fix SRCU protection of nvme_ns_head list",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49003",
"datePublished": "2024-10-21T20:06:16.737Z",
"dateReserved": "2024-08-22T01:27:53.642Z",
"dateUpdated": "2025-05-04T08:27:51.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49896 (GCVE-0-2024-49896)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
drm/amd/display: Check stream before comparing them
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check stream before comparing them
[WHAT & HOW]
amdgpu_dm can pass a null stream to dc_is_stream_unchanged. It is
necessary to check for null before dereferencing them.
This fixes 1 FORWARD_NULL issue reported by Coverity.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 3944d226f55235a960d8f1135927f95e9801be12
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 471c53350ab83e47a2a117c2738ce0363785976e (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 0167d570f6a0b38689c4a0e50bf79c518d827500 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 14db8692afe1aa2143b673856bb603713d8ea93f (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < e8da54b7f8a17e44e67ea6d1037f35450af28115 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 42d31a33643813cce55ee1ebbad3a2d0d24a08e0 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 5b4b13e678b15975055f4ff1ce4cf0ce4c19b6c4 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < e41a291e1bef1153bba091b6580ecc7affc53c82 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 35ff747c86767937ee1e0ca987545b7eed7a0810 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49896",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:43:34.031832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:48.361Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:01.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc_resource.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3944d226f55235a960d8f1135927f95e9801be12",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "471c53350ab83e47a2a117c2738ce0363785976e",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "0167d570f6a0b38689c4a0e50bf79c518d827500",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "14db8692afe1aa2143b673856bb603713d8ea93f",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "e8da54b7f8a17e44e67ea6d1037f35450af28115",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "42d31a33643813cce55ee1ebbad3a2d0d24a08e0",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "5b4b13e678b15975055f4ff1ce4cf0ce4c19b6c4",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "e41a291e1bef1153bba091b6580ecc7affc53c82",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "35ff747c86767937ee1e0ca987545b7eed7a0810",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc_resource.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check stream before comparing them\n\n[WHAT \u0026 HOW]\namdgpu_dm can pass a null stream to dc_is_stream_unchanged. It is\nnecessary to check for null before dereferencing them.\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:19.555Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3944d226f55235a960d8f1135927f95e9801be12"
},
{
"url": "https://git.kernel.org/stable/c/471c53350ab83e47a2a117c2738ce0363785976e"
},
{
"url": "https://git.kernel.org/stable/c/0167d570f6a0b38689c4a0e50bf79c518d827500"
},
{
"url": "https://git.kernel.org/stable/c/14db8692afe1aa2143b673856bb603713d8ea93f"
},
{
"url": "https://git.kernel.org/stable/c/e8da54b7f8a17e44e67ea6d1037f35450af28115"
},
{
"url": "https://git.kernel.org/stable/c/42d31a33643813cce55ee1ebbad3a2d0d24a08e0"
},
{
"url": "https://git.kernel.org/stable/c/5b4b13e678b15975055f4ff1ce4cf0ce4c19b6c4"
},
{
"url": "https://git.kernel.org/stable/c/e41a291e1bef1153bba091b6580ecc7affc53c82"
},
{
"url": "https://git.kernel.org/stable/c/35ff747c86767937ee1e0ca987545b7eed7a0810"
}
],
"title": "drm/amd/display: Check stream before comparing them",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49896",
"datePublished": "2024-10-21T18:01:29.700Z",
"dateReserved": "2024-10-21T12:17:06.026Z",
"dateUpdated": "2025-11-03T22:23:01.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49032 (GCVE-0-2022-49032)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
Summary
In the Linux kernel, the following vulnerability has been resolved:
iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
KASAN report out-of-bounds read as follows:
BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380
Read of size 4 at addr ffffffffc00e4658 by task cat/278
Call Trace:
afe4404_read_raw
iio_read_channel_info
dev_attr_show
The buggy address belongs to the variable:
afe4404_channel_leds+0x18/0xffffffffffffe9c0
This issue can be reproduce by singe command:
$ cat /sys/bus/i2c/devices/0-0058/iio\:device0/in_intensity6_raw
The array size of afe4404_channel_leds and afe4404_channel_offdacs
are less than channels, so access with chan->address cause OOB read
in afe4404_[read|write]_raw. Fix it by moving access before use them.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
b36e8257641a043764c62240316610c81e36376c , < 68de7da092f38395dde523f2e5db26eba6c23e28
(git)
Affected: b36e8257641a043764c62240316610c81e36376c , < 113c08030a89aaf406f8a1d4549d758a67c2afba (git) Affected: b36e8257641a043764c62240316610c81e36376c , < f5575041ec15310bdc50c42b8b22118cc900226e (git) Affected: b36e8257641a043764c62240316610c81e36376c , < 3f566b626029ca8598d48e5074e56bb37399ca1b (git) Affected: b36e8257641a043764c62240316610c81e36376c , < 5eb114f55b37dbc0487aa9c1913b81bb7837f1c4 (git) Affected: b36e8257641a043764c62240316610c81e36376c , < f7419fc42afc035f6b29ce713e17dcd2000c833f (git) Affected: b36e8257641a043764c62240316610c81e36376c , < d45d9f45e7b1365fd0d9bf14680d6d5082a590d1 (git) Affected: b36e8257641a043764c62240316610c81e36376c , < fc92d9e3de0b2d30a3ccc08048a5fad533e4672b (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49032",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:11:06.095851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:35.607Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iio/health/afe4404.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "68de7da092f38395dde523f2e5db26eba6c23e28",
"status": "affected",
"version": "b36e8257641a043764c62240316610c81e36376c",
"versionType": "git"
},
{
"lessThan": "113c08030a89aaf406f8a1d4549d758a67c2afba",
"status": "affected",
"version": "b36e8257641a043764c62240316610c81e36376c",
"versionType": "git"
},
{
"lessThan": "f5575041ec15310bdc50c42b8b22118cc900226e",
"status": "affected",
"version": "b36e8257641a043764c62240316610c81e36376c",
"versionType": "git"
},
{
"lessThan": "3f566b626029ca8598d48e5074e56bb37399ca1b",
"status": "affected",
"version": "b36e8257641a043764c62240316610c81e36376c",
"versionType": "git"
},
{
"lessThan": "5eb114f55b37dbc0487aa9c1913b81bb7837f1c4",
"status": "affected",
"version": "b36e8257641a043764c62240316610c81e36376c",
"versionType": "git"
},
{
"lessThan": "f7419fc42afc035f6b29ce713e17dcd2000c833f",
"status": "affected",
"version": "b36e8257641a043764c62240316610c81e36376c",
"versionType": "git"
},
{
"lessThan": "d45d9f45e7b1365fd0d9bf14680d6d5082a590d1",
"status": "affected",
"version": "b36e8257641a043764c62240316610c81e36376c",
"versionType": "git"
},
{
"lessThan": "fc92d9e3de0b2d30a3ccc08048a5fad533e4672b",
"status": "affected",
"version": "b36e8257641a043764c62240316610c81e36376c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iio/health/afe4404.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.335",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.301",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.335",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.301",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.268",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: health: afe4404: Fix oob read in afe4404_[read|write]_raw\n\nKASAN report out-of-bounds read as follows:\n\nBUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380\nRead of size 4 at addr ffffffffc00e4658 by task cat/278\n\nCall Trace:\n afe4404_read_raw\n iio_read_channel_info\n dev_attr_show\n\nThe buggy address belongs to the variable:\n afe4404_channel_leds+0x18/0xffffffffffffe9c0\n\nThis issue can be reproduce by singe command:\n\n $ cat /sys/bus/i2c/devices/0-0058/iio\\:device0/in_intensity6_raw\n\nThe array size of afe4404_channel_leds and afe4404_channel_offdacs\nare less than channels, so access with chan-\u003eaddress cause OOB read\nin afe4404_[read|write]_raw. Fix it by moving access before use them."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:28.046Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/68de7da092f38395dde523f2e5db26eba6c23e28"
},
{
"url": "https://git.kernel.org/stable/c/113c08030a89aaf406f8a1d4549d758a67c2afba"
},
{
"url": "https://git.kernel.org/stable/c/f5575041ec15310bdc50c42b8b22118cc900226e"
},
{
"url": "https://git.kernel.org/stable/c/3f566b626029ca8598d48e5074e56bb37399ca1b"
},
{
"url": "https://git.kernel.org/stable/c/5eb114f55b37dbc0487aa9c1913b81bb7837f1c4"
},
{
"url": "https://git.kernel.org/stable/c/f7419fc42afc035f6b29ce713e17dcd2000c833f"
},
{
"url": "https://git.kernel.org/stable/c/d45d9f45e7b1365fd0d9bf14680d6d5082a590d1"
},
{
"url": "https://git.kernel.org/stable/c/fc92d9e3de0b2d30a3ccc08048a5fad533e4672b"
}
],
"title": "iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49032",
"datePublished": "2024-10-21T20:06:35.864Z",
"dateReserved": "2024-08-22T01:27:53.652Z",
"dateUpdated": "2025-05-04T08:28:28.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48968 (GCVE-0-2022-48968)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
octeontx2-pf: Fix potential memory leak in otx2_init_tc()
Summary
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-pf: Fix potential memory leak in otx2_init_tc()
In otx2_init_tc(), if rhashtable_init() failed, it does not free
tc->tc_entries_bitmap which is allocated in otx2_tc_alloc_ent_bitmap().
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
2e2a8126ffac66b9b177ce78ad430281c0c8cc74 , < eefd8953a74822cb72006632b9ee9dd95f92c146
(git)
Affected: 2e2a8126ffac66b9b177ce78ad430281c0c8cc74 , < db5ec358cf4ef0ab382ee733d05f018e8bef9462 (git) Affected: 2e2a8126ffac66b9b177ce78ad430281c0c8cc74 , < fbf33f5ac76f2cdb47ad9763f620026d5cfa57ce (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:19:30.002244Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:38.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "eefd8953a74822cb72006632b9ee9dd95f92c146",
"status": "affected",
"version": "2e2a8126ffac66b9b177ce78ad430281c0c8cc74",
"versionType": "git"
},
{
"lessThan": "db5ec358cf4ef0ab382ee733d05f018e8bef9462",
"status": "affected",
"version": "2e2a8126ffac66b9b177ce78ad430281c0c8cc74",
"versionType": "git"
},
{
"lessThan": "fbf33f5ac76f2cdb47ad9763f620026d5cfa57ce",
"status": "affected",
"version": "2e2a8126ffac66b9b177ce78ad430281c0c8cc74",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix potential memory leak in otx2_init_tc()\n\nIn otx2_init_tc(), if rhashtable_init() failed, it does not free\ntc-\u003etc_entries_bitmap which is allocated in otx2_tc_alloc_ent_bitmap()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:07.244Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/eefd8953a74822cb72006632b9ee9dd95f92c146"
},
{
"url": "https://git.kernel.org/stable/c/db5ec358cf4ef0ab382ee733d05f018e8bef9462"
},
{
"url": "https://git.kernel.org/stable/c/fbf33f5ac76f2cdb47ad9763f620026d5cfa57ce"
}
],
"title": "octeontx2-pf: Fix potential memory leak in otx2_init_tc()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48968",
"datePublished": "2024-10-21T20:05:50.402Z",
"dateReserved": "2024-08-22T01:27:53.629Z",
"dateUpdated": "2025-05-04T08:27:07.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26585 (GCVE-0-2024-26585)
Vulnerability from cvelistv5 – Published: 2024-02-21 14:59 – Updated: 2025-11-04 18:29
VLAI?
EPSS
Title
tls: fix race between tx work scheduling and socket close
Summary
In the Linux kernel, the following vulnerability has been resolved:
tls: fix race between tx work scheduling and socket close
Similarly to previous commit, the submitting thread (recvmsg/sendmsg)
may exit as soon as the async crypto handler calls complete().
Reorder scheduling the work before calling complete().
This seems more logical in the first place, as it's
the inverse order of what the submitting thread will do.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
a42055e8d2c30d4decfc13ce943d09c7b9dad221 , < dd32621f19243f89ce830919496a5dcc2158aa33
(git)
Affected: a42055e8d2c30d4decfc13ce943d09c7b9dad221 , < 196f198ca6fce04ba6ce262f5a0e4d567d7d219d (git) Affected: a42055e8d2c30d4decfc13ce943d09c7b9dad221 , < 6db22d6c7a6dc914b12c0469b94eb639b6a8a146 (git) Affected: a42055e8d2c30d4decfc13ce943d09c7b9dad221 , < e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57 (git) Affected: a42055e8d2c30d4decfc13ce943d09c7b9dad221 , < e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T17:07:29.305466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T17:07:36.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:29:48.732Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/196f198ca6fce04ba6ce262f5a0e4d567d7d219d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6db22d6c7a6dc914b12c0469b94eb639b6a8a146"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tls/tls_sw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dd32621f19243f89ce830919496a5dcc2158aa33",
"status": "affected",
"version": "a42055e8d2c30d4decfc13ce943d09c7b9dad221",
"versionType": "git"
},
{
"lessThan": "196f198ca6fce04ba6ce262f5a0e4d567d7d219d",
"status": "affected",
"version": "a42055e8d2c30d4decfc13ce943d09c7b9dad221",
"versionType": "git"
},
{
"lessThan": "6db22d6c7a6dc914b12c0469b94eb639b6a8a146",
"status": "affected",
"version": "a42055e8d2c30d4decfc13ce943d09c7b9dad221",
"versionType": "git"
},
{
"lessThan": "e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57",
"status": "affected",
"version": "a42055e8d2c30d4decfc13ce943d09c7b9dad221",
"versionType": "git"
},
{
"lessThan": "e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb",
"status": "affected",
"version": "a42055e8d2c30d4decfc13ce943d09c7b9dad221",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tls/tls_sw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix race between tx work scheduling and socket close\n\nSimilarly to previous commit, the submitting thread (recvmsg/sendmsg)\nmay exit as soon as the async crypto handler calls complete().\nReorder scheduling the work before calling complete().\nThis seems more logical in the first place, as it\u0027s\nthe inverse order of what the submitting thread will do."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:51:37.235Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dd32621f19243f89ce830919496a5dcc2158aa33"
},
{
"url": "https://git.kernel.org/stable/c/196f198ca6fce04ba6ce262f5a0e4d567d7d219d"
},
{
"url": "https://git.kernel.org/stable/c/6db22d6c7a6dc914b12c0469b94eb639b6a8a146"
},
{
"url": "https://git.kernel.org/stable/c/e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57"
},
{
"url": "https://git.kernel.org/stable/c/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb"
}
],
"title": "tls: fix race between tx work scheduling and socket close",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26585",
"datePublished": "2024-02-21T14:59:13.088Z",
"dateReserved": "2024-02-19T14:20:24.125Z",
"dateUpdated": "2025-11-04T18:29:48.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49882 (GCVE-0-2024-49882)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 22:22
VLAI?
EPSS
Title
ext4: fix double brelse() the buffer of the extents path
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix double brelse() the buffer of the extents path
In ext4_ext_try_to_merge_up(), set path[1].p_bh to NULL after it has been
released, otherwise it may be released twice. An example of what triggers
this is as follows:
split2 map split1
|--------|-------|--------|
ext4_ext_map_blocks
ext4_ext_handle_unwritten_extents
ext4_split_convert_extents
// path->p_depth == 0
ext4_split_extent
// 1. do split1
ext4_split_extent_at
|ext4_ext_insert_extent
| ext4_ext_create_new_leaf
| ext4_ext_grow_indepth
| le16_add_cpu(&neh->eh_depth, 1)
| ext4_find_extent
| // return -ENOMEM
|// get error and try zeroout
|path = ext4_find_extent
| path->p_depth = 1
|ext4_ext_try_to_merge
| ext4_ext_try_to_merge_up
| path->p_depth = 0
| brelse(path[1].p_bh) ---> not set to NULL here
|// zeroout success
// 2. update path
ext4_find_extent
// 3. do split2
ext4_split_extent_at
ext4_ext_insert_extent
ext4_ext_create_new_leaf
ext4_ext_grow_indepth
le16_add_cpu(&neh->eh_depth, 1)
ext4_find_extent
path[0].p_bh = NULL;
path->p_depth = 1
read_extent_tree_block ---> return err
// path[1].p_bh is still the old value
ext4_free_ext_path
ext4_ext_drop_refs
// path->p_depth == 1
brelse(path[1].p_bh) ---> brelse a buffer twice
Finally got the following WARRNING when removing the buffer from lru:
============================================
VFS: brelse: Trying to free free buffer
WARNING: CPU: 2 PID: 72 at fs/buffer.c:1241 __brelse+0x58/0x90
CPU: 2 PID: 72 Comm: kworker/u19:1 Not tainted 6.9.0-dirty #716
RIP: 0010:__brelse+0x58/0x90
Call Trace:
<TASK>
__find_get_block+0x6e7/0x810
bdev_getblk+0x2b/0x480
__ext4_get_inode_loc+0x48a/0x1240
ext4_get_inode_loc+0xb2/0x150
ext4_reserve_inode_write+0xb7/0x230
__ext4_mark_inode_dirty+0x144/0x6a0
ext4_ext_insert_extent+0x9c8/0x3230
ext4_ext_map_blocks+0xf45/0x2dc0
ext4_map_blocks+0x724/0x1700
ext4_do_writepages+0x12d6/0x2a70
[...]
============================================
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
ecb94f5fdf4b72547fca022421a9dca1672bddd4 , < d4574bda63906bf69660e001470bfe1a0ac524ae
(git)
Affected: ecb94f5fdf4b72547fca022421a9dca1672bddd4 , < f9fd47c9d9548f9e47fa60098eab99dde175401d (git) Affected: ecb94f5fdf4b72547fca022421a9dca1672bddd4 , < b6c29c8f3d7cb67b505f3b2f6c242d52298d1f2e (git) Affected: ecb94f5fdf4b72547fca022421a9dca1672bddd4 , < 32bbb59e3f18facd7201bef110010bf35819b8c3 (git) Affected: ecb94f5fdf4b72547fca022421a9dca1672bddd4 , < 78bbc3d15b6f443acb26e94418c445bac940d414 (git) Affected: ecb94f5fdf4b72547fca022421a9dca1672bddd4 , < 68a69cf60660c73990c1875f94a5551600b04775 (git) Affected: ecb94f5fdf4b72547fca022421a9dca1672bddd4 , < 7633407ca4ab8be2916ab214eb44ccebc6a50e1a (git) Affected: ecb94f5fdf4b72547fca022421a9dca1672bddd4 , < 230ee0535d01478bad9a3037292043f39b9be10b (git) Affected: ecb94f5fdf4b72547fca022421a9dca1672bddd4 , < dcaa6c31134c0f515600111c38ed7750003e1b9c (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49882",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:45:30.617937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:50.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:48.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/extents.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d4574bda63906bf69660e001470bfe1a0ac524ae",
"status": "affected",
"version": "ecb94f5fdf4b72547fca022421a9dca1672bddd4",
"versionType": "git"
},
{
"lessThan": "f9fd47c9d9548f9e47fa60098eab99dde175401d",
"status": "affected",
"version": "ecb94f5fdf4b72547fca022421a9dca1672bddd4",
"versionType": "git"
},
{
"lessThan": "b6c29c8f3d7cb67b505f3b2f6c242d52298d1f2e",
"status": "affected",
"version": "ecb94f5fdf4b72547fca022421a9dca1672bddd4",
"versionType": "git"
},
{
"lessThan": "32bbb59e3f18facd7201bef110010bf35819b8c3",
"status": "affected",
"version": "ecb94f5fdf4b72547fca022421a9dca1672bddd4",
"versionType": "git"
},
{
"lessThan": "78bbc3d15b6f443acb26e94418c445bac940d414",
"status": "affected",
"version": "ecb94f5fdf4b72547fca022421a9dca1672bddd4",
"versionType": "git"
},
{
"lessThan": "68a69cf60660c73990c1875f94a5551600b04775",
"status": "affected",
"version": "ecb94f5fdf4b72547fca022421a9dca1672bddd4",
"versionType": "git"
},
{
"lessThan": "7633407ca4ab8be2916ab214eb44ccebc6a50e1a",
"status": "affected",
"version": "ecb94f5fdf4b72547fca022421a9dca1672bddd4",
"versionType": "git"
},
{
"lessThan": "230ee0535d01478bad9a3037292043f39b9be10b",
"status": "affected",
"version": "ecb94f5fdf4b72547fca022421a9dca1672bddd4",
"versionType": "git"
},
{
"lessThan": "dcaa6c31134c0f515600111c38ed7750003e1b9c",
"status": "affected",
"version": "ecb94f5fdf4b72547fca022421a9dca1672bddd4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/extents.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix double brelse() the buffer of the extents path\n\nIn ext4_ext_try_to_merge_up(), set path[1].p_bh to NULL after it has been\nreleased, otherwise it may be released twice. An example of what triggers\nthis is as follows:\n\n split2 map split1\n|--------|-------|--------|\n\next4_ext_map_blocks\n ext4_ext_handle_unwritten_extents\n ext4_split_convert_extents\n // path-\u003ep_depth == 0\n ext4_split_extent\n // 1. do split1\n ext4_split_extent_at\n |ext4_ext_insert_extent\n | ext4_ext_create_new_leaf\n | ext4_ext_grow_indepth\n | le16_add_cpu(\u0026neh-\u003eeh_depth, 1)\n | ext4_find_extent\n | // return -ENOMEM\n |// get error and try zeroout\n |path = ext4_find_extent\n | path-\u003ep_depth = 1\n |ext4_ext_try_to_merge\n | ext4_ext_try_to_merge_up\n | path-\u003ep_depth = 0\n | brelse(path[1].p_bh) ---\u003e not set to NULL here\n |// zeroout success\n // 2. update path\n ext4_find_extent\n // 3. do split2\n ext4_split_extent_at\n ext4_ext_insert_extent\n ext4_ext_create_new_leaf\n ext4_ext_grow_indepth\n le16_add_cpu(\u0026neh-\u003eeh_depth, 1)\n ext4_find_extent\n path[0].p_bh = NULL;\n path-\u003ep_depth = 1\n read_extent_tree_block ---\u003e return err\n // path[1].p_bh is still the old value\n ext4_free_ext_path\n ext4_ext_drop_refs\n // path-\u003ep_depth == 1\n brelse(path[1].p_bh) ---\u003e brelse a buffer twice\n\nFinally got the following WARRNING when removing the buffer from lru:\n\n============================================\nVFS: brelse: Trying to free free buffer\nWARNING: CPU: 2 PID: 72 at fs/buffer.c:1241 __brelse+0x58/0x90\nCPU: 2 PID: 72 Comm: kworker/u19:1 Not tainted 6.9.0-dirty #716\nRIP: 0010:__brelse+0x58/0x90\nCall Trace:\n \u003cTASK\u003e\n __find_get_block+0x6e7/0x810\n bdev_getblk+0x2b/0x480\n __ext4_get_inode_loc+0x48a/0x1240\n ext4_get_inode_loc+0xb2/0x150\n ext4_reserve_inode_write+0xb7/0x230\n __ext4_mark_inode_dirty+0x144/0x6a0\n ext4_ext_insert_extent+0x9c8/0x3230\n ext4_ext_map_blocks+0xf45/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n============================================"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:40:17.799Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d4574bda63906bf69660e001470bfe1a0ac524ae"
},
{
"url": "https://git.kernel.org/stable/c/f9fd47c9d9548f9e47fa60098eab99dde175401d"
},
{
"url": "https://git.kernel.org/stable/c/b6c29c8f3d7cb67b505f3b2f6c242d52298d1f2e"
},
{
"url": "https://git.kernel.org/stable/c/32bbb59e3f18facd7201bef110010bf35819b8c3"
},
{
"url": "https://git.kernel.org/stable/c/78bbc3d15b6f443acb26e94418c445bac940d414"
},
{
"url": "https://git.kernel.org/stable/c/68a69cf60660c73990c1875f94a5551600b04775"
},
{
"url": "https://git.kernel.org/stable/c/7633407ca4ab8be2916ab214eb44ccebc6a50e1a"
},
{
"url": "https://git.kernel.org/stable/c/230ee0535d01478bad9a3037292043f39b9be10b"
},
{
"url": "https://git.kernel.org/stable/c/dcaa6c31134c0f515600111c38ed7750003e1b9c"
}
],
"title": "ext4: fix double brelse() the buffer of the extents path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49882",
"datePublished": "2024-10-21T18:01:20.144Z",
"dateReserved": "2024-10-21T12:17:06.021Z",
"dateUpdated": "2025-11-03T22:22:48.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49023 (GCVE-0-2022-49023)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:28
VLAI?
EPSS
Title
wifi: cfg80211: fix buffer overflow in elem comparison
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: fix buffer overflow in elem comparison
For vendor elements, the code here assumes that 5 octets
are present without checking. Since the element itself is
already checked to fit, we only need to check the length.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
0b8fb8235be8be99a197e8d948fc0a2df8dc261a , < f5c2ec288a865dbe3706b09bed12302e9f6d696b
(git)
Affected: 0b8fb8235be8be99a197e8d948fc0a2df8dc261a , < 9e6b79a3cd17620d467311b30d56f2648f6880aa (git) Affected: 0b8fb8235be8be99a197e8d948fc0a2df8dc261a , < 88a6fe3707888bd1893e9741157a7035c4159ab6 (git) Affected: 0b8fb8235be8be99a197e8d948fc0a2df8dc261a , < 391cb872553627bdcf236c03ee7d5adb275e37e1 (git) Affected: 0b8fb8235be8be99a197e8d948fc0a2df8dc261a , < 9f16b5c82a025cd4c864737409234ddc44fb166a (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:12:18.800355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:36.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/wireless/scan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f5c2ec288a865dbe3706b09bed12302e9f6d696b",
"status": "affected",
"version": "0b8fb8235be8be99a197e8d948fc0a2df8dc261a",
"versionType": "git"
},
{
"lessThan": "9e6b79a3cd17620d467311b30d56f2648f6880aa",
"status": "affected",
"version": "0b8fb8235be8be99a197e8d948fc0a2df8dc261a",
"versionType": "git"
},
{
"lessThan": "88a6fe3707888bd1893e9741157a7035c4159ab6",
"status": "affected",
"version": "0b8fb8235be8be99a197e8d948fc0a2df8dc261a",
"versionType": "git"
},
{
"lessThan": "391cb872553627bdcf236c03ee7d5adb275e37e1",
"status": "affected",
"version": "0b8fb8235be8be99a197e8d948fc0a2df8dc261a",
"versionType": "git"
},
{
"lessThan": "9f16b5c82a025cd4c864737409234ddc44fb166a",
"status": "affected",
"version": "0b8fb8235be8be99a197e8d948fc0a2df8dc261a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/wireless/scan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: fix buffer overflow in elem comparison\n\nFor vendor elements, the code here assumes that 5 octets\nare present without checking. Since the element itself is\nalready checked to fit, we only need to check the length."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:16.767Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f5c2ec288a865dbe3706b09bed12302e9f6d696b"
},
{
"url": "https://git.kernel.org/stable/c/9e6b79a3cd17620d467311b30d56f2648f6880aa"
},
{
"url": "https://git.kernel.org/stable/c/88a6fe3707888bd1893e9741157a7035c4159ab6"
},
{
"url": "https://git.kernel.org/stable/c/391cb872553627bdcf236c03ee7d5adb275e37e1"
},
{
"url": "https://git.kernel.org/stable/c/9f16b5c82a025cd4c864737409234ddc44fb166a"
}
],
"title": "wifi: cfg80211: fix buffer overflow in elem comparison",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49023",
"datePublished": "2024-10-21T20:06:29.901Z",
"dateReserved": "2024-08-22T01:27:53.649Z",
"dateUpdated": "2025-05-04T08:28:16.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-44931 (GCVE-0-2024-44931)
Vulnerability from cvelistv5 – Published: 2024-08-26 10:11 – Updated: 2026-01-05 10:52
VLAI?
EPSS
Title
gpio: prevent potential speculation leaks in gpio_device_get_desc()
Summary
In the Linux kernel, the following vulnerability has been resolved:
gpio: prevent potential speculation leaks in gpio_device_get_desc()
Userspace may trigger a speculative read of an address outside the gpio
descriptor array.
Users can do that by calling gpio_ioctl() with an offset out of range.
Offset is copied from user and then used as an array index to get
the gpio descriptor without sanitization in gpio_device_get_desc().
This change ensures that the offset is sanitized by using
array_index_nospec() to mitigate any possibility of speculative
information leaks.
This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
521a2ad6f862a28e2e43cb3e254a26bf0f9452e9 , < 18504710442671b02d00e6db9804a0ad26c5a479
(git)
Affected: 521a2ad6f862a28e2e43cb3e254a26bf0f9452e9 , < 9ae2d8e75b741dbcb0da374753f972410e83b5f3 (git) Affected: 521a2ad6f862a28e2e43cb3e254a26bf0f9452e9 , < 9d682e89c44bd5819b01f3fbb45a8e3681a4b6d0 (git) Affected: 521a2ad6f862a28e2e43cb3e254a26bf0f9452e9 , < c65ab97efcd438cb4e9f299400f2ea55251f3a67 (git) Affected: 521a2ad6f862a28e2e43cb3e254a26bf0f9452e9 , < 672c19165fc96dfad531a5458e0b3cdab414aae4 (git) Affected: 521a2ad6f862a28e2e43cb3e254a26bf0f9452e9 , < 1b955f786a4bcde8c0ccb2b7d519def2acb6f3cc (git) Affected: 521a2ad6f862a28e2e43cb3e254a26bf0f9452e9 , < d776c0486b03a5c4afca65b8ff44573592bf93bb (git) Affected: 521a2ad6f862a28e2e43cb3e254a26bf0f9452e9 , < d795848ecce24a75dfd46481aee066ae6fe39775 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44931",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:28:01.219323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:56.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:13:36.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpiolib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "18504710442671b02d00e6db9804a0ad26c5a479",
"status": "affected",
"version": "521a2ad6f862a28e2e43cb3e254a26bf0f9452e9",
"versionType": "git"
},
{
"lessThan": "9ae2d8e75b741dbcb0da374753f972410e83b5f3",
"status": "affected",
"version": "521a2ad6f862a28e2e43cb3e254a26bf0f9452e9",
"versionType": "git"
},
{
"lessThan": "9d682e89c44bd5819b01f3fbb45a8e3681a4b6d0",
"status": "affected",
"version": "521a2ad6f862a28e2e43cb3e254a26bf0f9452e9",
"versionType": "git"
},
{
"lessThan": "c65ab97efcd438cb4e9f299400f2ea55251f3a67",
"status": "affected",
"version": "521a2ad6f862a28e2e43cb3e254a26bf0f9452e9",
"versionType": "git"
},
{
"lessThan": "672c19165fc96dfad531a5458e0b3cdab414aae4",
"status": "affected",
"version": "521a2ad6f862a28e2e43cb3e254a26bf0f9452e9",
"versionType": "git"
},
{
"lessThan": "1b955f786a4bcde8c0ccb2b7d519def2acb6f3cc",
"status": "affected",
"version": "521a2ad6f862a28e2e43cb3e254a26bf0f9452e9",
"versionType": "git"
},
{
"lessThan": "d776c0486b03a5c4afca65b8ff44573592bf93bb",
"status": "affected",
"version": "521a2ad6f862a28e2e43cb3e254a26bf0f9452e9",
"versionType": "git"
},
{
"lessThan": "d795848ecce24a75dfd46481aee066ae6fe39775",
"status": "affected",
"version": "521a2ad6f862a28e2e43cb3e254a26bf0f9452e9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpiolib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.6"
},
{
"lessThan": "4.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.112",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.112",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: prevent potential speculation leaks in gpio_device_get_desc()\n\nUserspace may trigger a speculative read of an address outside the gpio\ndescriptor array.\nUsers can do that by calling gpio_ioctl() with an offset out of range.\nOffset is copied from user and then used as an array index to get\nthe gpio descriptor without sanitization in gpio_device_get_desc().\n\nThis change ensures that the offset is sanitized by using\narray_index_nospec() to mitigate any possibility of speculative\ninformation leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:52:34.615Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/18504710442671b02d00e6db9804a0ad26c5a479"
},
{
"url": "https://git.kernel.org/stable/c/9ae2d8e75b741dbcb0da374753f972410e83b5f3"
},
{
"url": "https://git.kernel.org/stable/c/9d682e89c44bd5819b01f3fbb45a8e3681a4b6d0"
},
{
"url": "https://git.kernel.org/stable/c/c65ab97efcd438cb4e9f299400f2ea55251f3a67"
},
{
"url": "https://git.kernel.org/stable/c/672c19165fc96dfad531a5458e0b3cdab414aae4"
},
{
"url": "https://git.kernel.org/stable/c/1b955f786a4bcde8c0ccb2b7d519def2acb6f3cc"
},
{
"url": "https://git.kernel.org/stable/c/d776c0486b03a5c4afca65b8ff44573592bf93bb"
},
{
"url": "https://git.kernel.org/stable/c/d795848ecce24a75dfd46481aee066ae6fe39775"
}
],
"title": "gpio: prevent potential speculation leaks in gpio_device_get_desc()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-44931",
"datePublished": "2024-08-26T10:11:21.425Z",
"dateReserved": "2024-08-21T05:34:56.663Z",
"dateUpdated": "2026-01-05T10:52:34.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52881 (GCVE-0-2023-52881)
Vulnerability from cvelistv5 – Published: 2024-05-29 10:15 – Updated: 2025-05-04 12:49
VLAI?
EPSS
Title
tcp: do not accept ACK of bytes we never sent
Summary
In the Linux kernel, the following vulnerability has been resolved:
tcp: do not accept ACK of bytes we never sent
This patch is based on a detailed report and ideas from Yepeng Pan
and Christian Rossow.
ACK seq validation is currently following RFC 5961 5.2 guidelines:
The ACK value is considered acceptable only if
it is in the range of ((SND.UNA - MAX.SND.WND) <= SEG.ACK <=
SND.NXT). All incoming segments whose ACK value doesn't satisfy the
above condition MUST be discarded and an ACK sent back. It needs to
be noted that RFC 793 on page 72 (fifth check) says: "If the ACK is a
duplicate (SEG.ACK < SND.UNA), it can be ignored. If the ACK
acknowledges something not yet sent (SEG.ACK > SND.NXT) then send an
ACK, drop the segment, and return". The "ignored" above implies that
the processing of the incoming data segment continues, which means
the ACK value is treated as acceptable. This mitigation makes the
ACK check more stringent since any ACK < SND.UNA wouldn't be
accepted, instead only ACKs that are in the range ((SND.UNA -
MAX.SND.WND) <= SEG.ACK <= SND.NXT) get through.
This can be refined for new (and possibly spoofed) flows,
by not accepting ACK for bytes that were never sent.
This greatly improves TCP security at a little cost.
I added a Fixes: tag to make sure this patch will reach stable trees,
even if the 'blamed' patch was adhering to the RFC.
tp->bytes_acked was added in linux-4.2
Following packetdrill test (courtesy of Yepeng Pan) shows
the issue at hand:
0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
+0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
+0 bind(3, ..., ...) = 0
+0 listen(3, 1024) = 0
// ---------------- Handshake ------------------- //
// when window scale is set to 14 the window size can be extended to
// 65535 * (2^14) = 1073725440. Linux would accept an ACK packet
// with ack number in (Server_ISN+1-1073725440. Server_ISN+1)
// ,though this ack number acknowledges some data never
// sent by the server.
+0 < S 0:0(0) win 65535 <mss 1400,nop,wscale 14>
+0 > S. 0:0(0) ack 1 <...>
+0 < . 1:1(0) ack 1 win 65535
+0 accept(3, ..., ...) = 4
// For the established connection, we send an ACK packet,
// the ack packet uses ack number 1 - 1073725300 + 2^32,
// where 2^32 is used to wrap around.
// Note: we used 1073725300 instead of 1073725440 to avoid possible
// edge cases.
// 1 - 1073725300 + 2^32 = 3221241997
// Oops, old kernels happily accept this packet.
+0 < . 1:1001(1000) ack 3221241997 win 65535
// After the kernel fix the following will be replaced by a challenge ACK,
// and prior malicious frame would be dropped.
+0 > . 1:1(0) ack 1001
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 69eae75ca5255e876628ac5cee9eaab31f644b57
(git)
Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 458f07ffeccd17f99942311e09ef574ddf4a414a (git) Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 7ffff0cc929fdfc62a74b384c4903d6496c910f0 (git) Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < b17a886ed29f3b70b78ccf632dad03e0c69e3c1a (git) Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 0d4e0afdd6658cd21dd5be61880411a2553fd1fc (git) Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 008b807fe487e0b15a3a6c39add4eb477f73e440 (git) Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 2087d53a66e97a5eb5d1bf558d5bef9e5f891757 (git) Affected: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 , < 3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27 (git) Affected: 8d15569e14cfcf9151e9e3b4c0cb98369943a2bb (git) Affected: e252bbd8c87b95e9cecdc01350fbb0b46a0f9bf1 (git) Affected: 2ee4432e82437a7c051c254b065fbf5d4581e1a3 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69eae75ca5255e876628ac5cee9eaab31f644b57"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/458f07ffeccd17f99942311e09ef574ddf4a414a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7ffff0cc929fdfc62a74b384c4903d6496c910f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b17a886ed29f3b70b78ccf632dad03e0c69e3c1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d4e0afdd6658cd21dd5be61880411a2553fd1fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/008b807fe487e0b15a3a6c39add4eb477f73e440"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2087d53a66e97a5eb5d1bf558d5bef9e5f891757"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52881",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T16:46:40.495686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T15:11:03.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_input.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "69eae75ca5255e876628ac5cee9eaab31f644b57",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "458f07ffeccd17f99942311e09ef574ddf4a414a",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "7ffff0cc929fdfc62a74b384c4903d6496c910f0",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "b17a886ed29f3b70b78ccf632dad03e0c69e3c1a",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "0d4e0afdd6658cd21dd5be61880411a2553fd1fc",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "008b807fe487e0b15a3a6c39add4eb477f73e440",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "2087d53a66e97a5eb5d1bf558d5bef9e5f891757",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"status": "affected",
"version": "8d15569e14cfcf9151e9e3b4c0cb98369943a2bb",
"versionType": "git"
},
{
"status": "affected",
"version": "e252bbd8c87b95e9cecdc01350fbb0b46a0f9bf1",
"versionType": "git"
},
{
"status": "affected",
"version": "2ee4432e82437a7c051c254b065fbf5d4581e1a3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_input.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.333",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.264",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.204",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.143",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.68",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.333",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.302",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.264",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.204",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.143",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.68",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.7",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.4.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: do not accept ACK of bytes we never sent\n\nThis patch is based on a detailed report and ideas from Yepeng Pan\nand Christian Rossow.\n\nACK seq validation is currently following RFC 5961 5.2 guidelines:\n\n The ACK value is considered acceptable only if\n it is in the range of ((SND.UNA - MAX.SND.WND) \u003c= SEG.ACK \u003c=\n SND.NXT). All incoming segments whose ACK value doesn\u0027t satisfy the\n above condition MUST be discarded and an ACK sent back. It needs to\n be noted that RFC 793 on page 72 (fifth check) says: \"If the ACK is a\n duplicate (SEG.ACK \u003c SND.UNA), it can be ignored. If the ACK\n acknowledges something not yet sent (SEG.ACK \u003e SND.NXT) then send an\n ACK, drop the segment, and return\". The \"ignored\" above implies that\n the processing of the incoming data segment continues, which means\n the ACK value is treated as acceptable. This mitigation makes the\n ACK check more stringent since any ACK \u003c SND.UNA wouldn\u0027t be\n accepted, instead only ACKs that are in the range ((SND.UNA -\n MAX.SND.WND) \u003c= SEG.ACK \u003c= SND.NXT) get through.\n\nThis can be refined for new (and possibly spoofed) flows,\nby not accepting ACK for bytes that were never sent.\n\nThis greatly improves TCP security at a little cost.\n\nI added a Fixes: tag to make sure this patch will reach stable trees,\neven if the \u0027blamed\u0027 patch was adhering to the RFC.\n\ntp-\u003ebytes_acked was added in linux-4.2\n\nFollowing packetdrill test (courtesy of Yepeng Pan) shows\nthe issue at hand:\n\n0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3\n+0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0\n+0 bind(3, ..., ...) = 0\n+0 listen(3, 1024) = 0\n\n// ---------------- Handshake ------------------- //\n\n// when window scale is set to 14 the window size can be extended to\n// 65535 * (2^14) = 1073725440. Linux would accept an ACK packet\n// with ack number in (Server_ISN+1-1073725440. Server_ISN+1)\n// ,though this ack number acknowledges some data never\n// sent by the server.\n\n+0 \u003c S 0:0(0) win 65535 \u003cmss 1400,nop,wscale 14\u003e\n+0 \u003e S. 0:0(0) ack 1 \u003c...\u003e\n+0 \u003c . 1:1(0) ack 1 win 65535\n+0 accept(3, ..., ...) = 4\n\n// For the established connection, we send an ACK packet,\n// the ack packet uses ack number 1 - 1073725300 + 2^32,\n// where 2^32 is used to wrap around.\n// Note: we used 1073725300 instead of 1073725440 to avoid possible\n// edge cases.\n// 1 - 1073725300 + 2^32 = 3221241997\n\n// Oops, old kernels happily accept this packet.\n+0 \u003c . 1:1001(1000) ack 3221241997 win 65535\n\n// After the kernel fix the following will be replaced by a challenge ACK,\n// and prior malicious frame would be dropped.\n+0 \u003e . 1:1(0) ack 1001"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:46.197Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/69eae75ca5255e876628ac5cee9eaab31f644b57"
},
{
"url": "https://git.kernel.org/stable/c/458f07ffeccd17f99942311e09ef574ddf4a414a"
},
{
"url": "https://git.kernel.org/stable/c/7ffff0cc929fdfc62a74b384c4903d6496c910f0"
},
{
"url": "https://git.kernel.org/stable/c/b17a886ed29f3b70b78ccf632dad03e0c69e3c1a"
},
{
"url": "https://git.kernel.org/stable/c/0d4e0afdd6658cd21dd5be61880411a2553fd1fc"
},
{
"url": "https://git.kernel.org/stable/c/008b807fe487e0b15a3a6c39add4eb477f73e440"
},
{
"url": "https://git.kernel.org/stable/c/2087d53a66e97a5eb5d1bf558d5bef9e5f891757"
},
{
"url": "https://git.kernel.org/stable/c/3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27"
}
],
"title": "tcp: do not accept ACK of bytes we never sent",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52881",
"datePublished": "2024-05-29T10:15:14.186Z",
"dateReserved": "2024-05-21T15:35:00.781Z",
"dateUpdated": "2025-05-04T12:49:46.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35817 (GCVE-0-2024-35817)
Vulnerability from cvelistv5 – Published: 2024-05-17 13:23 – Updated: 2025-05-21 09:12
VLAI?
EPSS
Title
drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag
Otherwise after the GTT bo is released, the GTT and gart space is freed
but amdgpu_ttm_backend_unbind will not clear the gart page table entry
and leave valid mapping entry pointing to the stale system page. Then
if GPU access the gart address mistakely, it will read undefined value
instead page fault, harder to debug and reproduce the real issue.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
0b988ca1c7c4c73983b4ea96ef7c2af2263c87eb , < 5d5f1a7f3b1039925f79c7894f153c2a905201fb
(git)
Affected: 0b988ca1c7c4c73983b4ea96ef7c2af2263c87eb , < 589c414138a1bed98e652c905937d8f790804efe (git) Affected: 0b988ca1c7c4c73983b4ea96ef7c2af2263c87eb , < 6fcd12cb90888ef2d8af8d4c04e913252eee4ef3 (git) Affected: 0b988ca1c7c4c73983b4ea96ef7c2af2263c87eb , < e8d27caef2c829a306e1f762fb95f06e8ec676f6 (git) Affected: 0b988ca1c7c4c73983b4ea96ef7c2af2263c87eb , < 5cdce3dda3b3dacde902f63a8ee72c2b7f91912d (git) Affected: 0b988ca1c7c4c73983b4ea96ef7c2af2263c87eb , < 6c6064cbe58b43533e3451ad6a8ba9736c109ac3 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:39:20.658844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:43:20.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5d5f1a7f3b1039925f79c7894f153c2a905201fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/589c414138a1bed98e652c905937d8f790804efe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fcd12cb90888ef2d8af8d4c04e913252eee4ef3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8d27caef2c829a306e1f762fb95f06e8ec676f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5cdce3dda3b3dacde902f63a8ee72c2b7f91912d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c6064cbe58b43533e3451ad6a8ba9736c109ac3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5d5f1a7f3b1039925f79c7894f153c2a905201fb",
"status": "affected",
"version": "0b988ca1c7c4c73983b4ea96ef7c2af2263c87eb",
"versionType": "git"
},
{
"lessThan": "589c414138a1bed98e652c905937d8f790804efe",
"status": "affected",
"version": "0b988ca1c7c4c73983b4ea96ef7c2af2263c87eb",
"versionType": "git"
},
{
"lessThan": "6fcd12cb90888ef2d8af8d4c04e913252eee4ef3",
"status": "affected",
"version": "0b988ca1c7c4c73983b4ea96ef7c2af2263c87eb",
"versionType": "git"
},
{
"lessThan": "e8d27caef2c829a306e1f762fb95f06e8ec676f6",
"status": "affected",
"version": "0b988ca1c7c4c73983b4ea96ef7c2af2263c87eb",
"versionType": "git"
},
{
"lessThan": "5cdce3dda3b3dacde902f63a8ee72c2b7f91912d",
"status": "affected",
"version": "0b988ca1c7c4c73983b4ea96ef7c2af2263c87eb",
"versionType": "git"
},
{
"lessThan": "6c6064cbe58b43533e3451ad6a8ba9736c109ac3",
"status": "affected",
"version": "0b988ca1c7c4c73983b4ea96ef7c2af2263c87eb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag\n\nOtherwise after the GTT bo is released, the GTT and gart space is freed\nbut amdgpu_ttm_backend_unbind will not clear the gart page table entry\nand leave valid mapping entry pointing to the stale system page. Then\nif GPU access the gart address mistakely, it will read undefined value\ninstead page fault, harder to debug and reproduce the real issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:12:35.522Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5d5f1a7f3b1039925f79c7894f153c2a905201fb"
},
{
"url": "https://git.kernel.org/stable/c/589c414138a1bed98e652c905937d8f790804efe"
},
{
"url": "https://git.kernel.org/stable/c/6fcd12cb90888ef2d8af8d4c04e913252eee4ef3"
},
{
"url": "https://git.kernel.org/stable/c/e8d27caef2c829a306e1f762fb95f06e8ec676f6"
},
{
"url": "https://git.kernel.org/stable/c/5cdce3dda3b3dacde902f63a8ee72c2b7f91912d"
},
{
"url": "https://git.kernel.org/stable/c/6c6064cbe58b43533e3451ad6a8ba9736c109ac3"
}
],
"title": "drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35817",
"datePublished": "2024-05-17T13:23:21.720Z",
"dateReserved": "2024-05-17T12:19:12.343Z",
"dateUpdated": "2025-05-21T09:12:35.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42145 (GCVE-0-2024-42145)
Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2026-01-05 10:52
VLAI?
EPSS
Title
IB/core: Implement a limit on UMAD receive List
Summary
In the Linux kernel, the following vulnerability has been resolved:
IB/core: Implement a limit on UMAD receive List
The existing behavior of ib_umad, which maintains received MAD
packets in an unbounded list, poses a risk of uncontrolled growth.
As user-space applications extract packets from this list, the rate
of extraction may not match the rate of incoming packets, leading
to potential list overflow.
To address this, we introduce a limit to the size of the list. After
considering typical scenarios, such as OpenSM processing, which can
handle approximately 100k packets per second, and the 1-second retry
timeout for most packets, we set the list size limit to 200k. Packets
received beyond this limit are dropped, assuming they are likely timed
out by the time they are handled by user-space.
Notably, packets queued on the receive list due to reasons like
timed-out sends are preserved even when the list is full.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1288cf1cceb0e6df276e182f5412370fb4169bcb
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b4913702419d064ec4c4bbf7270643c95cc89a1b (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 62349fbf86b5e13b02721bdadf98c29afd1e7b5f (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d73cb8862e4d6760ccc94d3b57b9ef6271400607 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 63d202d948bb6d3a28cd8e8b96b160fa53e18baa (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b8c5f635997f49c625178d1a0cb32a80ed33abe6 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a6627fba793cc75b7365d9504a0095fb2902dda4 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ca0b44e20a6f3032224599f02e7c8fb49525c894 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:02:11.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4913702419d064ec4c4bbf7270643c95cc89a1b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62349fbf86b5e13b02721bdadf98c29afd1e7b5f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d73cb8862e4d6760ccc94d3b57b9ef6271400607"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/63d202d948bb6d3a28cd8e8b96b160fa53e18baa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b8c5f635997f49c625178d1a0cb32a80ed33abe6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a6627fba793cc75b7365d9504a0095fb2902dda4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca0b44e20a6f3032224599f02e7c8fb49525c894"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:15:44.209486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:35.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/user_mad.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1288cf1cceb0e6df276e182f5412370fb4169bcb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b4913702419d064ec4c4bbf7270643c95cc89a1b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "62349fbf86b5e13b02721bdadf98c29afd1e7b5f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d73cb8862e4d6760ccc94d3b57b9ef6271400607",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "63d202d948bb6d3a28cd8e8b96b160fa53e18baa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b8c5f635997f49c625178d1a0cb32a80ed33abe6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a6627fba793cc75b7365d9504a0095fb2902dda4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ca0b44e20a6f3032224599f02e7c8fb49525c894",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/user_mad.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/core: Implement a limit on UMAD receive List\n\nThe existing behavior of ib_umad, which maintains received MAD\npackets in an unbounded list, poses a risk of uncontrolled growth.\nAs user-space applications extract packets from this list, the rate\nof extraction may not match the rate of incoming packets, leading\nto potential list overflow.\n\nTo address this, we introduce a limit to the size of the list. After\nconsidering typical scenarios, such as OpenSM processing, which can\nhandle approximately 100k packets per second, and the 1-second retry\ntimeout for most packets, we set the list size limit to 200k. Packets\nreceived beyond this limit are dropped, assuming they are likely timed\nout by the time they are handled by user-space.\n\nNotably, packets queued on the receive list due to reasons like\ntimed-out sends are preserved even when the list is full."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:52:01.255Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcb"
},
{
"url": "https://git.kernel.org/stable/c/b4913702419d064ec4c4bbf7270643c95cc89a1b"
},
{
"url": "https://git.kernel.org/stable/c/62349fbf86b5e13b02721bdadf98c29afd1e7b5f"
},
{
"url": "https://git.kernel.org/stable/c/d73cb8862e4d6760ccc94d3b57b9ef6271400607"
},
{
"url": "https://git.kernel.org/stable/c/63d202d948bb6d3a28cd8e8b96b160fa53e18baa"
},
{
"url": "https://git.kernel.org/stable/c/b8c5f635997f49c625178d1a0cb32a80ed33abe6"
},
{
"url": "https://git.kernel.org/stable/c/a6627fba793cc75b7365d9504a0095fb2902dda4"
},
{
"url": "https://git.kernel.org/stable/c/ca0b44e20a6f3032224599f02e7c8fb49525c894"
}
],
"title": "IB/core: Implement a limit on UMAD receive List",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42145",
"datePublished": "2024-07-30T07:46:38.650Z",
"dateReserved": "2024-07-29T15:50:41.190Z",
"dateUpdated": "2026-01-05T10:52:01.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48966 (GCVE-0-2022-48966)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
net: mvneta: Prevent out of bounds read in mvneta_config_rss()
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: mvneta: Prevent out of bounds read in mvneta_config_rss()
The pp->indir[0] value comes from the user. It is passed to:
if (cpu_online(pp->rxq_def))
inside the mvneta_percpu_elect() function. It needs bounds checkeding
to ensure that it is not beyond the end of the cpu bitmap.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
cad5d847a093077b499a8b0bbfe6804b9226c03e , < 3ceffb8f410b93553fb16fe7e84aa0d35b3ba79b
(git)
Affected: cad5d847a093077b499a8b0bbfe6804b9226c03e , < 47a1a2f6cd5ec3a4f8a2d9bfa1e0605347cdb92c (git) Affected: cad5d847a093077b499a8b0bbfe6804b9226c03e , < 5a142486a0db6b0b85031f22d69acd0cdcf8f72b (git) Affected: cad5d847a093077b499a8b0bbfe6804b9226c03e , < eec1fc21edc2bb99c9e66cf66f0b5d4d643fbb50 (git) Affected: cad5d847a093077b499a8b0bbfe6804b9226c03e , < 146ebee8fcdb349d7ec0e49915e6cdafb92544ae (git) Affected: cad5d847a093077b499a8b0bbfe6804b9226c03e , < a6b30598fec84f8809f5417cde73071ca43e8471 (git) Affected: cad5d847a093077b499a8b0bbfe6804b9226c03e , < 6ca0a506dddc3e1d636935eef339576b263bf3d8 (git) Affected: cad5d847a093077b499a8b0bbfe6804b9226c03e , < e8b4fc13900b8e8be48debffd0dfd391772501f7 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:19:44.933611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:38.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/mvneta.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3ceffb8f410b93553fb16fe7e84aa0d35b3ba79b",
"status": "affected",
"version": "cad5d847a093077b499a8b0bbfe6804b9226c03e",
"versionType": "git"
},
{
"lessThan": "47a1a2f6cd5ec3a4f8a2d9bfa1e0605347cdb92c",
"status": "affected",
"version": "cad5d847a093077b499a8b0bbfe6804b9226c03e",
"versionType": "git"
},
{
"lessThan": "5a142486a0db6b0b85031f22d69acd0cdcf8f72b",
"status": "affected",
"version": "cad5d847a093077b499a8b0bbfe6804b9226c03e",
"versionType": "git"
},
{
"lessThan": "eec1fc21edc2bb99c9e66cf66f0b5d4d643fbb50",
"status": "affected",
"version": "cad5d847a093077b499a8b0bbfe6804b9226c03e",
"versionType": "git"
},
{
"lessThan": "146ebee8fcdb349d7ec0e49915e6cdafb92544ae",
"status": "affected",
"version": "cad5d847a093077b499a8b0bbfe6804b9226c03e",
"versionType": "git"
},
{
"lessThan": "a6b30598fec84f8809f5417cde73071ca43e8471",
"status": "affected",
"version": "cad5d847a093077b499a8b0bbfe6804b9226c03e",
"versionType": "git"
},
{
"lessThan": "6ca0a506dddc3e1d636935eef339576b263bf3d8",
"status": "affected",
"version": "cad5d847a093077b499a8b0bbfe6804b9226c03e",
"versionType": "git"
},
{
"lessThan": "e8b4fc13900b8e8be48debffd0dfd391772501f7",
"status": "affected",
"version": "cad5d847a093077b499a8b0bbfe6804b9226c03e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/mvneta.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.5"
},
{
"lessThan": "4.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.336",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.336",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.302",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.269",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvneta: Prevent out of bounds read in mvneta_config_rss()\n\nThe pp-\u003eindir[0] value comes from the user. It is passed to:\n\n\tif (cpu_online(pp-\u003erxq_def))\n\ninside the mvneta_percpu_elect() function. It needs bounds checkeding\nto ensure that it is not beyond the end of the cpu bitmap."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:05.157Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3ceffb8f410b93553fb16fe7e84aa0d35b3ba79b"
},
{
"url": "https://git.kernel.org/stable/c/47a1a2f6cd5ec3a4f8a2d9bfa1e0605347cdb92c"
},
{
"url": "https://git.kernel.org/stable/c/5a142486a0db6b0b85031f22d69acd0cdcf8f72b"
},
{
"url": "https://git.kernel.org/stable/c/eec1fc21edc2bb99c9e66cf66f0b5d4d643fbb50"
},
{
"url": "https://git.kernel.org/stable/c/146ebee8fcdb349d7ec0e49915e6cdafb92544ae"
},
{
"url": "https://git.kernel.org/stable/c/a6b30598fec84f8809f5417cde73071ca43e8471"
},
{
"url": "https://git.kernel.org/stable/c/6ca0a506dddc3e1d636935eef339576b263bf3d8"
},
{
"url": "https://git.kernel.org/stable/c/e8b4fc13900b8e8be48debffd0dfd391772501f7"
}
],
"title": "net: mvneta: Prevent out of bounds read in mvneta_config_rss()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48966",
"datePublished": "2024-10-21T20:05:49.126Z",
"dateReserved": "2024-08-22T01:27:53.628Z",
"dateUpdated": "2025-05-04T08:27:05.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48972 (GCVE-0-2022-48972)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
Summary
In the Linux kernel, the following vulnerability has been resolved:
mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
Kernel fault injection test reports null-ptr-deref as follows:
BUG: kernel NULL pointer dereference, address: 0000000000000008
RIP: 0010:cfg802154_netdev_notifier_call+0x120/0x310 include/linux/list.h:114
Call Trace:
<TASK>
raw_notifier_call_chain+0x6d/0xa0 kernel/notifier.c:87
call_netdevice_notifiers_info+0x6e/0xc0 net/core/dev.c:1944
unregister_netdevice_many_notify+0x60d/0xcb0 net/core/dev.c:1982
unregister_netdevice_queue+0x154/0x1a0 net/core/dev.c:10879
register_netdevice+0x9a8/0xb90 net/core/dev.c:10083
ieee802154_if_add+0x6ed/0x7e0 net/mac802154/iface.c:659
ieee802154_register_hw+0x29c/0x330 net/mac802154/main.c:229
mcr20a_probe+0xaaa/0xcb1 drivers/net/ieee802154/mcr20a.c:1316
ieee802154_if_add() allocates wpan_dev as netdev's private data, but not
init the list in struct wpan_dev. cfg802154_netdev_notifier_call() manage
the list when device register/unregister, and may lead to null-ptr-deref.
Use INIT_LIST_HEAD() on it to initialize it correctly.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
fcf39e6e88e9492f6688ec8ba4e1be622b904232 , < 7410f4d1221bb182510b7778ab6eefa8b9b7102d
(git)
Affected: fcf39e6e88e9492f6688ec8ba4e1be622b904232 , < 9980a3ea20de40c83817877106c909cb032692d2 (git) Affected: fcf39e6e88e9492f6688ec8ba4e1be622b904232 , < f00c84fb1635c27ba24ec5df65d5bd7d7dc00008 (git) Affected: fcf39e6e88e9492f6688ec8ba4e1be622b904232 , < 1831d4540406708e48239cf38fd9c3b7ea98e08f (git) Affected: fcf39e6e88e9492f6688ec8ba4e1be622b904232 , < 42c319635c0cf7eb36eccac6cda76532f47b61a3 (git) Affected: fcf39e6e88e9492f6688ec8ba4e1be622b904232 , < a110287ef4a423980309490df632e1c1e73b3dc9 (git) Affected: fcf39e6e88e9492f6688ec8ba4e1be622b904232 , < 623918f40fa68e3bb21312a3fafb90f491bf5358 (git) Affected: fcf39e6e88e9492f6688ec8ba4e1be622b904232 , < b3d72d3135d2ef68296c1ee174436efd65386f04 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:19:01.056200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:37.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mac802154/iface.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7410f4d1221bb182510b7778ab6eefa8b9b7102d",
"status": "affected",
"version": "fcf39e6e88e9492f6688ec8ba4e1be622b904232",
"versionType": "git"
},
{
"lessThan": "9980a3ea20de40c83817877106c909cb032692d2",
"status": "affected",
"version": "fcf39e6e88e9492f6688ec8ba4e1be622b904232",
"versionType": "git"
},
{
"lessThan": "f00c84fb1635c27ba24ec5df65d5bd7d7dc00008",
"status": "affected",
"version": "fcf39e6e88e9492f6688ec8ba4e1be622b904232",
"versionType": "git"
},
{
"lessThan": "1831d4540406708e48239cf38fd9c3b7ea98e08f",
"status": "affected",
"version": "fcf39e6e88e9492f6688ec8ba4e1be622b904232",
"versionType": "git"
},
{
"lessThan": "42c319635c0cf7eb36eccac6cda76532f47b61a3",
"status": "affected",
"version": "fcf39e6e88e9492f6688ec8ba4e1be622b904232",
"versionType": "git"
},
{
"lessThan": "a110287ef4a423980309490df632e1c1e73b3dc9",
"status": "affected",
"version": "fcf39e6e88e9492f6688ec8ba4e1be622b904232",
"versionType": "git"
},
{
"lessThan": "623918f40fa68e3bb21312a3fafb90f491bf5358",
"status": "affected",
"version": "fcf39e6e88e9492f6688ec8ba4e1be622b904232",
"versionType": "git"
},
{
"lessThan": "b3d72d3135d2ef68296c1ee174436efd65386f04",
"status": "affected",
"version": "fcf39e6e88e9492f6688ec8ba4e1be622b904232",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mac802154/iface.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.336",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.336",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.302",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.269",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()\n\nKernel fault injection test reports null-ptr-deref as follows:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nRIP: 0010:cfg802154_netdev_notifier_call+0x120/0x310 include/linux/list.h:114\nCall Trace:\n \u003cTASK\u003e\n raw_notifier_call_chain+0x6d/0xa0 kernel/notifier.c:87\n call_netdevice_notifiers_info+0x6e/0xc0 net/core/dev.c:1944\n unregister_netdevice_many_notify+0x60d/0xcb0 net/core/dev.c:1982\n unregister_netdevice_queue+0x154/0x1a0 net/core/dev.c:10879\n register_netdevice+0x9a8/0xb90 net/core/dev.c:10083\n ieee802154_if_add+0x6ed/0x7e0 net/mac802154/iface.c:659\n ieee802154_register_hw+0x29c/0x330 net/mac802154/main.c:229\n mcr20a_probe+0xaaa/0xcb1 drivers/net/ieee802154/mcr20a.c:1316\n\nieee802154_if_add() allocates wpan_dev as netdev\u0027s private data, but not\ninit the list in struct wpan_dev. cfg802154_netdev_notifier_call() manage\nthe list when device register/unregister, and may lead to null-ptr-deref.\n\nUse INIT_LIST_HEAD() on it to initialize it correctly."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:11.564Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7410f4d1221bb182510b7778ab6eefa8b9b7102d"
},
{
"url": "https://git.kernel.org/stable/c/9980a3ea20de40c83817877106c909cb032692d2"
},
{
"url": "https://git.kernel.org/stable/c/f00c84fb1635c27ba24ec5df65d5bd7d7dc00008"
},
{
"url": "https://git.kernel.org/stable/c/1831d4540406708e48239cf38fd9c3b7ea98e08f"
},
{
"url": "https://git.kernel.org/stable/c/42c319635c0cf7eb36eccac6cda76532f47b61a3"
},
{
"url": "https://git.kernel.org/stable/c/a110287ef4a423980309490df632e1c1e73b3dc9"
},
{
"url": "https://git.kernel.org/stable/c/623918f40fa68e3bb21312a3fafb90f491bf5358"
},
{
"url": "https://git.kernel.org/stable/c/b3d72d3135d2ef68296c1ee174436efd65386f04"
}
],
"title": "mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48972",
"datePublished": "2024-10-21T20:05:53.061Z",
"dateReserved": "2024-08-22T01:27:53.629Z",
"dateUpdated": "2025-05-04T08:27:11.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27398 (GCVE-0-2024-27398)
Vulnerability from cvelistv5 – Published: 2024-05-13 10:22 – Updated: 2025-05-04 12:55
VLAI?
EPSS
Title
Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
When the sco connection is established and then, the sco socket
is releasing, timeout_work will be scheduled to judge whether
the sco disconnection is timeout. The sock will be deallocated
later, but it is dereferenced again in sco_sock_timeout. As a
result, the use-after-free bugs will happen. The root cause is
shown below:
Cleanup Thread | Worker Thread
sco_sock_release |
sco_sock_close |
__sco_sock_close |
sco_sock_set_timer |
schedule_delayed_work |
sco_sock_kill | (wait a time)
sock_put(sk) //FREE | sco_sock_timeout
| sock_hold(sk) //USE
The KASAN report triggered by POC is shown below:
[ 95.890016] ==================================================================
[ 95.890496] BUG: KASAN: slab-use-after-free in sco_sock_timeout+0x5e/0x1c0
[ 95.890755] Write of size 4 at addr ffff88800c388080 by task kworker/0:0/7
...
[ 95.890755] Workqueue: events sco_sock_timeout
[ 95.890755] Call Trace:
[ 95.890755] <TASK>
[ 95.890755] dump_stack_lvl+0x45/0x110
[ 95.890755] print_address_description+0x78/0x390
[ 95.890755] print_report+0x11b/0x250
[ 95.890755] ? __virt_addr_valid+0xbe/0xf0
[ 95.890755] ? sco_sock_timeout+0x5e/0x1c0
[ 95.890755] kasan_report+0x139/0x170
[ 95.890755] ? update_load_avg+0xe5/0x9f0
[ 95.890755] ? sco_sock_timeout+0x5e/0x1c0
[ 95.890755] kasan_check_range+0x2c3/0x2e0
[ 95.890755] sco_sock_timeout+0x5e/0x1c0
[ 95.890755] process_one_work+0x561/0xc50
[ 95.890755] worker_thread+0xab2/0x13c0
[ 95.890755] ? pr_cont_work+0x490/0x490
[ 95.890755] kthread+0x279/0x300
[ 95.890755] ? pr_cont_work+0x490/0x490
[ 95.890755] ? kthread_blkcg+0xa0/0xa0
[ 95.890755] ret_from_fork+0x34/0x60
[ 95.890755] ? kthread_blkcg+0xa0/0xa0
[ 95.890755] ret_from_fork_asm+0x11/0x20
[ 95.890755] </TASK>
[ 95.890755]
[ 95.890755] Allocated by task 506:
[ 95.890755] kasan_save_track+0x3f/0x70
[ 95.890755] __kasan_kmalloc+0x86/0x90
[ 95.890755] __kmalloc+0x17f/0x360
[ 95.890755] sk_prot_alloc+0xe1/0x1a0
[ 95.890755] sk_alloc+0x31/0x4e0
[ 95.890755] bt_sock_alloc+0x2b/0x2a0
[ 95.890755] sco_sock_create+0xad/0x320
[ 95.890755] bt_sock_create+0x145/0x320
[ 95.890755] __sock_create+0x2e1/0x650
[ 95.890755] __sys_socket+0xd0/0x280
[ 95.890755] __x64_sys_socket+0x75/0x80
[ 95.890755] do_syscall_64+0xc4/0x1b0
[ 95.890755] entry_SYSCALL_64_after_hwframe+0x67/0x6f
[ 95.890755]
[ 95.890755] Freed by task 506:
[ 95.890755] kasan_save_track+0x3f/0x70
[ 95.890755] kasan_save_free_info+0x40/0x50
[ 95.890755] poison_slab_object+0x118/0x180
[ 95.890755] __kasan_slab_free+0x12/0x30
[ 95.890755] kfree+0xb2/0x240
[ 95.890755] __sk_destruct+0x317/0x410
[ 95.890755] sco_sock_release+0x232/0x280
[ 95.890755] sock_close+0xb2/0x210
[ 95.890755] __fput+0x37f/0x770
[ 95.890755] task_work_run+0x1ae/0x210
[ 95.890755] get_signal+0xe17/0xf70
[ 95.890755] arch_do_signal_or_restart+0x3f/0x520
[ 95.890755] syscall_exit_to_user_mode+0x55/0x120
[ 95.890755] do_syscall_64+0xd1/0x1b0
[ 95.890755] entry_SYSCALL_64_after_hwframe+0x67/0x6f
[ 95.890755]
[ 95.890755] The buggy address belongs to the object at ffff88800c388000
[ 95.890755] which belongs to the cache kmalloc-1k of size 1024
[ 95.890755] The buggy address is located 128 bytes inside of
[ 95.890755] freed 1024-byte region [ffff88800c388000, ffff88800c388400)
[ 95.890755]
[ 95.890755] The buggy address belongs to the physical page:
[ 95.890755] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800c38a800 pfn:0xc388
[ 95.890755] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 95.890755] ano
---truncated---
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
48669c81a65628ef234cbdd91b9395952c7c27fe , < 1b33d55fb7355e27f8c82cd4ecd560f162469249
(git)
Affected: 37d7ae2b0578f2373674a755402ee722e96edc08 , < 3212afd00e3cda790fd0583cb3eaef8f9575a014 (git) Affected: a1073aad497d0d071a71f61b721966a176d50c08 , < 33a6e92161a78c1073d90e27abe28d746feb0a53 (git) Affected: ba316be1b6a00db7126ed9a39f9bee434a508043 , < 6a18eeb1b3bbc67c20d9609c31dca6a69b4bcde5 (git) Affected: ba316be1b6a00db7126ed9a39f9bee434a508043 , < bfab2c1f7940a232cd519e82fff137e308abfd93 (git) Affected: ba316be1b6a00db7126ed9a39f9bee434a508043 , < 012363cb1bec5f33a7b94629ab2c1086f30280f2 (git) Affected: ba316be1b6a00db7126ed9a39f9bee434a508043 , < 50c2037fc28df870ef29d9728c770c8955d32178 (git) Affected: ba316be1b6a00db7126ed9a39f9bee434a508043 , < 483bc08181827fc475643272ffb69c533007e546 (git) Affected: fea63ccd928c01573306983346588b26cffb5572 (git) Affected: ec1f74319bb35c1c90c25014ec0f6ea6c3ca2134 (git) Affected: b657bba82ff6a007d84fd076bd73b11131726a2b (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:29:55.290790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:30:07.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-11-30T08:03:15.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b33d55fb7355e27f8c82cd4ecd560f162469249"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3212afd00e3cda790fd0583cb3eaef8f9575a014"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/33a6e92161a78c1073d90e27abe28d746feb0a53"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6a18eeb1b3bbc67c20d9609c31dca6a69b4bcde5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bfab2c1f7940a232cd519e82fff137e308abfd93"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/012363cb1bec5f33a7b94629ab2c1086f30280f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/50c2037fc28df870ef29d9728c770c8955d32178"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/483bc08181827fc475643272ffb69c533007e546"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240912-0012/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/29/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/30/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/30/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/sco.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1b33d55fb7355e27f8c82cd4ecd560f162469249",
"status": "affected",
"version": "48669c81a65628ef234cbdd91b9395952c7c27fe",
"versionType": "git"
},
{
"lessThan": "3212afd00e3cda790fd0583cb3eaef8f9575a014",
"status": "affected",
"version": "37d7ae2b0578f2373674a755402ee722e96edc08",
"versionType": "git"
},
{
"lessThan": "33a6e92161a78c1073d90e27abe28d746feb0a53",
"status": "affected",
"version": "a1073aad497d0d071a71f61b721966a176d50c08",
"versionType": "git"
},
{
"lessThan": "6a18eeb1b3bbc67c20d9609c31dca6a69b4bcde5",
"status": "affected",
"version": "ba316be1b6a00db7126ed9a39f9bee434a508043",
"versionType": "git"
},
{
"lessThan": "bfab2c1f7940a232cd519e82fff137e308abfd93",
"status": "affected",
"version": "ba316be1b6a00db7126ed9a39f9bee434a508043",
"versionType": "git"
},
{
"lessThan": "012363cb1bec5f33a7b94629ab2c1086f30280f2",
"status": "affected",
"version": "ba316be1b6a00db7126ed9a39f9bee434a508043",
"versionType": "git"
},
{
"lessThan": "50c2037fc28df870ef29d9728c770c8955d32178",
"status": "affected",
"version": "ba316be1b6a00db7126ed9a39f9bee434a508043",
"versionType": "git"
},
{
"lessThan": "483bc08181827fc475643272ffb69c533007e546",
"status": "affected",
"version": "ba316be1b6a00db7126ed9a39f9bee434a508043",
"versionType": "git"
},
{
"status": "affected",
"version": "fea63ccd928c01573306983346588b26cffb5572",
"versionType": "git"
},
{
"status": "affected",
"version": "ec1f74319bb35c1c90c25014ec0f6ea6c3ca2134",
"versionType": "git"
},
{
"status": "affected",
"version": "b657bba82ff6a007d84fd076bd73b11131726a2b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/sco.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "4.19.207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "5.4.148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "5.10.67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix use-after-free bugs caused by sco_sock_timeout\n\nWhen the sco connection is established and then, the sco socket\nis releasing, timeout_work will be scheduled to judge whether\nthe sco disconnection is timeout. The sock will be deallocated\nlater, but it is dereferenced again in sco_sock_timeout. As a\nresult, the use-after-free bugs will happen. The root cause is\nshown below:\n\n Cleanup Thread | Worker Thread\nsco_sock_release |\n sco_sock_close |\n __sco_sock_close |\n sco_sock_set_timer |\n schedule_delayed_work |\n sco_sock_kill | (wait a time)\n sock_put(sk) //FREE | sco_sock_timeout\n | sock_hold(sk) //USE\n\nThe KASAN report triggered by POC is shown below:\n\n[ 95.890016] ==================================================================\n[ 95.890496] BUG: KASAN: slab-use-after-free in sco_sock_timeout+0x5e/0x1c0\n[ 95.890755] Write of size 4 at addr ffff88800c388080 by task kworker/0:0/7\n...\n[ 95.890755] Workqueue: events sco_sock_timeout\n[ 95.890755] Call Trace:\n[ 95.890755] \u003cTASK\u003e\n[ 95.890755] dump_stack_lvl+0x45/0x110\n[ 95.890755] print_address_description+0x78/0x390\n[ 95.890755] print_report+0x11b/0x250\n[ 95.890755] ? __virt_addr_valid+0xbe/0xf0\n[ 95.890755] ? sco_sock_timeout+0x5e/0x1c0\n[ 95.890755] kasan_report+0x139/0x170\n[ 95.890755] ? update_load_avg+0xe5/0x9f0\n[ 95.890755] ? sco_sock_timeout+0x5e/0x1c0\n[ 95.890755] kasan_check_range+0x2c3/0x2e0\n[ 95.890755] sco_sock_timeout+0x5e/0x1c0\n[ 95.890755] process_one_work+0x561/0xc50\n[ 95.890755] worker_thread+0xab2/0x13c0\n[ 95.890755] ? pr_cont_work+0x490/0x490\n[ 95.890755] kthread+0x279/0x300\n[ 95.890755] ? pr_cont_work+0x490/0x490\n[ 95.890755] ? kthread_blkcg+0xa0/0xa0\n[ 95.890755] ret_from_fork+0x34/0x60\n[ 95.890755] ? kthread_blkcg+0xa0/0xa0\n[ 95.890755] ret_from_fork_asm+0x11/0x20\n[ 95.890755] \u003c/TASK\u003e\n[ 95.890755]\n[ 95.890755] Allocated by task 506:\n[ 95.890755] kasan_save_track+0x3f/0x70\n[ 95.890755] __kasan_kmalloc+0x86/0x90\n[ 95.890755] __kmalloc+0x17f/0x360\n[ 95.890755] sk_prot_alloc+0xe1/0x1a0\n[ 95.890755] sk_alloc+0x31/0x4e0\n[ 95.890755] bt_sock_alloc+0x2b/0x2a0\n[ 95.890755] sco_sock_create+0xad/0x320\n[ 95.890755] bt_sock_create+0x145/0x320\n[ 95.890755] __sock_create+0x2e1/0x650\n[ 95.890755] __sys_socket+0xd0/0x280\n[ 95.890755] __x64_sys_socket+0x75/0x80\n[ 95.890755] do_syscall_64+0xc4/0x1b0\n[ 95.890755] entry_SYSCALL_64_after_hwframe+0x67/0x6f\n[ 95.890755]\n[ 95.890755] Freed by task 506:\n[ 95.890755] kasan_save_track+0x3f/0x70\n[ 95.890755] kasan_save_free_info+0x40/0x50\n[ 95.890755] poison_slab_object+0x118/0x180\n[ 95.890755] __kasan_slab_free+0x12/0x30\n[ 95.890755] kfree+0xb2/0x240\n[ 95.890755] __sk_destruct+0x317/0x410\n[ 95.890755] sco_sock_release+0x232/0x280\n[ 95.890755] sock_close+0xb2/0x210\n[ 95.890755] __fput+0x37f/0x770\n[ 95.890755] task_work_run+0x1ae/0x210\n[ 95.890755] get_signal+0xe17/0xf70\n[ 95.890755] arch_do_signal_or_restart+0x3f/0x520\n[ 95.890755] syscall_exit_to_user_mode+0x55/0x120\n[ 95.890755] do_syscall_64+0xd1/0x1b0\n[ 95.890755] entry_SYSCALL_64_after_hwframe+0x67/0x6f\n[ 95.890755]\n[ 95.890755] The buggy address belongs to the object at ffff88800c388000\n[ 95.890755] which belongs to the cache kmalloc-1k of size 1024\n[ 95.890755] The buggy address is located 128 bytes inside of\n[ 95.890755] freed 1024-byte region [ffff88800c388000, ffff88800c388400)\n[ 95.890755]\n[ 95.890755] The buggy address belongs to the physical page:\n[ 95.890755] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800c38a800 pfn:0xc388\n[ 95.890755] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0\n[ 95.890755] ano\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:31.938Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1b33d55fb7355e27f8c82cd4ecd560f162469249"
},
{
"url": "https://git.kernel.org/stable/c/3212afd00e3cda790fd0583cb3eaef8f9575a014"
},
{
"url": "https://git.kernel.org/stable/c/33a6e92161a78c1073d90e27abe28d746feb0a53"
},
{
"url": "https://git.kernel.org/stable/c/6a18eeb1b3bbc67c20d9609c31dca6a69b4bcde5"
},
{
"url": "https://git.kernel.org/stable/c/bfab2c1f7940a232cd519e82fff137e308abfd93"
},
{
"url": "https://git.kernel.org/stable/c/012363cb1bec5f33a7b94629ab2c1086f30280f2"
},
{
"url": "https://git.kernel.org/stable/c/50c2037fc28df870ef29d9728c770c8955d32178"
},
{
"url": "https://git.kernel.org/stable/c/483bc08181827fc475643272ffb69c533007e546"
}
],
"title": "Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27398",
"datePublished": "2024-05-13T10:22:26.624Z",
"dateReserved": "2024-02-25T13:47:42.681Z",
"dateUpdated": "2025-05-04T12:55:31.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47291 (GCVE-0-2021-47291)
Vulnerability from cvelistv5 – Published: 2024-05-21 14:35 – Updated: 2025-05-04 07:07
VLAI?
EPSS
Title
ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions
While running the self-tests on a KASAN enabled kernel, I observed a
slab-out-of-bounds splat very similar to the one reported in
commit 821bbf79fe46 ("ipv6: Fix KASAN: slab-out-of-bounds Read in
fib6_nh_flush_exceptions").
We additionally need to take care of fib6_metrics initialization
failure when the caller provides an nh.
The fix is similar, explicitly free the route instead of calling
fib6_info_release on a half-initialized object.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74 , < 830251361425c5be044db4d826aaf304ea3d14c6
(git)
Affected: f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74 , < ce8fafb68051fba52546f8bbe8621f7641683680 (git) Affected: f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74 , < 115784bcccf135c3a3548098153413d76f16aae0 (git) Affected: f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74 , < 8fb4792f091e608a0a1d353dfdf07ef55a719db5 (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:32:08.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/830251361425c5be044db4d826aaf304ea3d14c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ce8fafb68051fba52546f8bbe8621f7641683680"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/115784bcccf135c3a3548098153413d76f16aae0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8fb4792f091e608a0a1d353dfdf07ef55a719db5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T18:51:27.837598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T18:52:14.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "830251361425c5be044db4d826aaf304ea3d14c6",
"status": "affected",
"version": "f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74",
"versionType": "git"
},
{
"lessThan": "ce8fafb68051fba52546f8bbe8621f7641683680",
"status": "affected",
"version": "f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74",
"versionType": "git"
},
{
"lessThan": "115784bcccf135c3a3548098153413d76f16aae0",
"status": "affected",
"version": "f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74",
"versionType": "git"
},
{
"lessThan": "8fb4792f091e608a0a1d353dfdf07ef55a719db5",
"status": "affected",
"version": "f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.136",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.13.*",
"status": "unaffected",
"version": "5.13.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.136",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.54",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13.6",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions\n\nWhile running the self-tests on a KASAN enabled kernel, I observed a\nslab-out-of-bounds splat very similar to the one reported in\ncommit 821bbf79fe46 (\"ipv6: Fix KASAN: slab-out-of-bounds Read in\n fib6_nh_flush_exceptions\").\n\nWe additionally need to take care of fib6_metrics initialization\nfailure when the caller provides an nh.\n\nThe fix is similar, explicitly free the route instead of calling\nfib6_info_release on a half-initialized object."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:07:59.598Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/830251361425c5be044db4d826aaf304ea3d14c6"
},
{
"url": "https://git.kernel.org/stable/c/ce8fafb68051fba52546f8bbe8621f7641683680"
},
{
"url": "https://git.kernel.org/stable/c/115784bcccf135c3a3548098153413d76f16aae0"
},
{
"url": "https://git.kernel.org/stable/c/8fb4792f091e608a0a1d353dfdf07ef55a719db5"
}
],
"title": "ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47291",
"datePublished": "2024-05-21T14:35:16.071Z",
"dateReserved": "2024-05-21T13:27:52.130Z",
"dateUpdated": "2025-05-04T07:07:59.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28327 (GCVE-0-2023-28327)
Vulnerability from cvelistv5 – Published: 2023-04-19 00:00 – Updated: 2025-03-19 15:35
VLAI?
EPSS
Summary
A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service.
Severity ?
5.5 (Medium)
CWE
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:24.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177382"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T15:56:18.401087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T15:35:50.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Linux",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177382"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-28327",
"datePublished": "2023-04-19T00:00:00.000Z",
"dateReserved": "2023-03-14T00:00:00.000Z",
"dateUpdated": "2025-03-19T15:35:50.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46724 (GCVE-0-2024-46724)
Vulnerability from cvelistv5 – Published: 2024-09-18 06:32 – Updated: 2025-11-03 22:17
VLAI?
EPSS
Title
drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
Check the fb_channel_number range to avoid the array out-of-bounds
read error
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 725b728cc0c8c5fafdfb51cb0937870d33a40fa4
(git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 45f7b02afc464c208e8f56bcbc672ef5c364c815 (git) Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 32915dc909ff502823babfe07d5416c5b6e8a8b1 (git) Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < f9267972490f9fcffe146e79828e97acc0da588c (git) Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < db7a86676fd624768a5d907faf34ad7bb4ff25f4 (git) Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < d768394fa99467bcf2703bde74ddc96eeb0b71fa (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46724",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:56:02.346658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:56:16.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:17:05.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/df_v1_7.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "725b728cc0c8c5fafdfb51cb0937870d33a40fa4",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "45f7b02afc464c208e8f56bcbc672ef5c364c815",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "32915dc909ff502823babfe07d5416c5b6e8a8b1",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "f9267972490f9fcffe146e79828e97acc0da588c",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "db7a86676fd624768a5d907faf34ad7bb4ff25f4",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "d768394fa99467bcf2703bde74ddc96eeb0b71fa",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/df_v1_7.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.50",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.109",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.50",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.9",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number\n\nCheck the fb_channel_number range to avoid the array out-of-bounds\nread error"
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T08:02:50.121Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/725b728cc0c8c5fafdfb51cb0937870d33a40fa4"
},
{
"url": "https://git.kernel.org/stable/c/45f7b02afc464c208e8f56bcbc672ef5c364c815"
},
{
"url": "https://git.kernel.org/stable/c/32915dc909ff502823babfe07d5416c5b6e8a8b1"
},
{
"url": "https://git.kernel.org/stable/c/f9267972490f9fcffe146e79828e97acc0da588c"
},
{
"url": "https://git.kernel.org/stable/c/db7a86676fd624768a5d907faf34ad7bb4ff25f4"
},
{
"url": "https://git.kernel.org/stable/c/d768394fa99467bcf2703bde74ddc96eeb0b71fa"
}
],
"title": "drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46724",
"datePublished": "2024-09-18T06:32:21.220Z",
"dateReserved": "2024-09-11T15:12:18.255Z",
"dateUpdated": "2025-11-03T22:17:05.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26766 (GCVE-0-2024-26766)
Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2025-05-04 12:54
VLAI?
EPSS
Title
IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
Summary
In the Linux kernel, the following vulnerability has been resolved:
IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
Unfortunately the commit `fd8958efe877` introduced another error
causing the `descs` array to overflow. This reults in further crashes
easily reproducible by `sendmsg` system call.
[ 1080.836473] general protection fault, probably for non-canonical address 0x400300015528b00a: 0000 [#1] PREEMPT SMP PTI
[ 1080.869326] RIP: 0010:hfi1_ipoib_build_ib_tx_headers.constprop.0+0xe1/0x2b0 [hfi1]
--
[ 1080.974535] Call Trace:
[ 1080.976990] <TASK>
[ 1081.021929] hfi1_ipoib_send_dma_common+0x7a/0x2e0 [hfi1]
[ 1081.027364] hfi1_ipoib_send_dma_list+0x62/0x270 [hfi1]
[ 1081.032633] hfi1_ipoib_send+0x112/0x300 [hfi1]
[ 1081.042001] ipoib_start_xmit+0x2a9/0x2d0 [ib_ipoib]
[ 1081.046978] dev_hard_start_xmit+0xc4/0x210
--
[ 1081.148347] __sys_sendmsg+0x59/0xa0
crash> ipoib_txreq 0xffff9cfeba229f00
struct ipoib_txreq {
txreq = {
list = {
next = 0xffff9cfeba229f00,
prev = 0xffff9cfeba229f00
},
descp = 0xffff9cfeba229f40,
coalesce_buf = 0x0,
wait = 0xffff9cfea4e69a48,
complete = 0xffffffffc0fe0760 <hfi1_ipoib_sdma_complete>,
packet_len = 0x46d,
tlen = 0x0,
num_desc = 0x0,
desc_limit = 0x6,
next_descq_idx = 0x45c,
coalesce_idx = 0x0,
flags = 0x0,
descs = {{
qw = {0x8024000120dffb00, 0x4} # SDMA_DESC0_FIRST_DESC_FLAG (bit 63)
}, {
qw = { 0x3800014231b108, 0x4}
}, {
qw = { 0x310000e4ee0fcf0, 0x8}
}, {
qw = { 0x3000012e9f8000, 0x8}
}, {
qw = { 0x59000dfb9d0000, 0x8}
}, {
qw = { 0x78000e02e40000, 0x8}
}}
},
sdma_hdr = 0x400300015528b000, <<< invalid pointer in the tx request structure
sdma_status = 0x0, SDMA_DESC0_LAST_DESC_FLAG (bit 62)
complete = 0x0,
priv = 0x0,
txq = 0xffff9cfea4e69880,
skb = 0xffff9d099809f400
}
If an SDMA send consists of exactly 6 descriptors and requires dword
padding (in the 7th descriptor), the sdma_txreq descriptor array is not
properly expanded and the packet will overflow into the container
structure. This results in a panic when the send completion runs. The
exact panic varies depending on what elements of the container structure
get corrupted. The fix is to use the correct expression in
_pad_sdma_tx_descs() to test the need to expand the descriptor array.
With this patch the crashes are no longer reproducible and the machine is
stable.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
d1c1ee052d25ca23735eea912f843bc7834781b4 , < 115b7f3bc1dce590a6851a2dcf23dc1100c49790
(git)
Affected: 40ac5cb6cbb01afa40881f78b4d2f559fb7065c4 , < 5833024a9856f454a964a198c63a57e59e07baf5 (git) Affected: 6cf8f3d690bb5ad31ef0f41a6206ecf5a068d179 , < 3f38d22e645e2e994979426ea5a35186102ff3c2 (git) Affected: bd57756a7e43c7127d0eca1fc5868e705fd0f7ba , < 47ae64df23ed1318e27bd9844e135a5e1c0e6e39 (git) Affected: eeaf35f4e3b360162081de5e744cf32d6d1b0091 , < 52dc9a7a573dbf778625a0efca0fca55489f084b (git) Affected: fd8958efe8779d3db19c9124fce593ce681ac709 , < a2fef1d81becf4ff60e1a249477464eae3c3bc2a (git) Affected: fd8958efe8779d3db19c9124fce593ce681ac709 , < 9034a1bec35e9f725315a3bb6002ef39666114d9 (git) Affected: fd8958efe8779d3db19c9124fce593ce681ac709 , < e6f57c6881916df39db7d95981a8ad2b9c3458d6 (git) Affected: 0ef9594936d1f078e8599a1cf683b052df2bec00 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T18:11:09.801717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:44.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/115b7f3bc1dce590a6851a2dcf23dc1100c49790"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5833024a9856f454a964a198c63a57e59e07baf5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f38d22e645e2e994979426ea5a35186102ff3c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47ae64df23ed1318e27bd9844e135a5e1c0e6e39"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/52dc9a7a573dbf778625a0efca0fca55489f084b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a2fef1d81becf4ff60e1a249477464eae3c3bc2a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9034a1bec35e9f725315a3bb6002ef39666114d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e6f57c6881916df39db7d95981a8ad2b9c3458d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/sdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "115b7f3bc1dce590a6851a2dcf23dc1100c49790",
"status": "affected",
"version": "d1c1ee052d25ca23735eea912f843bc7834781b4",
"versionType": "git"
},
{
"lessThan": "5833024a9856f454a964a198c63a57e59e07baf5",
"status": "affected",
"version": "40ac5cb6cbb01afa40881f78b4d2f559fb7065c4",
"versionType": "git"
},
{
"lessThan": "3f38d22e645e2e994979426ea5a35186102ff3c2",
"status": "affected",
"version": "6cf8f3d690bb5ad31ef0f41a6206ecf5a068d179",
"versionType": "git"
},
{
"lessThan": "47ae64df23ed1318e27bd9844e135a5e1c0e6e39",
"status": "affected",
"version": "bd57756a7e43c7127d0eca1fc5868e705fd0f7ba",
"versionType": "git"
},
{
"lessThan": "52dc9a7a573dbf778625a0efca0fca55489f084b",
"status": "affected",
"version": "eeaf35f4e3b360162081de5e744cf32d6d1b0091",
"versionType": "git"
},
{
"lessThan": "a2fef1d81becf4ff60e1a249477464eae3c3bc2a",
"status": "affected",
"version": "fd8958efe8779d3db19c9124fce593ce681ac709",
"versionType": "git"
},
{
"lessThan": "9034a1bec35e9f725315a3bb6002ef39666114d9",
"status": "affected",
"version": "fd8958efe8779d3db19c9124fce593ce681ac709",
"versionType": "git"
},
{
"lessThan": "e6f57c6881916df39db7d95981a8ad2b9c3458d6",
"status": "affected",
"version": "fd8958efe8779d3db19c9124fce593ce681ac709",
"versionType": "git"
},
{
"status": "affected",
"version": "0ef9594936d1f078e8599a1cf683b052df2bec00",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/sdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"versionStartIncluding": "4.19.291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "5.4.251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "5.10.188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.15.99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "6.1.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix sdma.h tx-\u003enum_descs off-by-one error\n\nUnfortunately the commit `fd8958efe877` introduced another error\ncausing the `descs` array to overflow. This reults in further crashes\neasily reproducible by `sendmsg` system call.\n\n[ 1080.836473] general protection fault, probably for non-canonical address 0x400300015528b00a: 0000 [#1] PREEMPT SMP PTI\n[ 1080.869326] RIP: 0010:hfi1_ipoib_build_ib_tx_headers.constprop.0+0xe1/0x2b0 [hfi1]\n--\n[ 1080.974535] Call Trace:\n[ 1080.976990] \u003cTASK\u003e\n[ 1081.021929] hfi1_ipoib_send_dma_common+0x7a/0x2e0 [hfi1]\n[ 1081.027364] hfi1_ipoib_send_dma_list+0x62/0x270 [hfi1]\n[ 1081.032633] hfi1_ipoib_send+0x112/0x300 [hfi1]\n[ 1081.042001] ipoib_start_xmit+0x2a9/0x2d0 [ib_ipoib]\n[ 1081.046978] dev_hard_start_xmit+0xc4/0x210\n--\n[ 1081.148347] __sys_sendmsg+0x59/0xa0\n\ncrash\u003e ipoib_txreq 0xffff9cfeba229f00\nstruct ipoib_txreq {\n txreq = {\n list = {\n next = 0xffff9cfeba229f00,\n prev = 0xffff9cfeba229f00\n },\n descp = 0xffff9cfeba229f40,\n coalesce_buf = 0x0,\n wait = 0xffff9cfea4e69a48,\n complete = 0xffffffffc0fe0760 \u003chfi1_ipoib_sdma_complete\u003e,\n packet_len = 0x46d,\n tlen = 0x0,\n num_desc = 0x0,\n desc_limit = 0x6,\n next_descq_idx = 0x45c,\n coalesce_idx = 0x0,\n flags = 0x0,\n descs = {{\n qw = {0x8024000120dffb00, 0x4} # SDMA_DESC0_FIRST_DESC_FLAG (bit 63)\n }, {\n qw = { 0x3800014231b108, 0x4}\n }, {\n qw = { 0x310000e4ee0fcf0, 0x8}\n }, {\n qw = { 0x3000012e9f8000, 0x8}\n }, {\n qw = { 0x59000dfb9d0000, 0x8}\n }, {\n qw = { 0x78000e02e40000, 0x8}\n }}\n },\n sdma_hdr = 0x400300015528b000, \u003c\u003c\u003c invalid pointer in the tx request structure\n sdma_status = 0x0, SDMA_DESC0_LAST_DESC_FLAG (bit 62)\n complete = 0x0,\n priv = 0x0,\n txq = 0xffff9cfea4e69880,\n skb = 0xffff9d099809f400\n}\n\nIf an SDMA send consists of exactly 6 descriptors and requires dword\npadding (in the 7th descriptor), the sdma_txreq descriptor array is not\nproperly expanded and the packet will overflow into the container\nstructure. This results in a panic when the send completion runs. The\nexact panic varies depending on what elements of the container structure\nget corrupted. The fix is to use the correct expression in\n_pad_sdma_tx_descs() to test the need to expand the descriptor array.\n\nWith this patch the crashes are no longer reproducible and the machine is\nstable."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:42.053Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/115b7f3bc1dce590a6851a2dcf23dc1100c49790"
},
{
"url": "https://git.kernel.org/stable/c/5833024a9856f454a964a198c63a57e59e07baf5"
},
{
"url": "https://git.kernel.org/stable/c/3f38d22e645e2e994979426ea5a35186102ff3c2"
},
{
"url": "https://git.kernel.org/stable/c/47ae64df23ed1318e27bd9844e135a5e1c0e6e39"
},
{
"url": "https://git.kernel.org/stable/c/52dc9a7a573dbf778625a0efca0fca55489f084b"
},
{
"url": "https://git.kernel.org/stable/c/a2fef1d81becf4ff60e1a249477464eae3c3bc2a"
},
{
"url": "https://git.kernel.org/stable/c/9034a1bec35e9f725315a3bb6002ef39666114d9"
},
{
"url": "https://git.kernel.org/stable/c/e6f57c6881916df39db7d95981a8ad2b9c3458d6"
}
],
"title": "IB/hfi1: Fix sdma.h tx-\u003enum_descs off-by-one error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26766",
"datePublished": "2024-04-03T17:00:48.642Z",
"dateReserved": "2024-02-19T14:20:24.173Z",
"dateUpdated": "2025-05-04T12:54:42.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36904 (GCVE-0-2024-36904)
Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2025-05-04 09:11
VLAI?
EPSS
Title
tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
Summary
In the Linux kernel, the following vulnerability has been resolved:
tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique()
with nice analysis.
Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for
timewait hashdance"), inet_twsk_hashdance() sets TIME-WAIT socket's
sk_refcnt after putting it into ehash and releasing the bucket lock.
Thus, there is a small race window where other threads could try to
reuse the port during connect() and call sock_hold() in tcp_twsk_unique()
for the TIME-WAIT socket with zero refcnt.
If that happens, the refcnt taken by tcp_twsk_unique() is overwritten
and sock_put() will cause underflow, triggering a real use-after-free
somewhere else.
To avoid the use-after-free, we need to use refcount_inc_not_zero() in
tcp_twsk_unique() and give up on reusing the port if it returns false.
[0]:
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 0 PID: 1039313 at lib/refcount.c:25 refcount_warn_saturate+0xe5/0x110
CPU: 0 PID: 1039313 Comm: trigger Not tainted 6.8.6-200.fc39.x86_64 #1
Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.21805430.B64.2305221830 05/22/2023
RIP: 0010:refcount_warn_saturate+0xe5/0x110
Code: 42 8e ff 0f 0b c3 cc cc cc cc 80 3d aa 13 ea 01 00 0f 85 5e ff ff ff 48 c7 c7 f8 8e b7 82 c6 05 96 13 ea 01 01 e8 7b 42 8e ff <0f> 0b c3 cc cc cc cc 48 c7 c7 50 8f b7 82 c6 05 7a 13 ea 01 01 e8
RSP: 0018:ffffc90006b43b60 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff888009bb3ef0 RCX: 0000000000000027
RDX: ffff88807be218c8 RSI: 0000000000000001 RDI: ffff88807be218c0
RBP: 0000000000069d70 R08: 0000000000000000 R09: ffffc90006b439f0
R10: ffffc90006b439e8 R11: 0000000000000003 R12: ffff8880029ede84
R13: 0000000000004e20 R14: ffffffff84356dc0 R15: ffff888009bb3ef0
FS: 00007f62c10926c0(0000) GS:ffff88807be00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020ccb000 CR3: 000000004628c005 CR4: 0000000000f70ef0
PKRU: 55555554
Call Trace:
<TASK>
? refcount_warn_saturate+0xe5/0x110
? __warn+0x81/0x130
? refcount_warn_saturate+0xe5/0x110
? report_bug+0x171/0x1a0
? refcount_warn_saturate+0xe5/0x110
? handle_bug+0x3c/0x80
? exc_invalid_op+0x17/0x70
? asm_exc_invalid_op+0x1a/0x20
? refcount_warn_saturate+0xe5/0x110
tcp_twsk_unique+0x186/0x190
__inet_check_established+0x176/0x2d0
__inet_hash_connect+0x74/0x7d0
? __pfx___inet_check_established+0x10/0x10
tcp_v4_connect+0x278/0x530
__inet_stream_connect+0x10f/0x3d0
inet_stream_connect+0x3a/0x60
__sys_connect+0xa8/0xd0
__x64_sys_connect+0x18/0x20
do_syscall_64+0x83/0x170
entry_SYSCALL_64_after_hwframe+0x78/0x80
RIP: 0033:0x7f62c11a885d
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a3 45 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007f62c1091e58 EFLAGS: 00000296 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 0000000020ccb004 RCX: 00007f62c11a885d
RDX: 0000000000000010 RSI: 0000000020ccb000 RDI: 0000000000000003
RBP: 00007f62c1091e90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 00007f62c10926c0
R13: ffffffffffffff88 R14: 0000000000000000 R15: 00007ffe237885b0
</TASK>
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
ec94c2696f0bcd5ae92a553244e4ac30d2171a2d , < 84546cc1aeeb4df3e444b18a4293c9823f974be9
(git)
Affected: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d , < 1796ca9c6f5bd50554214053af5f47d112818ee3 (git) Affected: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d , < 1d9cf07810c30ef7948879567d10fd1f01121d34 (git) Affected: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d , < 27b0284d8be182a81feb65581ab6a724dfd596e8 (git) Affected: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d , < 13ed7cdf079686ccd3618335205700c03f6fb446 (git) Affected: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d , < 6e48faad92be13166184d21506e4e54c79c13adc (git) Affected: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d , < 517e32ea0a8c72202d0d8aa8df50a7cd3d6fdefc (git) Affected: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d , < f2db7230f73a80dbb179deab78f88a7947f0ab7e (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:20:22.181493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:20:38.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-05T08:03:30.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84546cc1aeeb4df3e444b18a4293c9823f974be9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1796ca9c6f5bd50554214053af5f47d112818ee3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d9cf07810c30ef7948879567d10fd1f01121d34"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/27b0284d8be182a81feb65581ab6a724dfd596e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13ed7cdf079686ccd3618335205700c03f6fb446"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e48faad92be13166184d21506e4e54c79c13adc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/517e32ea0a8c72202d0d8aa8df50a7cd3d6fdefc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2db7230f73a80dbb179deab78f88a7947f0ab7e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240905-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_ipv4.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "84546cc1aeeb4df3e444b18a4293c9823f974be9",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "1796ca9c6f5bd50554214053af5f47d112818ee3",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "1d9cf07810c30ef7948879567d10fd1f01121d34",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "27b0284d8be182a81feb65581ab6a724dfd596e8",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "13ed7cdf079686ccd3618335205700c03f6fb446",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "6e48faad92be13166184d21506e4e54c79c13adc",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "517e32ea0a8c72202d0d8aa8df50a7cd3d6fdefc",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "f2db7230f73a80dbb179deab78f88a7947f0ab7e",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_ipv4.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Use refcount_inc_not_zero() in tcp_twsk_unique().\n\nAnderson Nascimento reported a use-after-free splat in tcp_twsk_unique()\nwith nice analysis.\n\nSince commit ec94c2696f0b (\"tcp/dccp: avoid one atomic operation for\ntimewait hashdance\"), inet_twsk_hashdance() sets TIME-WAIT socket\u0027s\nsk_refcnt after putting it into ehash and releasing the bucket lock.\n\nThus, there is a small race window where other threads could try to\nreuse the port during connect() and call sock_hold() in tcp_twsk_unique()\nfor the TIME-WAIT socket with zero refcnt.\n\nIf that happens, the refcnt taken by tcp_twsk_unique() is overwritten\nand sock_put() will cause underflow, triggering a real use-after-free\nsomewhere else.\n\nTo avoid the use-after-free, we need to use refcount_inc_not_zero() in\ntcp_twsk_unique() and give up on reusing the port if it returns false.\n\n[0]:\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 0 PID: 1039313 at lib/refcount.c:25 refcount_warn_saturate+0xe5/0x110\nCPU: 0 PID: 1039313 Comm: trigger Not tainted 6.8.6-200.fc39.x86_64 #1\nHardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.21805430.B64.2305221830 05/22/2023\nRIP: 0010:refcount_warn_saturate+0xe5/0x110\nCode: 42 8e ff 0f 0b c3 cc cc cc cc 80 3d aa 13 ea 01 00 0f 85 5e ff ff ff 48 c7 c7 f8 8e b7 82 c6 05 96 13 ea 01 01 e8 7b 42 8e ff \u003c0f\u003e 0b c3 cc cc cc cc 48 c7 c7 50 8f b7 82 c6 05 7a 13 ea 01 01 e8\nRSP: 0018:ffffc90006b43b60 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff888009bb3ef0 RCX: 0000000000000027\nRDX: ffff88807be218c8 RSI: 0000000000000001 RDI: ffff88807be218c0\nRBP: 0000000000069d70 R08: 0000000000000000 R09: ffffc90006b439f0\nR10: ffffc90006b439e8 R11: 0000000000000003 R12: ffff8880029ede84\nR13: 0000000000004e20 R14: ffffffff84356dc0 R15: ffff888009bb3ef0\nFS: 00007f62c10926c0(0000) GS:ffff88807be00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020ccb000 CR3: 000000004628c005 CR4: 0000000000f70ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0xe5/0x110\n ? __warn+0x81/0x130\n ? refcount_warn_saturate+0xe5/0x110\n ? report_bug+0x171/0x1a0\n ? refcount_warn_saturate+0xe5/0x110\n ? handle_bug+0x3c/0x80\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? refcount_warn_saturate+0xe5/0x110\n tcp_twsk_unique+0x186/0x190\n __inet_check_established+0x176/0x2d0\n __inet_hash_connect+0x74/0x7d0\n ? __pfx___inet_check_established+0x10/0x10\n tcp_v4_connect+0x278/0x530\n __inet_stream_connect+0x10f/0x3d0\n inet_stream_connect+0x3a/0x60\n __sys_connect+0xa8/0xd0\n __x64_sys_connect+0x18/0x20\n do_syscall_64+0x83/0x170\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7f62c11a885d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d a3 45 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007f62c1091e58 EFLAGS: 00000296 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 0000000020ccb004 RCX: 00007f62c11a885d\nRDX: 0000000000000010 RSI: 0000000020ccb000 RDI: 0000000000000003\nRBP: 00007f62c1091e90 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000296 R12: 00007f62c10926c0\nR13: ffffffffffffff88 R14: 0000000000000000 R15: 00007ffe237885b0\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:11:46.007Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/84546cc1aeeb4df3e444b18a4293c9823f974be9"
},
{
"url": "https://git.kernel.org/stable/c/1796ca9c6f5bd50554214053af5f47d112818ee3"
},
{
"url": "https://git.kernel.org/stable/c/1d9cf07810c30ef7948879567d10fd1f01121d34"
},
{
"url": "https://git.kernel.org/stable/c/27b0284d8be182a81feb65581ab6a724dfd596e8"
},
{
"url": "https://git.kernel.org/stable/c/13ed7cdf079686ccd3618335205700c03f6fb446"
},
{
"url": "https://git.kernel.org/stable/c/6e48faad92be13166184d21506e4e54c79c13adc"
},
{
"url": "https://git.kernel.org/stable/c/517e32ea0a8c72202d0d8aa8df50a7cd3d6fdefc"
},
{
"url": "https://git.kernel.org/stable/c/f2db7230f73a80dbb179deab78f88a7947f0ab7e"
}
],
"title": "tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36904",
"datePublished": "2024-05-30T15:29:05.457Z",
"dateReserved": "2024-05-30T15:25:07.067Z",
"dateUpdated": "2025-05-04T09:11:46.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6270 (GCVE-0-2023-6270)
Vulnerability from cvelistv5 – Published: 2024-01-04 17:01 – Updated: 2025-11-20 18:08
VLAI?
EPSS
Title
Kernel: aoe: improper reference count leads to use-after-free vulnerability
Summary
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6270",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:48:09.407937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:53.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:20.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6270"
},
{
"name": "RHBZ#2256786",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256786"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2024-01-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T18:08:29.004Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6270"
},
{
"name": "RHBZ#2256786",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256786"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-29T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-04T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: aoe: improper reference count leads to use-after-free vulnerability",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-911-\u003eCWE-416: Improper Update of Reference Count leads to Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6270",
"datePublished": "2024-01-04T17:01:51.165Z",
"dateReserved": "2023-11-23T14:31:28.637Z",
"dateUpdated": "2025-11-20T18:08:29.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47402 (GCVE-0-2021-47402)
Vulnerability from cvelistv5 – Published: 2024-05-21 15:03 – Updated: 2025-05-04 07:10
VLAI?
EPSS
Title
net: sched: flower: protect fl_walk() with rcu
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: sched: flower: protect fl_walk() with rcu
Patch that refactored fl_walk() to use idr_for_each_entry_continue_ul()
also removed rcu protection of individual filters which causes following
use-after-free when filter is deleted concurrently. Fix fl_walk() to obtain
rcu read lock while iterating and taking the filter reference and temporary
release the lock while calling arg->fn() callback that can sleep.
KASAN trace:
[ 352.773640] ==================================================================
[ 352.775041] BUG: KASAN: use-after-free in fl_walk+0x159/0x240 [cls_flower]
[ 352.776304] Read of size 4 at addr ffff8881c8251480 by task tc/2987
[ 352.777862] CPU: 3 PID: 2987 Comm: tc Not tainted 5.15.0-rc2+ #2
[ 352.778980] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
[ 352.781022] Call Trace:
[ 352.781573] dump_stack_lvl+0x46/0x5a
[ 352.782332] print_address_description.constprop.0+0x1f/0x140
[ 352.783400] ? fl_walk+0x159/0x240 [cls_flower]
[ 352.784292] ? fl_walk+0x159/0x240 [cls_flower]
[ 352.785138] kasan_report.cold+0x83/0xdf
[ 352.785851] ? fl_walk+0x159/0x240 [cls_flower]
[ 352.786587] kasan_check_range+0x145/0x1a0
[ 352.787337] fl_walk+0x159/0x240 [cls_flower]
[ 352.788163] ? fl_put+0x10/0x10 [cls_flower]
[ 352.789007] ? __mutex_unlock_slowpath.constprop.0+0x220/0x220
[ 352.790102] tcf_chain_dump+0x231/0x450
[ 352.790878] ? tcf_chain_tp_delete_empty+0x170/0x170
[ 352.791833] ? __might_sleep+0x2e/0xc0
[ 352.792594] ? tfilter_notify+0x170/0x170
[ 352.793400] ? __mutex_unlock_slowpath.constprop.0+0x220/0x220
[ 352.794477] tc_dump_tfilter+0x385/0x4b0
[ 352.795262] ? tc_new_tfilter+0x1180/0x1180
[ 352.796103] ? __mod_node_page_state+0x1f/0xc0
[ 352.796974] ? __build_skb_around+0x10e/0x130
[ 352.797826] netlink_dump+0x2c0/0x560
[ 352.798563] ? netlink_getsockopt+0x430/0x430
[ 352.799433] ? __mutex_unlock_slowpath.constprop.0+0x220/0x220
[ 352.800542] __netlink_dump_start+0x356/0x440
[ 352.801397] rtnetlink_rcv_msg+0x3ff/0x550
[ 352.802190] ? tc_new_tfilter+0x1180/0x1180
[ 352.802872] ? rtnl_calcit.isra.0+0x1f0/0x1f0
[ 352.803668] ? tc_new_tfilter+0x1180/0x1180
[ 352.804344] ? _copy_from_iter_nocache+0x800/0x800
[ 352.805202] ? kasan_set_track+0x1c/0x30
[ 352.805900] netlink_rcv_skb+0xc6/0x1f0
[ 352.806587] ? rht_deferred_worker+0x6b0/0x6b0
[ 352.807455] ? rtnl_calcit.isra.0+0x1f0/0x1f0
[ 352.808324] ? netlink_ack+0x4d0/0x4d0
[ 352.809086] ? netlink_deliver_tap+0x62/0x3d0
[ 352.809951] netlink_unicast+0x353/0x480
[ 352.810744] ? netlink_attachskb+0x430/0x430
[ 352.811586] ? __alloc_skb+0xd7/0x200
[ 352.812349] netlink_sendmsg+0x396/0x680
[ 352.813132] ? netlink_unicast+0x480/0x480
[ 352.813952] ? __import_iovec+0x192/0x210
[ 352.814759] ? netlink_unicast+0x480/0x480
[ 352.815580] sock_sendmsg+0x6c/0x80
[ 352.816299] ____sys_sendmsg+0x3a5/0x3c0
[ 352.817096] ? kernel_sendmsg+0x30/0x30
[ 352.817873] ? __ia32_sys_recvmmsg+0x150/0x150
[ 352.818753] ___sys_sendmsg+0xd8/0x140
[ 352.819518] ? sendmsg_copy_msghdr+0x110/0x110
[ 352.820402] ? ___sys_recvmsg+0xf4/0x1a0
[ 352.821110] ? __copy_msghdr_from_user+0x260/0x260
[ 352.821934] ? _raw_spin_lock+0x81/0xd0
[ 352.822680] ? __handle_mm_fault+0xef3/0x1b20
[ 352.823549] ? rb_insert_color+0x2a/0x270
[ 352.824373] ? copy_page_range+0x16b0/0x16b0
[ 352.825209] ? perf_event_update_userpage+0x2d0/0x2d0
[ 352.826190] ? __fget_light+0xd9/0xf0
[ 352.826941] __sys_sendmsg+0xb3/0x130
[ 352.827613] ? __sys_sendmsg_sock+0x20/0x20
[ 352.828377] ? do_user_addr_fault+0x2c5/0x8a0
[ 352.829184] ? fpregs_assert_state_consistent+0x52/0x60
[ 352.830001] ? exit_to_user_mode_prepare+0x32/0x160
[ 352.830845] do_syscall_64+0x35/0x80
[ 352.831445] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 352.832331] RIP: 0033:0x7f7bee973c17
[
---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
d39d714969cda5cbda291402c8c6b1fb1047f42e , < 694b0cee7f8546b69a80996a29cb3cf4149c0453
(git)
Affected: d39d714969cda5cbda291402c8c6b1fb1047f42e , < d0d520c19e7ea19ed38dc5797b12397b6ccf9f88 (git) Affected: d39d714969cda5cbda291402c8c6b1fb1047f42e , < dab4677bdbffa5c8270e79e34e51c89efa0728a0 (git) Affected: d39d714969cda5cbda291402c8c6b1fb1047f42e , < d5ef190693a7d76c5c192d108e8dec48307b46ee (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:39:58.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/694b0cee7f8546b69a80996a29cb3cf4149c0453"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0d520c19e7ea19ed38dc5797b12397b6ccf9f88"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dab4677bdbffa5c8270e79e34e51c89efa0728a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d5ef190693a7d76c5c192d108e8dec48307b46ee"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:38:07.154281Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:41.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/cls_flower.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "694b0cee7f8546b69a80996a29cb3cf4149c0453",
"status": "affected",
"version": "d39d714969cda5cbda291402c8c6b1fb1047f42e",
"versionType": "git"
},
{
"lessThan": "d0d520c19e7ea19ed38dc5797b12397b6ccf9f88",
"status": "affected",
"version": "d39d714969cda5cbda291402c8c6b1fb1047f42e",
"versionType": "git"
},
{
"lessThan": "dab4677bdbffa5c8270e79e34e51c89efa0728a0",
"status": "affected",
"version": "d39d714969cda5cbda291402c8c6b1fb1047f42e",
"versionType": "git"
},
{
"lessThan": "d5ef190693a7d76c5c192d108e8dec48307b46ee",
"status": "affected",
"version": "d39d714969cda5cbda291402c8c6b1fb1047f42e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/cls_flower.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.71",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.14.*",
"status": "unaffected",
"version": "5.14.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.151",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.71",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14.10",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: flower: protect fl_walk() with rcu\n\nPatch that refactored fl_walk() to use idr_for_each_entry_continue_ul()\nalso removed rcu protection of individual filters which causes following\nuse-after-free when filter is deleted concurrently. Fix fl_walk() to obtain\nrcu read lock while iterating and taking the filter reference and temporary\nrelease the lock while calling arg-\u003efn() callback that can sleep.\n\nKASAN trace:\n\n[ 352.773640] ==================================================================\n[ 352.775041] BUG: KASAN: use-after-free in fl_walk+0x159/0x240 [cls_flower]\n[ 352.776304] Read of size 4 at addr ffff8881c8251480 by task tc/2987\n\n[ 352.777862] CPU: 3 PID: 2987 Comm: tc Not tainted 5.15.0-rc2+ #2\n[ 352.778980] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 352.781022] Call Trace:\n[ 352.781573] dump_stack_lvl+0x46/0x5a\n[ 352.782332] print_address_description.constprop.0+0x1f/0x140\n[ 352.783400] ? fl_walk+0x159/0x240 [cls_flower]\n[ 352.784292] ? fl_walk+0x159/0x240 [cls_flower]\n[ 352.785138] kasan_report.cold+0x83/0xdf\n[ 352.785851] ? fl_walk+0x159/0x240 [cls_flower]\n[ 352.786587] kasan_check_range+0x145/0x1a0\n[ 352.787337] fl_walk+0x159/0x240 [cls_flower]\n[ 352.788163] ? fl_put+0x10/0x10 [cls_flower]\n[ 352.789007] ? __mutex_unlock_slowpath.constprop.0+0x220/0x220\n[ 352.790102] tcf_chain_dump+0x231/0x450\n[ 352.790878] ? tcf_chain_tp_delete_empty+0x170/0x170\n[ 352.791833] ? __might_sleep+0x2e/0xc0\n[ 352.792594] ? tfilter_notify+0x170/0x170\n[ 352.793400] ? __mutex_unlock_slowpath.constprop.0+0x220/0x220\n[ 352.794477] tc_dump_tfilter+0x385/0x4b0\n[ 352.795262] ? tc_new_tfilter+0x1180/0x1180\n[ 352.796103] ? __mod_node_page_state+0x1f/0xc0\n[ 352.796974] ? __build_skb_around+0x10e/0x130\n[ 352.797826] netlink_dump+0x2c0/0x560\n[ 352.798563] ? netlink_getsockopt+0x430/0x430\n[ 352.799433] ? __mutex_unlock_slowpath.constprop.0+0x220/0x220\n[ 352.800542] __netlink_dump_start+0x356/0x440\n[ 352.801397] rtnetlink_rcv_msg+0x3ff/0x550\n[ 352.802190] ? tc_new_tfilter+0x1180/0x1180\n[ 352.802872] ? rtnl_calcit.isra.0+0x1f0/0x1f0\n[ 352.803668] ? tc_new_tfilter+0x1180/0x1180\n[ 352.804344] ? _copy_from_iter_nocache+0x800/0x800\n[ 352.805202] ? kasan_set_track+0x1c/0x30\n[ 352.805900] netlink_rcv_skb+0xc6/0x1f0\n[ 352.806587] ? rht_deferred_worker+0x6b0/0x6b0\n[ 352.807455] ? rtnl_calcit.isra.0+0x1f0/0x1f0\n[ 352.808324] ? netlink_ack+0x4d0/0x4d0\n[ 352.809086] ? netlink_deliver_tap+0x62/0x3d0\n[ 352.809951] netlink_unicast+0x353/0x480\n[ 352.810744] ? netlink_attachskb+0x430/0x430\n[ 352.811586] ? __alloc_skb+0xd7/0x200\n[ 352.812349] netlink_sendmsg+0x396/0x680\n[ 352.813132] ? netlink_unicast+0x480/0x480\n[ 352.813952] ? __import_iovec+0x192/0x210\n[ 352.814759] ? netlink_unicast+0x480/0x480\n[ 352.815580] sock_sendmsg+0x6c/0x80\n[ 352.816299] ____sys_sendmsg+0x3a5/0x3c0\n[ 352.817096] ? kernel_sendmsg+0x30/0x30\n[ 352.817873] ? __ia32_sys_recvmmsg+0x150/0x150\n[ 352.818753] ___sys_sendmsg+0xd8/0x140\n[ 352.819518] ? sendmsg_copy_msghdr+0x110/0x110\n[ 352.820402] ? ___sys_recvmsg+0xf4/0x1a0\n[ 352.821110] ? __copy_msghdr_from_user+0x260/0x260\n[ 352.821934] ? _raw_spin_lock+0x81/0xd0\n[ 352.822680] ? __handle_mm_fault+0xef3/0x1b20\n[ 352.823549] ? rb_insert_color+0x2a/0x270\n[ 352.824373] ? copy_page_range+0x16b0/0x16b0\n[ 352.825209] ? perf_event_update_userpage+0x2d0/0x2d0\n[ 352.826190] ? __fget_light+0xd9/0xf0\n[ 352.826941] __sys_sendmsg+0xb3/0x130\n[ 352.827613] ? __sys_sendmsg_sock+0x20/0x20\n[ 352.828377] ? do_user_addr_fault+0x2c5/0x8a0\n[ 352.829184] ? fpregs_assert_state_consistent+0x52/0x60\n[ 352.830001] ? exit_to_user_mode_prepare+0x32/0x160\n[ 352.830845] do_syscall_64+0x35/0x80\n[ 352.831445] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 352.832331] RIP: 0033:0x7f7bee973c17\n[ \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:10:13.449Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/694b0cee7f8546b69a80996a29cb3cf4149c0453"
},
{
"url": "https://git.kernel.org/stable/c/d0d520c19e7ea19ed38dc5797b12397b6ccf9f88"
},
{
"url": "https://git.kernel.org/stable/c/dab4677bdbffa5c8270e79e34e51c89efa0728a0"
},
{
"url": "https://git.kernel.org/stable/c/d5ef190693a7d76c5c192d108e8dec48307b46ee"
}
],
"title": "net: sched: flower: protect fl_walk() with rcu",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47402",
"datePublished": "2024-05-21T15:03:56.690Z",
"dateReserved": "2024-05-21T14:58:30.816Z",
"dateUpdated": "2025-05-04T07:10:13.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46936 (GCVE-0-2021-46936)
Vulnerability from cvelistv5 – Published: 2024-02-27 09:44 – Updated: 2025-05-04 07:00
VLAI?
EPSS
Title
net: fix use-after-free in tw_timer_handler
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: fix use-after-free in tw_timer_handler
A real world panic issue was found as follow in Linux 5.4.
BUG: unable to handle page fault for address: ffffde49a863de28
PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0
RIP: 0010:tw_timer_handler+0x20/0x40
Call Trace:
<IRQ>
call_timer_fn+0x2b/0x120
run_timer_softirq+0x1ef/0x450
__do_softirq+0x10d/0x2b8
irq_exit+0xc7/0xd0
smp_apic_timer_interrupt+0x68/0x120
apic_timer_interrupt+0xf/0x20
This issue was also reported since 2017 in the thread [1],
unfortunately, the issue was still can be reproduced after fixing
DCCP.
The ipv4_mib_exit_net is called before tcp_sk_exit_batch when a net
namespace is destroyed since tcp_sk_ops is registered befrore
ipv4_mib_ops, which means tcp_sk_ops is in the front of ipv4_mib_ops
in the list of pernet_list. There will be a use-after-free on
net->mib.net_statistics in tw_timer_handler after ipv4_mib_exit_net
if there are some inflight time-wait timers.
This bug is not introduced by commit f2bf415cfed7 ("mib: add net to
NET_ADD_STATS_BH") since the net_statistics is a global variable
instead of dynamic allocation and freeing. Actually, commit
61a7e26028b9 ("mib: put net statistics on struct net") introduces
the bug since it put net statistics on struct net and free it when
net namespace is destroyed.
Moving init_ipv4_mibs() to the front of tcp_init() to fix this bug
and replace pr_crit() with panic() since continuing is meaningless
when init_ipv4_mibs() fails.
[1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < 15579e1301f856ad9385d720c9267c11032a5022
(git)
Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < e73164e89d1be561228a4534e1091369ee4ba41a (git) Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < 5c2fe20ad37ff56070ae0acb34152333976929b4 (git) Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < a8e1944b44f94f5c5f530e434c5eaee787254566 (git) Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < fe5838c22b986c1190f1dce9aa09bf6a491c1a69 (git) Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < 2386e81a1d277f540e1285565c9d41d531bb69d4 (git) Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < 08eacbd141e2495d2fcdde84358a06c4f95cbb13 (git) Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:01:57.788399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:18.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/af_inet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "15579e1301f856ad9385d720c9267c11032a5022",
"status": "affected",
"version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
"versionType": "git"
},
{
"lessThan": "e73164e89d1be561228a4534e1091369ee4ba41a",
"status": "affected",
"version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
"versionType": "git"
},
{
"lessThan": "5c2fe20ad37ff56070ae0acb34152333976929b4",
"status": "affected",
"version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
"versionType": "git"
},
{
"lessThan": "a8e1944b44f94f5c5f530e434c5eaee787254566",
"status": "affected",
"version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
"versionType": "git"
},
{
"lessThan": "fe5838c22b986c1190f1dce9aa09bf6a491c1a69",
"status": "affected",
"version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
"versionType": "git"
},
{
"lessThan": "2386e81a1d277f540e1285565c9d41d531bb69d4",
"status": "affected",
"version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
"versionType": "git"
},
{
"lessThan": "08eacbd141e2495d2fcdde84358a06c4f95cbb13",
"status": "affected",
"version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
"versionType": "git"
},
{
"lessThan": "e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0",
"status": "affected",
"version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/af_inet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.27"
},
{
"lessThan": "2.6.27",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.298",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.296",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.170",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.298",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.296",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.261",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.224",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.170",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.90",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.13",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16",
"versionStartIncluding": "2.6.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix use-after-free in tw_timer_handler\n\nA real world panic issue was found as follow in Linux 5.4.\n\n BUG: unable to handle page fault for address: ffffde49a863de28\n PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0\n RIP: 0010:tw_timer_handler+0x20/0x40\n Call Trace:\n \u003cIRQ\u003e\n call_timer_fn+0x2b/0x120\n run_timer_softirq+0x1ef/0x450\n __do_softirq+0x10d/0x2b8\n irq_exit+0xc7/0xd0\n smp_apic_timer_interrupt+0x68/0x120\n apic_timer_interrupt+0xf/0x20\n\nThis issue was also reported since 2017 in the thread [1],\nunfortunately, the issue was still can be reproduced after fixing\nDCCP.\n\nThe ipv4_mib_exit_net is called before tcp_sk_exit_batch when a net\nnamespace is destroyed since tcp_sk_ops is registered befrore\nipv4_mib_ops, which means tcp_sk_ops is in the front of ipv4_mib_ops\nin the list of pernet_list. There will be a use-after-free on\nnet-\u003emib.net_statistics in tw_timer_handler after ipv4_mib_exit_net\nif there are some inflight time-wait timers.\n\nThis bug is not introduced by commit f2bf415cfed7 (\"mib: add net to\nNET_ADD_STATS_BH\") since the net_statistics is a global variable\ninstead of dynamic allocation and freeing. Actually, commit\n61a7e26028b9 (\"mib: put net statistics on struct net\") introduces\nthe bug since it put net statistics on struct net and free it when\nnet namespace is destroyed.\n\nMoving init_ipv4_mibs() to the front of tcp_init() to fix this bug\nand replace pr_crit() with panic() since continuing is meaningless\nwhen init_ipv4_mibs() fails.\n\n[1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:00:40.694Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022"
},
{
"url": "https://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a"
},
{
"url": "https://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4"
},
{
"url": "https://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566"
},
{
"url": "https://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69"
},
{
"url": "https://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4"
},
{
"url": "https://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13"
},
{
"url": "https://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0"
}
],
"title": "net: fix use-after-free in tw_timer_handler",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46936",
"datePublished": "2024-02-27T09:44:02.758Z",
"dateReserved": "2024-02-25T13:45:52.720Z",
"dateUpdated": "2025-05-04T07:00:40.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48969 (GCVE-0-2022-48969)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
xen-netfront: Fix NULL sring after live migration
Summary
In the Linux kernel, the following vulnerability has been resolved:
xen-netfront: Fix NULL sring after live migration
A NAPI is setup for each network sring to poll data to kernel
The sring with source host is destroyed before live migration and
new sring with target host is setup after live migration.
The NAPI for the old sring is not deleted until setup new sring
with target host after migration. With busy_poll/busy_read enabled,
the NAPI can be polled before got deleted when resume VM.
BUG: unable to handle kernel NULL pointer dereference at
0000000000000008
IP: xennet_poll+0xae/0xd20
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
Call Trace:
finish_task_switch+0x71/0x230
timerqueue_del+0x1d/0x40
hrtimer_try_to_cancel+0xb5/0x110
xennet_alloc_rx_buffers+0x2a0/0x2a0
napi_busy_loop+0xdb/0x270
sock_poll+0x87/0x90
do_sys_poll+0x26f/0x580
tracing_map_insert+0x1d4/0x2f0
event_hist_trigger+0x14a/0x260
finish_task_switch+0x71/0x230
__schedule+0x256/0x890
recalc_sigpending+0x1b/0x50
xen_sched_clock+0x15/0x20
__rb_reserve_next+0x12d/0x140
ring_buffer_lock_reserve+0x123/0x3d0
event_triggers_call+0x87/0xb0
trace_event_buffer_commit+0x1c4/0x210
xen_clocksource_get_cycles+0x15/0x20
ktime_get_ts64+0x51/0xf0
SyS_ppoll+0x160/0x1a0
SyS_ppoll+0x160/0x1a0
do_syscall_64+0x73/0x130
entry_SYSCALL_64_after_hwframe+0x41/0xa6
...
RIP: xennet_poll+0xae/0xd20 RSP: ffffb4f041933900
CR2: 0000000000000008
---[ end trace f8601785b354351c ]---
xen frontend should remove the NAPIs for the old srings before live
migration as the bond srings are destroyed
There is a tiny window between the srings are set to NULL and
the NAPIs are disabled, It is safe as the NAPI threads are still
frozen at that time
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
4ec2411980d0fd2995e8dea8a06fe57aa47523cb , < 99859947517e446058ad7243ee81d2f9801fa3dd
(git)
Affected: 4ec2411980d0fd2995e8dea8a06fe57aa47523cb , < ed773dd798bf720756d20021b8d8a4a3d7184bda (git) Affected: 4ec2411980d0fd2995e8dea8a06fe57aa47523cb , < e6860c889f4ad50b6ab696f5ea154295d72cf27a (git) Affected: 4ec2411980d0fd2995e8dea8a06fe57aa47523cb , < e6e897d4fe2f89c0bd94600a40bedf5e6e75e050 (git) Affected: 4ec2411980d0fd2995e8dea8a06fe57aa47523cb , < f2dd60fd3fe98bd36a91b0c6e10bfe9d66258f84 (git) Affected: 4ec2411980d0fd2995e8dea8a06fe57aa47523cb , < d50b7914fae04d840ce36491d22133070b18cca9 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:19:22.834399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:38.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/xen-netfront.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "99859947517e446058ad7243ee81d2f9801fa3dd",
"status": "affected",
"version": "4ec2411980d0fd2995e8dea8a06fe57aa47523cb",
"versionType": "git"
},
{
"lessThan": "ed773dd798bf720756d20021b8d8a4a3d7184bda",
"status": "affected",
"version": "4ec2411980d0fd2995e8dea8a06fe57aa47523cb",
"versionType": "git"
},
{
"lessThan": "e6860c889f4ad50b6ab696f5ea154295d72cf27a",
"status": "affected",
"version": "4ec2411980d0fd2995e8dea8a06fe57aa47523cb",
"versionType": "git"
},
{
"lessThan": "e6e897d4fe2f89c0bd94600a40bedf5e6e75e050",
"status": "affected",
"version": "4ec2411980d0fd2995e8dea8a06fe57aa47523cb",
"versionType": "git"
},
{
"lessThan": "f2dd60fd3fe98bd36a91b0c6e10bfe9d66258f84",
"status": "affected",
"version": "4ec2411980d0fd2995e8dea8a06fe57aa47523cb",
"versionType": "git"
},
{
"lessThan": "d50b7914fae04d840ce36491d22133070b18cca9",
"status": "affected",
"version": "4ec2411980d0fd2995e8dea8a06fe57aa47523cb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/xen-netfront.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.24"
},
{
"lessThan": "2.6.24",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.269",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "2.6.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen-netfront: Fix NULL sring after live migration\n\nA NAPI is setup for each network sring to poll data to kernel\nThe sring with source host is destroyed before live migration and\nnew sring with target host is setup after live migration.\nThe NAPI for the old sring is not deleted until setup new sring\nwith target host after migration. With busy_poll/busy_read enabled,\nthe NAPI can be polled before got deleted when resume VM.\n\nBUG: unable to handle kernel NULL pointer dereference at\n0000000000000008\nIP: xennet_poll+0xae/0xd20\nPGD 0 P4D 0\nOops: 0000 [#1] SMP PTI\nCall Trace:\n finish_task_switch+0x71/0x230\n timerqueue_del+0x1d/0x40\n hrtimer_try_to_cancel+0xb5/0x110\n xennet_alloc_rx_buffers+0x2a0/0x2a0\n napi_busy_loop+0xdb/0x270\n sock_poll+0x87/0x90\n do_sys_poll+0x26f/0x580\n tracing_map_insert+0x1d4/0x2f0\n event_hist_trigger+0x14a/0x260\n\n finish_task_switch+0x71/0x230\n __schedule+0x256/0x890\n recalc_sigpending+0x1b/0x50\n xen_sched_clock+0x15/0x20\n __rb_reserve_next+0x12d/0x140\n ring_buffer_lock_reserve+0x123/0x3d0\n event_triggers_call+0x87/0xb0\n trace_event_buffer_commit+0x1c4/0x210\n xen_clocksource_get_cycles+0x15/0x20\n ktime_get_ts64+0x51/0xf0\n SyS_ppoll+0x160/0x1a0\n SyS_ppoll+0x160/0x1a0\n do_syscall_64+0x73/0x130\n entry_SYSCALL_64_after_hwframe+0x41/0xa6\n...\nRIP: xennet_poll+0xae/0xd20 RSP: ffffb4f041933900\nCR2: 0000000000000008\n---[ end trace f8601785b354351c ]---\n\nxen frontend should remove the NAPIs for the old srings before live\nmigration as the bond srings are destroyed\n\nThere is a tiny window between the srings are set to NULL and\nthe NAPIs are disabled, It is safe as the NAPI threads are still\nfrozen at that time"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:08.316Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/99859947517e446058ad7243ee81d2f9801fa3dd"
},
{
"url": "https://git.kernel.org/stable/c/ed773dd798bf720756d20021b8d8a4a3d7184bda"
},
{
"url": "https://git.kernel.org/stable/c/e6860c889f4ad50b6ab696f5ea154295d72cf27a"
},
{
"url": "https://git.kernel.org/stable/c/e6e897d4fe2f89c0bd94600a40bedf5e6e75e050"
},
{
"url": "https://git.kernel.org/stable/c/f2dd60fd3fe98bd36a91b0c6e10bfe9d66258f84"
},
{
"url": "https://git.kernel.org/stable/c/d50b7914fae04d840ce36491d22133070b18cca9"
}
],
"title": "xen-netfront: Fix NULL sring after live migration",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48969",
"datePublished": "2024-10-21T20:05:51.051Z",
"dateReserved": "2024-08-22T01:27:53.629Z",
"dateUpdated": "2025-05-04T08:27:08.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48977 (GCVE-0-2022-48977)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 12:44
VLAI?
EPSS
Title
can: af_can: fix NULL pointer dereference in can_rcv_filter
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: af_can: fix NULL pointer dereference in can_rcv_filter
Analogue to commit 8aa59e355949 ("can: af_can: fix NULL pointer
dereference in can_rx_register()") we need to check for a missing
initialization of ml_priv in the receive path of CAN frames.
Since commit 4e096a18867a ("net: introduce CAN specific pointer in the
struct net_device") the check for dev->type to be ARPHRD_CAN is not
sufficient anymore since bonding or tun netdevices claim to be CAN
devices but do not initialize ml_priv accordingly.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
4ac1feff6ea6495cbfd336f4438a6c6d140544a6 , < 3982652957e8d79ac32efcb725450580650a8644
(git)
Affected: 1a5751d58b14195f763b8c1d9ef33fb8a93e95e7 , < c42221efb1159d6a3c89e96685ee38acdce86b6f (git) Affected: 4e096a18867a5a989b510f6999d9c6b6622e8f7b , < c142cba37de29f740a3852f01f59876af8ae462a (git) Affected: 4e096a18867a5a989b510f6999d9c6b6622e8f7b , < fcc63f2f7ee3038d53216edd0d8291e57c752557 (git) Affected: 4e096a18867a5a989b510f6999d9c6b6622e8f7b , < 0acc442309a0a1b01bcdaa135e56e6398a49439c (git) Affected: 96340078d50a54f6a1252c62596bc44321c8bff9 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48977",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:18:20.904853Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:44.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/can/af_can.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3982652957e8d79ac32efcb725450580650a8644",
"status": "affected",
"version": "4ac1feff6ea6495cbfd336f4438a6c6d140544a6",
"versionType": "git"
},
{
"lessThan": "c42221efb1159d6a3c89e96685ee38acdce86b6f",
"status": "affected",
"version": "1a5751d58b14195f763b8c1d9ef33fb8a93e95e7",
"versionType": "git"
},
{
"lessThan": "c142cba37de29f740a3852f01f59876af8ae462a",
"status": "affected",
"version": "4e096a18867a5a989b510f6999d9c6b6622e8f7b",
"versionType": "git"
},
{
"lessThan": "fcc63f2f7ee3038d53216edd0d8291e57c752557",
"status": "affected",
"version": "4e096a18867a5a989b510f6999d9c6b6622e8f7b",
"versionType": "git"
},
{
"lessThan": "0acc442309a0a1b01bcdaa135e56e6398a49439c",
"status": "affected",
"version": "4e096a18867a5a989b510f6999d9c6b6622e8f7b",
"versionType": "git"
},
{
"status": "affected",
"version": "96340078d50a54f6a1252c62596bc44321c8bff9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/can/af_can.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "5.4.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "5.10.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: af_can: fix NULL pointer dereference in can_rcv_filter\n\nAnalogue to commit 8aa59e355949 (\"can: af_can: fix NULL pointer\ndereference in can_rx_register()\") we need to check for a missing\ninitialization of ml_priv in the receive path of CAN frames.\n\nSince commit 4e096a18867a (\"net: introduce CAN specific pointer in the\nstruct net_device\") the check for dev-\u003etype to be ARPHRD_CAN is not\nsufficient anymore since bonding or tun netdevices claim to be CAN\ndevices but do not initialize ml_priv accordingly."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:07.541Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3982652957e8d79ac32efcb725450580650a8644"
},
{
"url": "https://git.kernel.org/stable/c/c42221efb1159d6a3c89e96685ee38acdce86b6f"
},
{
"url": "https://git.kernel.org/stable/c/c142cba37de29f740a3852f01f59876af8ae462a"
},
{
"url": "https://git.kernel.org/stable/c/fcc63f2f7ee3038d53216edd0d8291e57c752557"
},
{
"url": "https://git.kernel.org/stable/c/0acc442309a0a1b01bcdaa135e56e6398a49439c"
}
],
"title": "can: af_can: fix NULL pointer dereference in can_rcv_filter",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48977",
"datePublished": "2024-10-21T20:05:56.389Z",
"dateReserved": "2024-08-22T01:27:53.632Z",
"dateUpdated": "2025-05-04T12:44:07.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46834 (GCVE-0-2024-46834)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:39 – Updated: 2026-01-05 10:53
VLAI?
EPSS
Title
ethtool: fail closed if we can't get max channel used in indirection tables
Summary
In the Linux kernel, the following vulnerability has been resolved:
ethtool: fail closed if we can't get max channel used in indirection tables
Commit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with
active RSS contexts") proves that allowing indirection table to contain
channels with out of bounds IDs may lead to crashes. Currently the
max channel check in the core gets skipped if driver can't fetch
the indirection table or when we can't allocate memory.
Both of those conditions should be extremely rare but if they do
happen we should try to be safe and fail the channel change.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:03:28.433366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:03:33.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ethtool/channels.c",
"net/ethtool/common.c",
"net/ethtool/common.h",
"net/ethtool/ioctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "101737d8b88dbd4be6010bac398fe810f1950036",
"status": "affected",
"version": "d4ab4286276fcd6c155bafdf4422b712068d2516",
"versionType": "git"
},
{
"lessThan": "2899d58462ba868287d6ff3acad3675e7adf934f",
"status": "affected",
"version": "d4ab4286276fcd6c155bafdf4422b712068d2516",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ethtool/channels.c",
"net/ethtool/common.c",
"net/ethtool/common.h",
"net/ethtool/ioctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.6"
},
{
"lessThan": "4.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: fail closed if we can\u0027t get max channel used in indirection tables\n\nCommit 0d1b7d6c9274 (\"bnxt: fix crashes when reducing ring count with\nactive RSS contexts\") proves that allowing indirection table to contain\nchannels with out of bounds IDs may lead to crashes. Currently the\nmax channel check in the core gets skipped if driver can\u0027t fetch\nthe indirection table or when we can\u0027t allocate memory.\n\nBoth of those conditions should be extremely rare but if they do\nhappen we should try to be safe and fail the channel change."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:53:28.772Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/101737d8b88dbd4be6010bac398fe810f1950036"
},
{
"url": "https://git.kernel.org/stable/c/2899d58462ba868287d6ff3acad3675e7adf934f"
}
],
"title": "ethtool: fail closed if we can\u0027t get max channel used in indirection tables",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46834",
"datePublished": "2024-09-27T12:39:31.110Z",
"dateReserved": "2024-09-11T15:12:18.287Z",
"dateUpdated": "2026-01-05T10:53:28.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49000 (GCVE-0-2022-49000)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
for_each_pci_dev() is implemented by pci_get_device(). The comment of
pci_get_device() says that it will increase the reference count for the
returned pci_dev and also decrease the reference count for the input
pci_dev @from if it is not NULL.
If we break for_each_pci_dev() loop with pdev not NULL, we need to call
pci_dev_put() to decrease the reference count. Add the missing
pci_dev_put() before 'return true' to avoid reference count leak.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
89a6079df791aeace2044ea93be1b397195824ec , < 10ed7655a17f6a3eaecd1293830488259ccd5723
(git)
Affected: 89a6079df791aeace2044ea93be1b397195824ec , < b6eea8b2e858a20ad58ac62dc2de90fea2413f94 (git) Affected: 89a6079df791aeace2044ea93be1b397195824ec , < 17f67414718e6aba123335a33b7d15aa594fff34 (git) Affected: 89a6079df791aeace2044ea93be1b397195824ec , < afca9e19cc720bfafc75dc5ce429c185ca93f31d (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:15:17.821654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:40.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/intel/iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "10ed7655a17f6a3eaecd1293830488259ccd5723",
"status": "affected",
"version": "89a6079df791aeace2044ea93be1b397195824ec",
"versionType": "git"
},
{
"lessThan": "b6eea8b2e858a20ad58ac62dc2de90fea2413f94",
"status": "affected",
"version": "89a6079df791aeace2044ea93be1b397195824ec",
"versionType": "git"
},
{
"lessThan": "17f67414718e6aba123335a33b7d15aa594fff34",
"status": "affected",
"version": "89a6079df791aeace2044ea93be1b397195824ec",
"versionType": "git"
},
{
"lessThan": "afca9e19cc720bfafc75dc5ce429c185ca93f31d",
"status": "affected",
"version": "89a6079df791aeace2044ea93be1b397195824ec",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/intel/iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix PCI device refcount leak in has_external_pci()\n\nfor_each_pci_dev() is implemented by pci_get_device(). The comment of\npci_get_device() says that it will increase the reference count for the\nreturned pci_dev and also decrease the reference count for the input\npci_dev @from if it is not NULL.\n\nIf we break for_each_pci_dev() loop with pdev not NULL, we need to call\npci_dev_put() to decrease the reference count. Add the missing\npci_dev_put() before \u0027return true\u0027 to avoid reference count leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:47.892Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/10ed7655a17f6a3eaecd1293830488259ccd5723"
},
{
"url": "https://git.kernel.org/stable/c/b6eea8b2e858a20ad58ac62dc2de90fea2413f94"
},
{
"url": "https://git.kernel.org/stable/c/17f67414718e6aba123335a33b7d15aa594fff34"
},
{
"url": "https://git.kernel.org/stable/c/afca9e19cc720bfafc75dc5ce429c185ca93f31d"
}
],
"title": "iommu/vt-d: Fix PCI device refcount leak in has_external_pci()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49000",
"datePublished": "2024-10-21T20:06:14.753Z",
"dateReserved": "2024-08-22T01:27:53.642Z",
"dateUpdated": "2025-05-04T08:27:47.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49883 (GCVE-0-2024-49883)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 22:22
VLAI?
EPSS
Title
ext4: aovid use-after-free in ext4_ext_insert_extent()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: aovid use-after-free in ext4_ext_insert_extent()
As Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is
reallocated in ext4_ext_create_new_leaf(), we'll use the stale path and
cause UAF. Below is a sample trace with dummy values:
ext4_ext_insert_extent
path = *ppath = 2000
ext4_ext_create_new_leaf(ppath)
ext4_find_extent(ppath)
path = *ppath = 2000
if (depth > path[0].p_maxdepth)
kfree(path = 2000);
*ppath = path = NULL;
path = kcalloc() = 3000
*ppath = 3000;
return path;
/* here path is still 2000, UAF! */
eh = path[depth].p_hdr
==================================================================
BUG: KASAN: slab-use-after-free in ext4_ext_insert_extent+0x26d4/0x3330
Read of size 8 at addr ffff8881027bf7d0 by task kworker/u36:1/179
CPU: 3 UID: 0 PID: 179 Comm: kworker/u6:1 Not tainted 6.11.0-rc2-dirty #866
Call Trace:
<TASK>
ext4_ext_insert_extent+0x26d4/0x3330
ext4_ext_map_blocks+0xe22/0x2d40
ext4_map_blocks+0x71e/0x1700
ext4_do_writepages+0x1290/0x2800
[...]
Allocated by task 179:
ext4_find_extent+0x81c/0x1f70
ext4_ext_map_blocks+0x146/0x2d40
ext4_map_blocks+0x71e/0x1700
ext4_do_writepages+0x1290/0x2800
ext4_writepages+0x26d/0x4e0
do_writepages+0x175/0x700
[...]
Freed by task 179:
kfree+0xcb/0x240
ext4_find_extent+0x7c0/0x1f70
ext4_ext_insert_extent+0xa26/0x3330
ext4_ext_map_blocks+0xe22/0x2d40
ext4_map_blocks+0x71e/0x1700
ext4_do_writepages+0x1290/0x2800
ext4_writepages+0x26d/0x4e0
do_writepages+0x175/0x700
[...]
==================================================================
So use *ppath to update the path to avoid the above problem.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
10809df84a4d868db61af621bae3658494165279 , < e17ebe4fdd7665c93ae9459ba40fcdfb76769ac1
(git)
Affected: 10809df84a4d868db61af621bae3658494165279 , < 975ca06f3fd154c5f7742083e7b2574c57d1c0c3 (git) Affected: 10809df84a4d868db61af621bae3658494165279 , < 5e811066c5ab709b070659197dccfb80ab650ddd (git) Affected: 10809df84a4d868db61af621bae3658494165279 , < 9df59009dfc6d9fc1bd9ddf6c5ab6e56d6ed887a (git) Affected: 10809df84a4d868db61af621bae3658494165279 , < 51db04892a993cace63415be99848970a0f15ef2 (git) Affected: 10809df84a4d868db61af621bae3658494165279 , < 8162ee5d94b8c0351be0a9321be134872a7654a1 (git) Affected: 10809df84a4d868db61af621bae3658494165279 , < beb7b66fb489041c50c6473100b383f7a51648fc (git) Affected: 10809df84a4d868db61af621bae3658494165279 , < bfed082ce4b1ce6349b05c09a0fa4f3da35ecb1b (git) Affected: 10809df84a4d868db61af621bae3658494165279 , < a164f3a432aae62ca23d03e6d926b122ee5b860d (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:45:23.101470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:50.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:22:49.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/extents.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e17ebe4fdd7665c93ae9459ba40fcdfb76769ac1",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "975ca06f3fd154c5f7742083e7b2574c57d1c0c3",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "5e811066c5ab709b070659197dccfb80ab650ddd",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "9df59009dfc6d9fc1bd9ddf6c5ab6e56d6ed887a",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "51db04892a993cace63415be99848970a0f15ef2",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "8162ee5d94b8c0351be0a9321be134872a7654a1",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "beb7b66fb489041c50c6473100b383f7a51648fc",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "bfed082ce4b1ce6349b05c09a0fa4f3da35ecb1b",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
},
{
"lessThan": "a164f3a432aae62ca23d03e6d926b122ee5b860d",
"status": "affected",
"version": "10809df84a4d868db61af621bae3658494165279",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/extents.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: aovid use-after-free in ext4_ext_insert_extent()\n\nAs Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is\nreallocated in ext4_ext_create_new_leaf(), we\u0027ll use the stale path and\ncause UAF. Below is a sample trace with dummy values:\n\next4_ext_insert_extent\n path = *ppath = 2000\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(ppath)\n path = *ppath = 2000\n if (depth \u003e path[0].p_maxdepth)\n kfree(path = 2000);\n *ppath = path = NULL;\n path = kcalloc() = 3000\n *ppath = 3000;\n return path;\n /* here path is still 2000, UAF! */\n eh = path[depth].p_hdr\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_ext_insert_extent+0x26d4/0x3330\nRead of size 8 at addr ffff8881027bf7d0 by task kworker/u36:1/179\nCPU: 3 UID: 0 PID: 179 Comm: kworker/u6:1 Not tainted 6.11.0-rc2-dirty #866\nCall Trace:\n \u003cTASK\u003e\n ext4_ext_insert_extent+0x26d4/0x3330\n ext4_ext_map_blocks+0xe22/0x2d40\n ext4_map_blocks+0x71e/0x1700\n ext4_do_writepages+0x1290/0x2800\n[...]\n\nAllocated by task 179:\n ext4_find_extent+0x81c/0x1f70\n ext4_ext_map_blocks+0x146/0x2d40\n ext4_map_blocks+0x71e/0x1700\n ext4_do_writepages+0x1290/0x2800\n ext4_writepages+0x26d/0x4e0\n do_writepages+0x175/0x700\n[...]\n\nFreed by task 179:\n kfree+0xcb/0x240\n ext4_find_extent+0x7c0/0x1f70\n ext4_ext_insert_extent+0xa26/0x3330\n ext4_ext_map_blocks+0xe22/0x2d40\n ext4_map_blocks+0x71e/0x1700\n ext4_do_writepages+0x1290/0x2800\n ext4_writepages+0x26d/0x4e0\n do_writepages+0x175/0x700\n[...]\n==================================================================\n\nSo use *ppath to update the path to avoid the above problem."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:40:24.275Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e17ebe4fdd7665c93ae9459ba40fcdfb76769ac1"
},
{
"url": "https://git.kernel.org/stable/c/975ca06f3fd154c5f7742083e7b2574c57d1c0c3"
},
{
"url": "https://git.kernel.org/stable/c/5e811066c5ab709b070659197dccfb80ab650ddd"
},
{
"url": "https://git.kernel.org/stable/c/9df59009dfc6d9fc1bd9ddf6c5ab6e56d6ed887a"
},
{
"url": "https://git.kernel.org/stable/c/51db04892a993cace63415be99848970a0f15ef2"
},
{
"url": "https://git.kernel.org/stable/c/8162ee5d94b8c0351be0a9321be134872a7654a1"
},
{
"url": "https://git.kernel.org/stable/c/beb7b66fb489041c50c6473100b383f7a51648fc"
},
{
"url": "https://git.kernel.org/stable/c/bfed082ce4b1ce6349b05c09a0fa4f3da35ecb1b"
},
{
"url": "https://git.kernel.org/stable/c/a164f3a432aae62ca23d03e6d926b122ee5b860d"
}
],
"title": "ext4: aovid use-after-free in ext4_ext_insert_extent()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49883",
"datePublished": "2024-10-21T18:01:20.827Z",
"dateReserved": "2024-10-21T12:17:06.021Z",
"dateUpdated": "2025-11-03T22:22:49.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49930 (GCVE-0-2024-49930)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
wifi: ath11k: fix array out-of-bound access in SoC stats
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath11k: fix array out-of-bound access in SoC stats
Currently, the ath11k_soc_dp_stats::hal_reo_error array is defined with a
maximum size of DP_REO_DST_RING_MAX. However, the ath11k_dp_process_rx()
function access ath11k_soc_dp_stats::hal_reo_error using the REO
destination SRNG ring ID, which is incorrect. SRNG ring ID differ from
normal ring ID, and this usage leads to out-of-bounds array access. To fix
this issue, modify ath11k_dp_process_rx() to use the normal ring ID
directly instead of the SRNG ring ID to avoid out-of-bounds array access.
Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
d5c65159f2895379e11ca13f62feabe93278985d , < 0f26f26944035ec67546a944f182cbad6577a9c0
(git)
Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 4dd732893bd38cec51f887244314e2b47f0d658f (git) Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 73e235728e515faccc104b0153b47d0f263b3344 (git) Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 7a552bc2f3efe2aaf77a85cb34cdf4a63d81a1a7 (git) Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 6045ef5b4b00fee3629689f791992900a1c94009 (git) Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 01b77f5ee11c89754fb836af8f76799d3b72ae2f (git) Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 69f253e46af98af17e3efa3e5dfa72fcb7d1983d (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49930",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:39:11.615882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:43.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:16.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath11k/dp_rx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0f26f26944035ec67546a944f182cbad6577a9c0",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "4dd732893bd38cec51f887244314e2b47f0d658f",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "73e235728e515faccc104b0153b47d0f263b3344",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "7a552bc2f3efe2aaf77a85cb34cdf4a63d81a1a7",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "6045ef5b4b00fee3629689f791992900a1c94009",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "01b77f5ee11c89754fb836af8f76799d3b72ae2f",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "69f253e46af98af17e3efa3e5dfa72fcb7d1983d",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath11k/dp_rx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix array out-of-bound access in SoC stats\n\nCurrently, the ath11k_soc_dp_stats::hal_reo_error array is defined with a\nmaximum size of DP_REO_DST_RING_MAX. However, the ath11k_dp_process_rx()\nfunction access ath11k_soc_dp_stats::hal_reo_error using the REO\ndestination SRNG ring ID, which is incorrect. SRNG ring ID differ from\nnormal ring ID, and this usage leads to out-of-bounds array access. To fix\nthis issue, modify ath11k_dp_process_rx() to use the normal ring ID\ndirectly instead of the SRNG ring ID to avoid out-of-bounds array access.\n\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:41:36.400Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f26f26944035ec67546a944f182cbad6577a9c0"
},
{
"url": "https://git.kernel.org/stable/c/4dd732893bd38cec51f887244314e2b47f0d658f"
},
{
"url": "https://git.kernel.org/stable/c/73e235728e515faccc104b0153b47d0f263b3344"
},
{
"url": "https://git.kernel.org/stable/c/7a552bc2f3efe2aaf77a85cb34cdf4a63d81a1a7"
},
{
"url": "https://git.kernel.org/stable/c/6045ef5b4b00fee3629689f791992900a1c94009"
},
{
"url": "https://git.kernel.org/stable/c/01b77f5ee11c89754fb836af8f76799d3b72ae2f"
},
{
"url": "https://git.kernel.org/stable/c/69f253e46af98af17e3efa3e5dfa72fcb7d1983d"
}
],
"title": "wifi: ath11k: fix array out-of-bound access in SoC stats",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49930",
"datePublished": "2024-10-21T18:01:53.126Z",
"dateReserved": "2024-10-21T12:17:06.039Z",
"dateUpdated": "2025-11-03T22:23:16.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47685 (GCVE-0-2024-47685)
Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-11-03 22:20
VLAI?
EPSS
Title
netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending
garbage on the four reserved tcp bits (th->res1)
Use skb_put_zero() to clear the whole TCP header,
as done in nf_reject_ip_tcphdr_put()
BUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255
nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255
nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344
nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48
expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]
nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288
nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161
nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626
nf_hook include/linux/netfilter.h:269 [inline]
NF_HOOK include/linux/netfilter.h:312 [inline]
ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310
__netif_receive_skb_one_core net/core/dev.c:5661 [inline]
__netif_receive_skb+0x1da/0xa00 net/core/dev.c:5775
process_backlog+0x4ad/0xa50 net/core/dev.c:6108
__napi_poll+0xe7/0x980 net/core/dev.c:6772
napi_poll net/core/dev.c:6841 [inline]
net_rx_action+0xa5a/0x19b0 net/core/dev.c:6963
handle_softirqs+0x1ce/0x800 kernel/softirq.c:554
__do_softirq+0x14/0x1a kernel/softirq.c:588
do_softirq+0x9a/0x100 kernel/softirq.c:455
__local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:382
local_bh_enable include/linux/bottom_half.h:33 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:908 [inline]
__dev_queue_xmit+0x2692/0x5610 net/core/dev.c:4450
dev_queue_xmit include/linux/netdevice.h:3105 [inline]
neigh_resolve_output+0x9ca/0xae0 net/core/neighbour.c:1565
neigh_output include/net/neighbour.h:542 [inline]
ip6_finish_output2+0x2347/0x2ba0 net/ipv6/ip6_output.c:141
__ip6_finish_output net/ipv6/ip6_output.c:215 [inline]
ip6_finish_output+0xbb8/0x14b0 net/ipv6/ip6_output.c:226
NF_HOOK_COND include/linux/netfilter.h:303 [inline]
ip6_output+0x356/0x620 net/ipv6/ip6_output.c:247
dst_output include/net/dst.h:450 [inline]
NF_HOOK include/linux/netfilter.h:314 [inline]
ip6_xmit+0x1ba6/0x25d0 net/ipv6/ip6_output.c:366
inet6_csk_xmit+0x442/0x530 net/ipv6/inet6_connection_sock.c:135
__tcp_transmit_skb+0x3b07/0x4880 net/ipv4/tcp_output.c:1466
tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]
tcp_connect+0x35b6/0x7130 net/ipv4/tcp_output.c:4143
tcp_v6_connect+0x1bcc/0x1e40 net/ipv6/tcp_ipv6.c:333
__inet_stream_connect+0x2ef/0x1730 net/ipv4/af_inet.c:679
inet_stream_connect+0x6a/0xd0 net/ipv4/af_inet.c:750
__sys_connect_file net/socket.c:2061 [inline]
__sys_connect+0x606/0x690 net/socket.c:2078
__do_sys_connect net/socket.c:2088 [inline]
__se_sys_connect net/socket.c:2085 [inline]
__x64_sys_connect+0x91/0xe0 net/socket.c:2085
x64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was stored to memory at:
nf_reject_ip6_tcphdr_put+0x60c/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:249
nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344
nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48
expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]
nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288
nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161
nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626
nf_hook include/linux/netfilter.h:269 [inline]
NF_HOOK include/linux/netfilter.h:312 [inline]
ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310
__netif_receive_skb_one_core
---truncated---
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
c8d7b98bec43faaa6583c3135030be5eb4693acb , < 872eca64c3267dbc5836b715716fc6c03a18eda7
(git)
Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < 7bcbc4cda777d26c88500d973fad0d497fc8a82e (git) Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < dcf48ab3ca2c55b09c8f9c8de0df01c1943bc4e5 (git) Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < fbff87d682e57ddbbe82abf6d0a1a4a36a98afcd (git) Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < 7ea2bcfd9bf4c3dbbf22546162226fd1c14d8ad2 (git) Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < af4b8a704f26f38310655bad67fd8096293275a2 (git) Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < 7a7b5a27c53b55e91eecf646d1b204e73fa4af93 (git) Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < 10210658f827ad45061581cbfc05924b723e8922 (git) Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < 9c778fe48d20ef362047e3376dee56d77f8500d4 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:06:45.955918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:14:16.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:20:52.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/netfilter/nf_reject_ipv6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "872eca64c3267dbc5836b715716fc6c03a18eda7",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "7bcbc4cda777d26c88500d973fad0d497fc8a82e",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "dcf48ab3ca2c55b09c8f9c8de0df01c1943bc4e5",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "fbff87d682e57ddbbe82abf6d0a1a4a36a98afcd",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "7ea2bcfd9bf4c3dbbf22546162226fd1c14d8ad2",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "af4b8a704f26f38310655bad67fd8096293275a2",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "7a7b5a27c53b55e91eecf646d1b204e73fa4af93",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "10210658f827ad45061581cbfc05924b723e8922",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "9c778fe48d20ef362047e3376dee56d77f8500d4",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/netfilter/nf_reject_ipv6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.54",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.13",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.2",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()\n\nsyzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending\ngarbage on the four reserved tcp bits (th-\u003eres1)\n\nUse skb_put_zero() to clear the whole TCP header,\nas done in nf_reject_ip_tcphdr_put()\n\nBUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\n nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\n nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\n nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5775\n process_backlog+0x4ad/0xa50 net/core/dev.c:6108\n __napi_poll+0xe7/0x980 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0xa5a/0x19b0 net/core/dev.c:6963\n handle_softirqs+0x1ce/0x800 kernel/softirq.c:554\n __do_softirq+0x14/0x1a kernel/softirq.c:588\n do_softirq+0x9a/0x100 kernel/softirq.c:455\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:382\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:908 [inline]\n __dev_queue_xmit+0x2692/0x5610 net/core/dev.c:4450\n dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n neigh_resolve_output+0x9ca/0xae0 net/core/neighbour.c:1565\n neigh_output include/net/neighbour.h:542 [inline]\n ip6_finish_output2+0x2347/0x2ba0 net/ipv6/ip6_output.c:141\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n ip6_finish_output+0xbb8/0x14b0 net/ipv6/ip6_output.c:226\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip6_output+0x356/0x620 net/ipv6/ip6_output.c:247\n dst_output include/net/dst.h:450 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip6_xmit+0x1ba6/0x25d0 net/ipv6/ip6_output.c:366\n inet6_csk_xmit+0x442/0x530 net/ipv6/inet6_connection_sock.c:135\n __tcp_transmit_skb+0x3b07/0x4880 net/ipv4/tcp_output.c:1466\n tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]\n tcp_connect+0x35b6/0x7130 net/ipv4/tcp_output.c:4143\n tcp_v6_connect+0x1bcc/0x1e40 net/ipv6/tcp_ipv6.c:333\n __inet_stream_connect+0x2ef/0x1730 net/ipv4/af_inet.c:679\n inet_stream_connect+0x6a/0xd0 net/ipv4/af_inet.c:750\n __sys_connect_file net/socket.c:2061 [inline]\n __sys_connect+0x606/0x690 net/socket.c:2078\n __do_sys_connect net/socket.c:2088 [inline]\n __se_sys_connect net/socket.c:2085 [inline]\n __x64_sys_connect+0x91/0xe0 net/socket.c:2085\n x64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was stored to memory at:\n nf_reject_ip6_tcphdr_put+0x60c/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:249\n nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\n nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:37:14.167Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/872eca64c3267dbc5836b715716fc6c03a18eda7"
},
{
"url": "https://git.kernel.org/stable/c/7bcbc4cda777d26c88500d973fad0d497fc8a82e"
},
{
"url": "https://git.kernel.org/stable/c/dcf48ab3ca2c55b09c8f9c8de0df01c1943bc4e5"
},
{
"url": "https://git.kernel.org/stable/c/fbff87d682e57ddbbe82abf6d0a1a4a36a98afcd"
},
{
"url": "https://git.kernel.org/stable/c/7ea2bcfd9bf4c3dbbf22546162226fd1c14d8ad2"
},
{
"url": "https://git.kernel.org/stable/c/af4b8a704f26f38310655bad67fd8096293275a2"
},
{
"url": "https://git.kernel.org/stable/c/7a7b5a27c53b55e91eecf646d1b204e73fa4af93"
},
{
"url": "https://git.kernel.org/stable/c/10210658f827ad45061581cbfc05924b723e8922"
},
{
"url": "https://git.kernel.org/stable/c/9c778fe48d20ef362047e3376dee56d77f8500d4"
}
],
"title": "netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47685",
"datePublished": "2024-10-21T11:53:26.486Z",
"dateReserved": "2024-09-30T16:00:12.941Z",
"dateUpdated": "2025-11-03T22:20:52.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52340 (GCVE-0-2023-52340)
Vulnerability from cvelistv5 – Published: 2024-07-05 00:00 – Updated: 2025-11-04 17:14
VLAI?
EPSS
Summary
The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52340",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T13:36:20.176084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T13:48:52.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:14:06.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=af6d10345ca76670c1b7c37799f0d5576ccef277"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240816-0005/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T02:01:14.688Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=af6d10345ca76670c1b7c37799f0d5576ccef277"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52340",
"datePublished": "2024-07-05T00:00:00.000Z",
"dateReserved": "2024-01-12T00:00:00.000Z",
"dateUpdated": "2025-11-04T17:14:06.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-46343 (GCVE-0-2023-46343)
Vulnerability from cvelistv5 – Published: 2024-01-23 00:00 – Updated: 2025-06-17 13:55
VLAI?
EPSS
Summary
In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c.
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:45:41.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/netdev/20231013184129.18738-1-krzysztof.kozlowski%40linaro.org/T/#r38bdbaf8ae15305b77f6c5bc8e15d38f405623c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/7937609cd387246aed994e81aa4fa951358fba41"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7937609cd387246aed994e81aa4fa951358fba41"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-46343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T13:55:02.811515Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T13:55:44.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T09:54:49.419Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://lore.kernel.org/netdev/20231013184129.18738-1-krzysztof.kozlowski%40linaro.org/T/#r38bdbaf8ae15305b77f6c5bc8e15d38f405623c7"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9"
},
{
"url": "https://github.com/torvalds/linux/commit/7937609cd387246aed994e81aa4fa951358fba41"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7937609cd387246aed994e81aa4fa951358fba41"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46343",
"datePublished": "2024-01-23T00:00:00.000Z",
"dateReserved": "2023-10-23T00:00:00.000Z",
"dateUpdated": "2025-06-17T13:55:44.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47534 (GCVE-0-2021-47534)
Vulnerability from cvelistv5 – Published: 2024-05-24 15:09 – Updated: 2025-05-04 07:13
VLAI?
EPSS
Title
drm/vc4: kms: Add missing drm_crtc_commit_put
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/vc4: kms: Add missing drm_crtc_commit_put
Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before a
commit") introduced a global state for the HVS, with each FIFO storing
the current CRTC commit so that we can properly synchronize commits.
However, the refcounting was off and we thus ended up leaking the
drm_crtc_commit structure every commit. Add a drm_crtc_commit_put to
prevent the leakage.
Severity ?
4.1 (Medium)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T16:50:30.871991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T16:13:57.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:39:59.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/53f9601e908d42481addd67cdb01a9288c611124"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/049cfff8d53a30cae3349ff71a4c01b7d9981bc2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/vc4/vc4_kms.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "53f9601e908d42481addd67cdb01a9288c611124",
"status": "affected",
"version": "9ec03d7f1ed394897891319a4dda75f52c5d292d",
"versionType": "git"
},
{
"lessThan": "049cfff8d53a30cae3349ff71a4c01b7d9981bc2",
"status": "affected",
"version": "9ec03d7f1ed394897891319a4dda75f52c5d292d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/vc4/vc4_kms.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.7",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: kms: Add missing drm_crtc_commit_put\n\nCommit 9ec03d7f1ed3 (\"drm/vc4: kms: Wait on previous FIFO users before a\ncommit\") introduced a global state for the HVS, with each FIFO storing\nthe current CRTC commit so that we can properly synchronize commits.\n\nHowever, the refcounting was off and we thus ended up leaking the\ndrm_crtc_commit structure every commit. Add a drm_crtc_commit_put to\nprevent the leakage."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:13:01.395Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/53f9601e908d42481addd67cdb01a9288c611124"
},
{
"url": "https://git.kernel.org/stable/c/049cfff8d53a30cae3349ff71a4c01b7d9981bc2"
}
],
"title": "drm/vc4: kms: Add missing drm_crtc_commit_put",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47534",
"datePublished": "2024-05-24T15:09:43.344Z",
"dateReserved": "2024-05-24T15:02:54.826Z",
"dateUpdated": "2025-05-04T07:13:01.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35862 (GCVE-0-2024-35862)
Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2026-01-05 10:35
VLAI?
EPSS
Title
smb: client: fix potential UAF in smb2_is_network_name_deleted()
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in smb2_is_network_name_deleted()
Skip sessions that are being teared down (status == SES_EXITING) to
avoid UAF.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
9e550b085206544bd03a8b1dd58a5414e9508351 , < f9414004798d9742c1af23a1d839fe6a9503751c
(git)
Affected: 9e550b085206544bd03a8b1dd58a5414e9508351 , < aa582b33f94453fdeaff1e7d0aa252c505975e01 (git) Affected: 9e550b085206544bd03a8b1dd58a5414e9508351 , < d919b6ea15ffa56fbafef4a1d92f47aeda9af645 (git) Affected: 9e550b085206544bd03a8b1dd58a5414e9508351 , < 63981561ffd2d4987807df4126f96a11e18b0c1d (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f9414004798d9742c1af23a1d839fe6a9503751c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa582b33f94453fdeaff1e7d0aa252c505975e01"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d919b6ea15ffa56fbafef4a1d92f47aeda9af645"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/63981561ffd2d4987807df4126f96a11e18b0c1d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:41:27.598442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:17.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/client/smb2ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f9414004798d9742c1af23a1d839fe6a9503751c",
"status": "affected",
"version": "9e550b085206544bd03a8b1dd58a5414e9508351",
"versionType": "git"
},
{
"lessThan": "aa582b33f94453fdeaff1e7d0aa252c505975e01",
"status": "affected",
"version": "9e550b085206544bd03a8b1dd58a5414e9508351",
"versionType": "git"
},
{
"lessThan": "d919b6ea15ffa56fbafef4a1d92f47aeda9af645",
"status": "affected",
"version": "9e550b085206544bd03a8b1dd58a5414e9508351",
"versionType": "git"
},
{
"lessThan": "63981561ffd2d4987807df4126f96a11e18b0c1d",
"status": "affected",
"version": "9e550b085206544bd03a8b1dd58a5414e9508351",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/client/smb2ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in smb2_is_network_name_deleted()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:35:28.531Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f9414004798d9742c1af23a1d839fe6a9503751c"
},
{
"url": "https://git.kernel.org/stable/c/aa582b33f94453fdeaff1e7d0aa252c505975e01"
},
{
"url": "https://git.kernel.org/stable/c/d919b6ea15ffa56fbafef4a1d92f47aeda9af645"
},
{
"url": "https://git.kernel.org/stable/c/63981561ffd2d4987807df4126f96a11e18b0c1d"
}
],
"title": "smb: client: fix potential UAF in smb2_is_network_name_deleted()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35862",
"datePublished": "2024-05-19T08:34:21.173Z",
"dateReserved": "2024-05-17T13:50:33.107Z",
"dateUpdated": "2026-01-05T10:35:28.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49891 (GCVE-0-2024-49891)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2026-01-05 10:54
VLAI?
EPSS
Title
scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths
When the HBA is undergoing a reset or is handling an errata event, NULL ptr
dereference crashes may occur in routines such as
lpfc_sli_flush_io_rings(), lpfc_dev_loss_tmo_callbk(), or
lpfc_abort_handler().
Add NULL ptr checks before dereferencing hdwq pointers that may have been
freed due to operations colliding with a reset or errata event handler.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
895427bd012ce5814fc9888c7c0ee9de44761833 , < 5873aa7f814754085d418848b2089ef406a02dd0
(git)
Affected: 895427bd012ce5814fc9888c7c0ee9de44761833 , < 232a138bd843d48cb2368f604646d990db7640f3 (git) Affected: 895427bd012ce5814fc9888c7c0ee9de44761833 , < 99a801e2fca39a6f31e543fc3383058a8955896f (git) Affected: 895427bd012ce5814fc9888c7c0ee9de44761833 , < fd665c8dbdb19548965b0ae80c490de00e906366 (git) Affected: 895427bd012ce5814fc9888c7c0ee9de44761833 , < 2be1d4f11944cd6283cb97268b3e17c4424945ca (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49891",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:44:17.771940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:49.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:41:36.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_hbadisc.c",
"drivers/scsi/lpfc/lpfc_scsi.c",
"drivers/scsi/lpfc/lpfc_sli.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5873aa7f814754085d418848b2089ef406a02dd0",
"status": "affected",
"version": "895427bd012ce5814fc9888c7c0ee9de44761833",
"versionType": "git"
},
{
"lessThan": "232a138bd843d48cb2368f604646d990db7640f3",
"status": "affected",
"version": "895427bd012ce5814fc9888c7c0ee9de44761833",
"versionType": "git"
},
{
"lessThan": "99a801e2fca39a6f31e543fc3383058a8955896f",
"status": "affected",
"version": "895427bd012ce5814fc9888c7c0ee9de44761833",
"versionType": "git"
},
{
"lessThan": "fd665c8dbdb19548965b0ae80c490de00e906366",
"status": "affected",
"version": "895427bd012ce5814fc9888c7c0ee9de44761833",
"versionType": "git"
},
{
"lessThan": "2be1d4f11944cd6283cb97268b3e17c4424945ca",
"status": "affected",
"version": "895427bd012ce5814fc9888c7c0ee9de44761833",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_hbadisc.c",
"drivers/scsi/lpfc/lpfc_scsi.c",
"drivers/scsi/lpfc/lpfc_sli.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths\n\nWhen the HBA is undergoing a reset or is handling an errata event, NULL ptr\ndereference crashes may occur in routines such as\nlpfc_sli_flush_io_rings(), lpfc_dev_loss_tmo_callbk(), or\nlpfc_abort_handler().\n\nAdd NULL ptr checks before dereferencing hdwq pointers that may have been\nfreed due to operations colliding with a reset or errata event handler."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:54:15.472Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5873aa7f814754085d418848b2089ef406a02dd0"
},
{
"url": "https://git.kernel.org/stable/c/232a138bd843d48cb2368f604646d990db7640f3"
},
{
"url": "https://git.kernel.org/stable/c/99a801e2fca39a6f31e543fc3383058a8955896f"
},
{
"url": "https://git.kernel.org/stable/c/fd665c8dbdb19548965b0ae80c490de00e906366"
},
{
"url": "https://git.kernel.org/stable/c/2be1d4f11944cd6283cb97268b3e17c4424945ca"
}
],
"title": "scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49891",
"datePublished": "2024-10-21T18:01:26.314Z",
"dateReserved": "2024-10-21T12:17:06.025Z",
"dateUpdated": "2026-01-05T10:54:15.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27043 (GCVE-0-2024-27043)
Vulnerability from cvelistv5 – Published: 2024-05-01 12:54 – Updated: 2025-05-04 09:02
VLAI?
EPSS
Title
media: edia: dvbdev: fix a use-after-free
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: edia: dvbdev: fix a use-after-free
In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed
in several error-handling paths. However, *pdvbdev is not set to NULL
after dvbdev's deallocation, causing use-after-frees in many places,
for example, in the following call chain:
budget_register
|-> dvb_dmxdev_init
|-> dvb_register_device
|-> dvb_dmxdev_release
|-> dvb_unregister_device
|-> dvb_remove_device
|-> dvb_device_put
|-> kref_put
When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in
dvb_register_device) could point to memory that had been freed in
dvb_register_device. Thereafter, this pointer is transferred to
kref_put and triggering a use-after-free.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
b61901024776b25ce7b8edc31bb1757c7382a88e , < d0f5c28333822f9baa5280d813124920720fd856
(git)
Affected: b61901024776b25ce7b8edc31bb1757c7382a88e , < f20c3270f3ed5aa6919a87e4de9bf6c05fb57086 (git) Affected: b61901024776b25ce7b8edc31bb1757c7382a88e , < 096237039d00c839f3e3a5fe6d001bf0db45b644 (git) Affected: b61901024776b25ce7b8edc31bb1757c7382a88e , < 0d3fe80b6d175c220b3e252efc6c6777e700e98e (git) Affected: b61901024776b25ce7b8edc31bb1757c7382a88e , < 437a111f79a2f5b2a5f21e27fdec6f40c8768712 (git) Affected: b61901024776b25ce7b8edc31bb1757c7382a88e , < 779e8db7efb22316c8581d6c229636d2f5694a62 (git) Affected: b61901024776b25ce7b8edc31bb1757c7382a88e , < 35674111a043b0482a9bc69da8850a83f465b07d (git) Affected: b61901024776b25ce7b8edc31bb1757c7382a88e , < b7586e902128e4fb7bfbb661cb52e4215a65637b (git) Affected: b61901024776b25ce7b8edc31bb1757c7382a88e , < 8c64f4cdf4e6cc5682c52523713af8c39c94e6d5 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0f5c28333822f9baa5280d813124920720fd856"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f20c3270f3ed5aa6919a87e4de9bf6c05fb57086"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/096237039d00c839f3e3a5fe6d001bf0db45b644"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d3fe80b6d175c220b3e252efc6c6777e700e98e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/437a111f79a2f5b2a5f21e27fdec6f40c8768712"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/779e8db7efb22316c8581d6c229636d2f5694a62"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35674111a043b0482a9bc69da8850a83f465b07d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7586e902128e4fb7bfbb661cb52e4215a65637b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c64f4cdf4e6cc5682c52523713af8c39c94e6d5"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T19:22:34.576999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T19:22:42.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-core/dvbdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d0f5c28333822f9baa5280d813124920720fd856",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "f20c3270f3ed5aa6919a87e4de9bf6c05fb57086",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "096237039d00c839f3e3a5fe6d001bf0db45b644",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "0d3fe80b6d175c220b3e252efc6c6777e700e98e",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "437a111f79a2f5b2a5f21e27fdec6f40c8768712",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "779e8db7efb22316c8581d6c229636d2f5694a62",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "35674111a043b0482a9bc69da8850a83f465b07d",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "b7586e902128e4fb7bfbb661cb52e4215a65637b",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "8c64f4cdf4e6cc5682c52523713af8c39c94e6d5",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-core/dvbdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.21"
},
{
"lessThan": "2.6.21",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: edia: dvbdev: fix a use-after-free\n\nIn dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed\nin several error-handling paths. However, *pdvbdev is not set to NULL\nafter dvbdev\u0027s deallocation, causing use-after-frees in many places,\nfor example, in the following call chain:\n\nbudget_register\n |-\u003e dvb_dmxdev_init\n |-\u003e dvb_register_device\n |-\u003e dvb_dmxdev_release\n |-\u003e dvb_unregister_device\n |-\u003e dvb_remove_device\n |-\u003e dvb_device_put\n |-\u003e kref_put\n\nWhen calling dvb_unregister_device, dmxdev-\u003edvbdev (i.e. *pdvbdev in\ndvb_register_device) could point to memory that had been freed in\ndvb_register_device. Thereafter, this pointer is transferred to\nkref_put and triggering a use-after-free."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:02:57.936Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d0f5c28333822f9baa5280d813124920720fd856"
},
{
"url": "https://git.kernel.org/stable/c/f20c3270f3ed5aa6919a87e4de9bf6c05fb57086"
},
{
"url": "https://git.kernel.org/stable/c/096237039d00c839f3e3a5fe6d001bf0db45b644"
},
{
"url": "https://git.kernel.org/stable/c/0d3fe80b6d175c220b3e252efc6c6777e700e98e"
},
{
"url": "https://git.kernel.org/stable/c/437a111f79a2f5b2a5f21e27fdec6f40c8768712"
},
{
"url": "https://git.kernel.org/stable/c/779e8db7efb22316c8581d6c229636d2f5694a62"
},
{
"url": "https://git.kernel.org/stable/c/35674111a043b0482a9bc69da8850a83f465b07d"
},
{
"url": "https://git.kernel.org/stable/c/b7586e902128e4fb7bfbb661cb52e4215a65637b"
},
{
"url": "https://git.kernel.org/stable/c/8c64f4cdf4e6cc5682c52523713af8c39c94e6d5"
}
],
"title": "media: edia: dvbdev: fix a use-after-free",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27043",
"datePublished": "2024-05-01T12:54:11.197Z",
"dateReserved": "2024-02-19T14:20:24.212Z",
"dateUpdated": "2025-05-04T09:02:57.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48999 (GCVE-0-2022-48999)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference
Gwangun Jung reported a slab-out-of-bounds access in fib_nh_match:
fib_nh_match+0xf98/0x1130 linux-6.0-rc7/net/ipv4/fib_semantics.c:961
fib_table_delete+0x5f3/0xa40 linux-6.0-rc7/net/ipv4/fib_trie.c:1753
inet_rtm_delroute+0x2b3/0x380 linux-6.0-rc7/net/ipv4/fib_frontend.c:874
Separate nexthop objects are mutually exclusive with the legacy
multipath spec. Fix fib_nh_match to return if the config for the
to be deleted route contains a multipath spec while the fib_info
is using a nexthop object.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
493ced1ac47c48bb86d9d4e8e87df8592be85a0e , < cc3cd130ecfb8b0ae52e235e487bae3f16a24a32
(git)
Affected: 493ced1ac47c48bb86d9d4e8e87df8592be85a0e , < 0b5394229ebae09afc07aabccb5ffd705ffd250e (git) Affected: 493ced1ac47c48bb86d9d4e8e87df8592be85a0e , < 25174d91e4a32a24204060d283bd5fa6d0ddf133 (git) Affected: 493ced1ac47c48bb86d9d4e8e87df8592be85a0e , < bb20a2ae241be846bc3c11ea4b3a3c69e41d51f2 (git) Affected: 493ced1ac47c48bb86d9d4e8e87df8592be85a0e , < 61b91eb33a69c3be11b259c5ea484505cd79f883 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48999",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:15:25.948167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:40.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/fib_semantics.c",
"tools/testing/selftests/net/fib_nexthops.sh"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cc3cd130ecfb8b0ae52e235e487bae3f16a24a32",
"status": "affected",
"version": "493ced1ac47c48bb86d9d4e8e87df8592be85a0e",
"versionType": "git"
},
{
"lessThan": "0b5394229ebae09afc07aabccb5ffd705ffd250e",
"status": "affected",
"version": "493ced1ac47c48bb86d9d4e8e87df8592be85a0e",
"versionType": "git"
},
{
"lessThan": "25174d91e4a32a24204060d283bd5fa6d0ddf133",
"status": "affected",
"version": "493ced1ac47c48bb86d9d4e8e87df8592be85a0e",
"versionType": "git"
},
{
"lessThan": "bb20a2ae241be846bc3c11ea4b3a3c69e41d51f2",
"status": "affected",
"version": "493ced1ac47c48bb86d9d4e8e87df8592be85a0e",
"versionType": "git"
},
{
"lessThan": "61b91eb33a69c3be11b259c5ea484505cd79f883",
"status": "affected",
"version": "493ced1ac47c48bb86d9d4e8e87df8592be85a0e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/fib_semantics.c",
"tools/testing/selftests/net/fib_nexthops.sh"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: Handle attempt to delete multipath route when fib_info contains an nh reference\n\nGwangun Jung reported a slab-out-of-bounds access in fib_nh_match:\n fib_nh_match+0xf98/0x1130 linux-6.0-rc7/net/ipv4/fib_semantics.c:961\n fib_table_delete+0x5f3/0xa40 linux-6.0-rc7/net/ipv4/fib_trie.c:1753\n inet_rtm_delroute+0x2b3/0x380 linux-6.0-rc7/net/ipv4/fib_frontend.c:874\n\nSeparate nexthop objects are mutually exclusive with the legacy\nmultipath spec. Fix fib_nh_match to return if the config for the\nto be deleted route contains a multipath spec while the fib_info\nis using a nexthop object."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:46.832Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cc3cd130ecfb8b0ae52e235e487bae3f16a24a32"
},
{
"url": "https://git.kernel.org/stable/c/0b5394229ebae09afc07aabccb5ffd705ffd250e"
},
{
"url": "https://git.kernel.org/stable/c/25174d91e4a32a24204060d283bd5fa6d0ddf133"
},
{
"url": "https://git.kernel.org/stable/c/bb20a2ae241be846bc3c11ea4b3a3c69e41d51f2"
},
{
"url": "https://git.kernel.org/stable/c/61b91eb33a69c3be11b259c5ea484505cd79f883"
}
],
"title": "ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48999",
"datePublished": "2024-10-21T20:06:14.118Z",
"dateReserved": "2024-08-22T01:27:53.642Z",
"dateUpdated": "2025-05-04T08:27:46.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50047 (GCVE-0-2024-50047)
Vulnerability from cvelistv5 – Published: 2024-10-21 19:39 – Updated: 2026-01-05 10:54
VLAI?
EPSS
Title
smb: client: fix UAF in async decryption
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix UAF in async decryption
Doing an async decryption (large read) crashes with a
slab-use-after-free way down in the crypto API.
Reproducer:
# mount.cifs -o ...,seal,esize=1 //srv/share /mnt
# dd if=/mnt/largefile of=/dev/null
...
[ 194.196391] ==================================================================
[ 194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110
[ 194.197269] Read of size 8 at addr ffff888112bd0448 by task kworker/u77:2/899
[ 194.197707]
[ 194.197818] CPU: 12 UID: 0 PID: 899 Comm: kworker/u77:2 Not tainted 6.11.0-lku-00028-gfca3ca14a17a-dirty #43
[ 194.198400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014
[ 194.199046] Workqueue: smb3decryptd smb2_decrypt_offload [cifs]
[ 194.200032] Call Trace:
[ 194.200191] <TASK>
[ 194.200327] dump_stack_lvl+0x4e/0x70
[ 194.200558] ? gf128mul_4k_lle+0xc1/0x110
[ 194.200809] print_report+0x174/0x505
[ 194.201040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 194.201352] ? srso_return_thunk+0x5/0x5f
[ 194.201604] ? __virt_addr_valid+0xdf/0x1c0
[ 194.201868] ? gf128mul_4k_lle+0xc1/0x110
[ 194.202128] kasan_report+0xc8/0x150
[ 194.202361] ? gf128mul_4k_lle+0xc1/0x110
[ 194.202616] gf128mul_4k_lle+0xc1/0x110
[ 194.202863] ghash_update+0x184/0x210
[ 194.203103] shash_ahash_update+0x184/0x2a0
[ 194.203377] ? __pfx_shash_ahash_update+0x10/0x10
[ 194.203651] ? srso_return_thunk+0x5/0x5f
[ 194.203877] ? crypto_gcm_init_common+0x1ba/0x340
[ 194.204142] gcm_hash_assoc_remain_continue+0x10a/0x140
[ 194.204434] crypt_message+0xec1/0x10a0 [cifs]
[ 194.206489] ? __pfx_crypt_message+0x10/0x10 [cifs]
[ 194.208507] ? srso_return_thunk+0x5/0x5f
[ 194.209205] ? srso_return_thunk+0x5/0x5f
[ 194.209925] ? srso_return_thunk+0x5/0x5f
[ 194.210443] ? srso_return_thunk+0x5/0x5f
[ 194.211037] decrypt_raw_data+0x15f/0x250 [cifs]
[ 194.212906] ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]
[ 194.214670] ? srso_return_thunk+0x5/0x5f
[ 194.215193] smb2_decrypt_offload+0x12a/0x6c0 [cifs]
This is because TFM is being used in parallel.
Fix this by allocating a new AEAD TFM for async decryption, but keep
the existing one for synchronous READ cases (similar to what is done
in smb3_calc_signature()).
Also remove the calls to aead_request_set_callback() and
crypto_wait_req() since it's always going to be a synchronous operation.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
35cf94a397280b9e27576ac1480f631bdd3e7b70 , < 8f14a476abba13144df5434871a7225fd29af633
(git)
Affected: 35cf94a397280b9e27576ac1480f631bdd3e7b70 , < ef51c0d544b1518b35364480317ab6d3468f205d (git) Affected: 35cf94a397280b9e27576ac1480f631bdd3e7b70 , < bce966530fd5542bbb422cb45ecb775f7a1a6bc3 (git) Affected: 35cf94a397280b9e27576ac1480f631bdd3e7b70 , < 0809fb86ad13b29e1d6d491364fc7ea4fb545995 (git) Affected: 35cf94a397280b9e27576ac1480f631bdd3e7b70 , < 538c26d9bf70c90edc460d18c81008a4e555925a (git) Affected: 35cf94a397280b9e27576ac1480f631bdd3e7b70 , < b0abcd65ec545701b8793e12bc27dc98042b151a (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50047",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:23:59.456851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:43.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:43:16.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/client/smb2ops.c",
"fs/smb/client/smb2pdu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8f14a476abba13144df5434871a7225fd29af633",
"status": "affected",
"version": "35cf94a397280b9e27576ac1480f631bdd3e7b70",
"versionType": "git"
},
{
"lessThan": "ef51c0d544b1518b35364480317ab6d3468f205d",
"status": "affected",
"version": "35cf94a397280b9e27576ac1480f631bdd3e7b70",
"versionType": "git"
},
{
"lessThan": "bce966530fd5542bbb422cb45ecb775f7a1a6bc3",
"status": "affected",
"version": "35cf94a397280b9e27576ac1480f631bdd3e7b70",
"versionType": "git"
},
{
"lessThan": "0809fb86ad13b29e1d6d491364fc7ea4fb545995",
"status": "affected",
"version": "35cf94a397280b9e27576ac1480f631bdd3e7b70",
"versionType": "git"
},
{
"lessThan": "538c26d9bf70c90edc460d18c81008a4e555925a",
"status": "affected",
"version": "35cf94a397280b9e27576ac1480f631bdd3e7b70",
"versionType": "git"
},
{
"lessThan": "b0abcd65ec545701b8793e12bc27dc98042b151a",
"status": "affected",
"version": "35cf94a397280b9e27576ac1480f631bdd3e7b70",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/client/smb2ops.c",
"fs/smb/client/smb2pdu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.128",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.57",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.237",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.181",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.128",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.57",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.4",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix UAF in async decryption\n\nDoing an async decryption (large read) crashes with a\nslab-use-after-free way down in the crypto API.\n\nReproducer:\n # mount.cifs -o ...,seal,esize=1 //srv/share /mnt\n # dd if=/mnt/largefile of=/dev/null\n ...\n [ 194.196391] ==================================================================\n [ 194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110\n [ 194.197269] Read of size 8 at addr ffff888112bd0448 by task kworker/u77:2/899\n [ 194.197707]\n [ 194.197818] CPU: 12 UID: 0 PID: 899 Comm: kworker/u77:2 Not tainted 6.11.0-lku-00028-gfca3ca14a17a-dirty #43\n [ 194.198400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014\n [ 194.199046] Workqueue: smb3decryptd smb2_decrypt_offload [cifs]\n [ 194.200032] Call Trace:\n [ 194.200191] \u003cTASK\u003e\n [ 194.200327] dump_stack_lvl+0x4e/0x70\n [ 194.200558] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.200809] print_report+0x174/0x505\n [ 194.201040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n [ 194.201352] ? srso_return_thunk+0x5/0x5f\n [ 194.201604] ? __virt_addr_valid+0xdf/0x1c0\n [ 194.201868] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.202128] kasan_report+0xc8/0x150\n [ 194.202361] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.202616] gf128mul_4k_lle+0xc1/0x110\n [ 194.202863] ghash_update+0x184/0x210\n [ 194.203103] shash_ahash_update+0x184/0x2a0\n [ 194.203377] ? __pfx_shash_ahash_update+0x10/0x10\n [ 194.203651] ? srso_return_thunk+0x5/0x5f\n [ 194.203877] ? crypto_gcm_init_common+0x1ba/0x340\n [ 194.204142] gcm_hash_assoc_remain_continue+0x10a/0x140\n [ 194.204434] crypt_message+0xec1/0x10a0 [cifs]\n [ 194.206489] ? __pfx_crypt_message+0x10/0x10 [cifs]\n [ 194.208507] ? srso_return_thunk+0x5/0x5f\n [ 194.209205] ? srso_return_thunk+0x5/0x5f\n [ 194.209925] ? srso_return_thunk+0x5/0x5f\n [ 194.210443] ? srso_return_thunk+0x5/0x5f\n [ 194.211037] decrypt_raw_data+0x15f/0x250 [cifs]\n [ 194.212906] ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]\n [ 194.214670] ? srso_return_thunk+0x5/0x5f\n [ 194.215193] smb2_decrypt_offload+0x12a/0x6c0 [cifs]\n\nThis is because TFM is being used in parallel.\n\nFix this by allocating a new AEAD TFM for async decryption, but keep\nthe existing one for synchronous READ cases (similar to what is done\nin smb3_calc_signature()).\n\nAlso remove the calls to aead_request_set_callback() and\ncrypto_wait_req() since it\u0027s always going to be a synchronous operation."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:54:46.912Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8f14a476abba13144df5434871a7225fd29af633"
},
{
"url": "https://git.kernel.org/stable/c/ef51c0d544b1518b35364480317ab6d3468f205d"
},
{
"url": "https://git.kernel.org/stable/c/bce966530fd5542bbb422cb45ecb775f7a1a6bc3"
},
{
"url": "https://git.kernel.org/stable/c/0809fb86ad13b29e1d6d491364fc7ea4fb545995"
},
{
"url": "https://git.kernel.org/stable/c/538c26d9bf70c90edc460d18c81008a4e555925a"
},
{
"url": "https://git.kernel.org/stable/c/b0abcd65ec545701b8793e12bc27dc98042b151a"
}
],
"title": "smb: client: fix UAF in async decryption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50047",
"datePublished": "2024-10-21T19:39:44.430Z",
"dateReserved": "2024-10-21T12:17:06.071Z",
"dateUpdated": "2026-01-05T10:54:46.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48956 (GCVE-0-2022-48956)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:26
VLAI?
EPSS
Title
ipv6: avoid use-after-free in ip6_fragment()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: avoid use-after-free in ip6_fragment()
Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers.
It seems to not be always true, at least for UDP stack.
syzbot reported:
BUG: KASAN: use-after-free in ip6_dst_idev include/net/ip6_fib.h:245 [inline]
BUG: KASAN: use-after-free in ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951
Read of size 8 at addr ffff88801d403e80 by task syz-executor.3/7618
CPU: 1 PID: 7618 Comm: syz-executor.3 Not tainted 6.1.0-rc6-syzkaller-00012-g4312098baf37 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:284 [inline]
print_report+0x15e/0x45d mm/kasan/report.c:395
kasan_report+0xbf/0x1f0 mm/kasan/report.c:495
ip6_dst_idev include/net/ip6_fib.h:245 [inline]
ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951
__ip6_finish_output net/ipv6/ip6_output.c:193 [inline]
ip6_finish_output+0x9a3/0x1170 net/ipv6/ip6_output.c:206
NF_HOOK_COND include/linux/netfilter.h:291 [inline]
ip6_output+0x1f1/0x540 net/ipv6/ip6_output.c:227
dst_output include/net/dst.h:445 [inline]
ip6_local_out+0xb3/0x1a0 net/ipv6/output_core.c:161
ip6_send_skb+0xbb/0x340 net/ipv6/ip6_output.c:1966
udp_v6_send_skb+0x82a/0x18a0 net/ipv6/udp.c:1286
udp_v6_push_pending_frames+0x140/0x200 net/ipv6/udp.c:1313
udpv6_sendmsg+0x18da/0x2c80 net/ipv6/udp.c:1606
inet6_sendmsg+0x9d/0xe0 net/ipv6/af_inet6.c:665
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0xd3/0x120 net/socket.c:734
sock_write_iter+0x295/0x3d0 net/socket.c:1108
call_write_iter include/linux/fs.h:2191 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x9ed/0xdd0 fs/read_write.c:584
ksys_write+0x1ec/0x250 fs/read_write.c:637
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fde3588c0d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fde365b6168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fde359ac050 RCX: 00007fde3588c0d9
RDX: 000000000000ffdc RSI: 00000000200000c0 RDI: 000000000000000a
RBP: 00007fde358e7ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fde35acfb1f R14: 00007fde365b6300 R15: 0000000000022000
</TASK>
Allocated by task 7618:
kasan_save_stack+0x22/0x40 mm/kasan/common.c:45
kasan_set_track+0x25/0x30 mm/kasan/common.c:52
__kasan_slab_alloc+0x82/0x90 mm/kasan/common.c:325
kasan_slab_alloc include/linux/kasan.h:201 [inline]
slab_post_alloc_hook mm/slab.h:737 [inline]
slab_alloc_node mm/slub.c:3398 [inline]
slab_alloc mm/slub.c:3406 [inline]
__kmem_cache_alloc_lru mm/slub.c:3413 [inline]
kmem_cache_alloc+0x2b4/0x3d0 mm/slub.c:3422
dst_alloc+0x14a/0x1f0 net/core/dst.c:92
ip6_dst_alloc+0x32/0xa0 net/ipv6/route.c:344
ip6_rt_pcpu_alloc net/ipv6/route.c:1369 [inline]
rt6_make_pcpu_route net/ipv6/route.c:1417 [inline]
ip6_pol_route+0x901/0x1190 net/ipv6/route.c:2254
pol_lookup_func include/net/ip6_fib.h:582 [inline]
fib6_rule_lookup+0x52e/0x6f0 net/ipv6/fib6_rules.c:121
ip6_route_output_flags_noref+0x2e6/0x380 net/ipv6/route.c:2625
ip6_route_output_flags+0x76/0x320 net/ipv6/route.c:2638
ip6_route_output include/net/ip6_route.h:98 [inline]
ip6_dst_lookup_tail+0x5ab/0x1620 net/ipv6/ip6_output.c:1092
ip6_dst_lookup_flow+0x90/0x1d0 net/ipv6/ip6_output.c:1222
ip6_sk_dst_lookup_flow+0x553/0x980 net/ipv6/ip6_output.c:1260
udpv6_sendmsg+0x151d/0x2c80 net/ipv6/udp.c:1554
inet6_sendmsg+0x9d/0xe0 net/ipv6/af_inet6.c:665
sock_sendmsg_nosec n
---truncated---
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
1758fd4688eb92c796e75bdb1d256dc558ef9581 , < b3d7ff8c04a83279fb7641fc4d5aa82a602df7c0
(git)
Affected: 1758fd4688eb92c796e75bdb1d256dc558ef9581 , < 7e0dcd5f3ade221a6126278aca60c8ab4cc3bce9 (git) Affected: 1758fd4688eb92c796e75bdb1d256dc558ef9581 , < 6b6d3be3661bff2746cab26147bd629aa034e094 (git) Affected: 1758fd4688eb92c796e75bdb1d256dc558ef9581 , < 8208d7e56b1e579320b9ff3712739ad2e63e1f86 (git) Affected: 1758fd4688eb92c796e75bdb1d256dc558ef9581 , < 7390c70bd431cbfa6951477e2c80a301643e284b (git) Affected: 1758fd4688eb92c796e75bdb1d256dc558ef9581 , < 9b1a468a455d8319041528778d0e684a4c062792 (git) Affected: 1758fd4688eb92c796e75bdb1d256dc558ef9581 , < 803e84867de59a1e5d126666d25eb4860cfd2ebe (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:21:00.418896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:39.848Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_output.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b3d7ff8c04a83279fb7641fc4d5aa82a602df7c0",
"status": "affected",
"version": "1758fd4688eb92c796e75bdb1d256dc558ef9581",
"versionType": "git"
},
{
"lessThan": "7e0dcd5f3ade221a6126278aca60c8ab4cc3bce9",
"status": "affected",
"version": "1758fd4688eb92c796e75bdb1d256dc558ef9581",
"versionType": "git"
},
{
"lessThan": "6b6d3be3661bff2746cab26147bd629aa034e094",
"status": "affected",
"version": "1758fd4688eb92c796e75bdb1d256dc558ef9581",
"versionType": "git"
},
{
"lessThan": "8208d7e56b1e579320b9ff3712739ad2e63e1f86",
"status": "affected",
"version": "1758fd4688eb92c796e75bdb1d256dc558ef9581",
"versionType": "git"
},
{
"lessThan": "7390c70bd431cbfa6951477e2c80a301643e284b",
"status": "affected",
"version": "1758fd4688eb92c796e75bdb1d256dc558ef9581",
"versionType": "git"
},
{
"lessThan": "9b1a468a455d8319041528778d0e684a4c062792",
"status": "affected",
"version": "1758fd4688eb92c796e75bdb1d256dc558ef9581",
"versionType": "git"
},
{
"lessThan": "803e84867de59a1e5d126666d25eb4860cfd2ebe",
"status": "affected",
"version": "1758fd4688eb92c796e75bdb1d256dc558ef9581",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_output.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.13"
},
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.302",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.269",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: avoid use-after-free in ip6_fragment()\n\nBlamed commit claimed rcu_read_lock() was held by ip6_fragment() callers.\n\nIt seems to not be always true, at least for UDP stack.\n\nsyzbot reported:\n\nBUG: KASAN: use-after-free in ip6_dst_idev include/net/ip6_fib.h:245 [inline]\nBUG: KASAN: use-after-free in ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951\nRead of size 8 at addr ffff88801d403e80 by task syz-executor.3/7618\n\nCPU: 1 PID: 7618 Comm: syz-executor.3 Not tainted 6.1.0-rc6-syzkaller-00012-g4312098baf37 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x15e/0x45d mm/kasan/report.c:395\n kasan_report+0xbf/0x1f0 mm/kasan/report.c:495\n ip6_dst_idev include/net/ip6_fib.h:245 [inline]\n ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951\n __ip6_finish_output net/ipv6/ip6_output.c:193 [inline]\n ip6_finish_output+0x9a3/0x1170 net/ipv6/ip6_output.c:206\n NF_HOOK_COND include/linux/netfilter.h:291 [inline]\n ip6_output+0x1f1/0x540 net/ipv6/ip6_output.c:227\n dst_output include/net/dst.h:445 [inline]\n ip6_local_out+0xb3/0x1a0 net/ipv6/output_core.c:161\n ip6_send_skb+0xbb/0x340 net/ipv6/ip6_output.c:1966\n udp_v6_send_skb+0x82a/0x18a0 net/ipv6/udp.c:1286\n udp_v6_push_pending_frames+0x140/0x200 net/ipv6/udp.c:1313\n udpv6_sendmsg+0x18da/0x2c80 net/ipv6/udp.c:1606\n inet6_sendmsg+0x9d/0xe0 net/ipv6/af_inet6.c:665\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg+0xd3/0x120 net/socket.c:734\n sock_write_iter+0x295/0x3d0 net/socket.c:1108\n call_write_iter include/linux/fs.h:2191 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x9ed/0xdd0 fs/read_write.c:584\n ksys_write+0x1ec/0x250 fs/read_write.c:637\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fde3588c0d9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fde365b6168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00007fde359ac050 RCX: 00007fde3588c0d9\nRDX: 000000000000ffdc RSI: 00000000200000c0 RDI: 000000000000000a\nRBP: 00007fde358e7ae9 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fde35acfb1f R14: 00007fde365b6300 R15: 0000000000022000\n \u003c/TASK\u003e\n\nAllocated by task 7618:\n kasan_save_stack+0x22/0x40 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x82/0x90 mm/kasan/common.c:325\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slab.h:737 [inline]\n slab_alloc_node mm/slub.c:3398 [inline]\n slab_alloc mm/slub.c:3406 [inline]\n __kmem_cache_alloc_lru mm/slub.c:3413 [inline]\n kmem_cache_alloc+0x2b4/0x3d0 mm/slub.c:3422\n dst_alloc+0x14a/0x1f0 net/core/dst.c:92\n ip6_dst_alloc+0x32/0xa0 net/ipv6/route.c:344\n ip6_rt_pcpu_alloc net/ipv6/route.c:1369 [inline]\n rt6_make_pcpu_route net/ipv6/route.c:1417 [inline]\n ip6_pol_route+0x901/0x1190 net/ipv6/route.c:2254\n pol_lookup_func include/net/ip6_fib.h:582 [inline]\n fib6_rule_lookup+0x52e/0x6f0 net/ipv6/fib6_rules.c:121\n ip6_route_output_flags_noref+0x2e6/0x380 net/ipv6/route.c:2625\n ip6_route_output_flags+0x76/0x320 net/ipv6/route.c:2638\n ip6_route_output include/net/ip6_route.h:98 [inline]\n ip6_dst_lookup_tail+0x5ab/0x1620 net/ipv6/ip6_output.c:1092\n ip6_dst_lookup_flow+0x90/0x1d0 net/ipv6/ip6_output.c:1222\n ip6_sk_dst_lookup_flow+0x553/0x980 net/ipv6/ip6_output.c:1260\n udpv6_sendmsg+0x151d/0x2c80 net/ipv6/udp.c:1554\n inet6_sendmsg+0x9d/0xe0 net/ipv6/af_inet6.c:665\n sock_sendmsg_nosec n\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:26:53.995Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b3d7ff8c04a83279fb7641fc4d5aa82a602df7c0"
},
{
"url": "https://git.kernel.org/stable/c/7e0dcd5f3ade221a6126278aca60c8ab4cc3bce9"
},
{
"url": "https://git.kernel.org/stable/c/6b6d3be3661bff2746cab26147bd629aa034e094"
},
{
"url": "https://git.kernel.org/stable/c/8208d7e56b1e579320b9ff3712739ad2e63e1f86"
},
{
"url": "https://git.kernel.org/stable/c/7390c70bd431cbfa6951477e2c80a301643e284b"
},
{
"url": "https://git.kernel.org/stable/c/9b1a468a455d8319041528778d0e684a4c062792"
},
{
"url": "https://git.kernel.org/stable/c/803e84867de59a1e5d126666d25eb4860cfd2ebe"
}
],
"title": "ipv6: avoid use-after-free in ip6_fragment()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48956",
"datePublished": "2024-10-21T20:05:42.379Z",
"dateReserved": "2024-08-22T01:27:53.627Z",
"dateUpdated": "2025-05-04T08:26:53.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35863 (GCVE-0-2024-35863)
Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2026-01-05 10:35
VLAI?
EPSS
Title
smb: client: fix potential UAF in is_valid_oplock_break()
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in is_valid_oplock_break()
Skip sessions that are being teared down (status == SES_EXITING) to
avoid UAF.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 494c91e1e9413b407d12166a61b84200d4d54fac
(git)
Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 0a15ba88a32fa7a516aff7ffd27befed5334dff2 (git) Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 16d58c6a7db5050b9638669084b63fc05f951825 (git) Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 69ccf040acddf33a3a85ec0f6b45ef84b0f7ec29 (git) Affected: a67172a013953664b1dad03c648200c70b90506c (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/494c91e1e9413b407d12166a61b84200d4d54fac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0a15ba88a32fa7a516aff7ffd27befed5334dff2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/16d58c6a7db5050b9638669084b63fc05f951825"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69ccf040acddf33a3a85ec0f6b45ef84b0f7ec29"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35863",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:41:24.364295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:16.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/client/misc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "494c91e1e9413b407d12166a61b84200d4d54fac",
"status": "affected",
"version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
"versionType": "git"
},
{
"lessThan": "0a15ba88a32fa7a516aff7ffd27befed5334dff2",
"status": "affected",
"version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
"versionType": "git"
},
{
"lessThan": "16d58c6a7db5050b9638669084b63fc05f951825",
"status": "affected",
"version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
"versionType": "git"
},
{
"lessThan": "69ccf040acddf33a3a85ec0f6b45ef84b0f7ec29",
"status": "affected",
"version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
"versionType": "git"
},
{
"status": "affected",
"version": "a67172a013953664b1dad03c648200c70b90506c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/client/misc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.13"
},
{
"lessThan": "3.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.12.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in is_valid_oplock_break()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:35:29.880Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/494c91e1e9413b407d12166a61b84200d4d54fac"
},
{
"url": "https://git.kernel.org/stable/c/0a15ba88a32fa7a516aff7ffd27befed5334dff2"
},
{
"url": "https://git.kernel.org/stable/c/16d58c6a7db5050b9638669084b63fc05f951825"
},
{
"url": "https://git.kernel.org/stable/c/69ccf040acddf33a3a85ec0f6b45ef84b0f7ec29"
}
],
"title": "smb: client: fix potential UAF in is_valid_oplock_break()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35863",
"datePublished": "2024-05-19T08:34:22.114Z",
"dateReserved": "2024-05-17T13:50:33.107Z",
"dateUpdated": "2026-01-05T10:35:29.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38538 (GCVE-0-2024-38538)
Vulnerability from cvelistv5 – Published: 2024-06-19 13:35 – Updated: 2025-11-03 20:38
VLAI?
EPSS
Title
net: bridge: xmit: make sure we have at least eth header len bytes
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: xmit: make sure we have at least eth header len bytes
syzbot triggered an uninit value[1] error in bridge device's xmit path
by sending a short (less than ETH_HLEN bytes) skb. To fix it check if
we can actually pull that amount instead of assuming.
Tested with dropwatch:
drop at: br_dev_xmit+0xb93/0x12d0 [bridge] (0xffffffffc06739b3)
origin: software
timestamp: Mon May 13 11:31:53 2024 778214037 nsec
protocol: 0x88a8
length: 2
original length: 2
drop reason: PKT_TOO_SMALL
[1]
BUG: KMSAN: uninit-value in br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65
br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65
__netdev_start_xmit include/linux/netdevice.h:4903 [inline]
netdev_start_xmit include/linux/netdevice.h:4917 [inline]
xmit_one net/core/dev.c:3531 [inline]
dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547
__dev_queue_xmit+0x34db/0x5350 net/core/dev.c:4341
dev_queue_xmit include/linux/netdevice.h:3091 [inline]
__bpf_tx_skb net/core/filter.c:2136 [inline]
__bpf_redirect_common net/core/filter.c:2180 [inline]
__bpf_redirect+0x14a6/0x1620 net/core/filter.c:2187
____bpf_clone_redirect net/core/filter.c:2460 [inline]
bpf_clone_redirect+0x328/0x470 net/core/filter.c:2432
___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997
__bpf_prog_run512+0xb5/0xe0 kernel/bpf/core.c:2238
bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
__bpf_prog_run include/linux/filter.h:657 [inline]
bpf_prog_run include/linux/filter.h:664 [inline]
bpf_test_run+0x499/0xc30 net/bpf/test_run.c:425
bpf_prog_test_run_skb+0x14ea/0x1f20 net/bpf/test_run.c:1058
bpf_prog_test_run+0x6b7/0xad0 kernel/bpf/syscall.c:4269
__sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5678
__do_sys_bpf kernel/bpf/syscall.c:5767 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5765 [inline]
__x64_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5765
x64_sys_call+0x96b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:322
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3e01fc3c66e65d9afe98f1489047a1b2dd8741ca
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b2b7c43cd32080221bb233741bd6011983fe7c11 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 82090f94c723dab724b1c32db406091d40448a17 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c964429ef53f42098a6545a5dabeb1441c1e821d (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 28126b83f86ab9cc7936029c2dff845d3dcedba2 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1abb371147905ba250b4cc0230c4be7e90bea4d5 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f482fd4ce919836a49012b2d31b00fc36e2488f2 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 5b5d669f569807c7ab07546e73c0741845a2547a (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8bd67ebb50c0145fd2ca8681ab65eb7e8cde1afc (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:38:07.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/28126b83f86ab9cc7936029c2dff845d3dcedba2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1abb371147905ba250b4cc0230c4be7e90bea4d5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f482fd4ce919836a49012b2d31b00fc36e2488f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5b5d669f569807c7ab07546e73c0741845a2547a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8bd67ebb50c0145fd2ca8681ab65eb7e8cde1afc"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38538",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:15:16.575973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:58.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bridge/br_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3e01fc3c66e65d9afe98f1489047a1b2dd8741ca",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b2b7c43cd32080221bb233741bd6011983fe7c11",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "82090f94c723dab724b1c32db406091d40448a17",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c964429ef53f42098a6545a5dabeb1441c1e821d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "28126b83f86ab9cc7936029c2dff845d3dcedba2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1abb371147905ba250b4cc0230c4be7e90bea4d5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f482fd4ce919836a49012b2d31b00fc36e2488f2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5b5d669f569807c7ab07546e73c0741845a2547a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8bd67ebb50c0145fd2ca8681ab65eb7e8cde1afc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bridge/br_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.324",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.286",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.172",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.324",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.286",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.230",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.172",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: xmit: make sure we have at least eth header len bytes\n\nsyzbot triggered an uninit value[1] error in bridge device\u0027s xmit path\nby sending a short (less than ETH_HLEN bytes) skb. To fix it check if\nwe can actually pull that amount instead of assuming.\n\nTested with dropwatch:\n drop at: br_dev_xmit+0xb93/0x12d0 [bridge] (0xffffffffc06739b3)\n origin: software\n timestamp: Mon May 13 11:31:53 2024 778214037 nsec\n protocol: 0x88a8\n length: 2\n original length: 2\n drop reason: PKT_TOO_SMALL\n\n[1]\nBUG: KMSAN: uninit-value in br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65\n br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65\n __netdev_start_xmit include/linux/netdevice.h:4903 [inline]\n netdev_start_xmit include/linux/netdevice.h:4917 [inline]\n xmit_one net/core/dev.c:3531 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547\n __dev_queue_xmit+0x34db/0x5350 net/core/dev.c:4341\n dev_queue_xmit include/linux/netdevice.h:3091 [inline]\n __bpf_tx_skb net/core/filter.c:2136 [inline]\n __bpf_redirect_common net/core/filter.c:2180 [inline]\n __bpf_redirect+0x14a6/0x1620 net/core/filter.c:2187\n ____bpf_clone_redirect net/core/filter.c:2460 [inline]\n bpf_clone_redirect+0x328/0x470 net/core/filter.c:2432\n ___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997\n __bpf_prog_run512+0xb5/0xe0 kernel/bpf/core.c:2238\n bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]\n __bpf_prog_run include/linux/filter.h:657 [inline]\n bpf_prog_run include/linux/filter.h:664 [inline]\n bpf_test_run+0x499/0xc30 net/bpf/test_run.c:425\n bpf_prog_test_run_skb+0x14ea/0x1f20 net/bpf/test_run.c:1058\n bpf_prog_test_run+0x6b7/0xad0 kernel/bpf/syscall.c:4269\n __sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5678\n __do_sys_bpf kernel/bpf/syscall.c:5767 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5765 [inline]\n __x64_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5765\n x64_sys_call+0x96b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:322\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:32.769Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3e01fc3c66e65d9afe98f1489047a1b2dd8741ca"
},
{
"url": "https://git.kernel.org/stable/c/b2b7c43cd32080221bb233741bd6011983fe7c11"
},
{
"url": "https://git.kernel.org/stable/c/82090f94c723dab724b1c32db406091d40448a17"
},
{
"url": "https://git.kernel.org/stable/c/c964429ef53f42098a6545a5dabeb1441c1e821d"
},
{
"url": "https://git.kernel.org/stable/c/28126b83f86ab9cc7936029c2dff845d3dcedba2"
},
{
"url": "https://git.kernel.org/stable/c/1abb371147905ba250b4cc0230c4be7e90bea4d5"
},
{
"url": "https://git.kernel.org/stable/c/f482fd4ce919836a49012b2d31b00fc36e2488f2"
},
{
"url": "https://git.kernel.org/stable/c/5b5d669f569807c7ab07546e73c0741845a2547a"
},
{
"url": "https://git.kernel.org/stable/c/8bd67ebb50c0145fd2ca8681ab65eb7e8cde1afc"
}
],
"title": "net: bridge: xmit: make sure we have at least eth header len bytes",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38538",
"datePublished": "2024-06-19T13:35:13.384Z",
"dateReserved": "2024-06-18T19:36:34.918Z",
"dateUpdated": "2025-11-03T20:38:07.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49957 (GCVE-0-2024-49957)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23
VLAI?
EPSS
Title
ocfs2: fix null-ptr-deref when journal load failed.
Summary
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix null-ptr-deref when journal load failed.
During the mounting process, if journal_reset() fails because of too short
journal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer.
Subsequently, ocfs2_journal_shutdown() calls
jbd2_journal_flush()->jbd2_cleanup_journal_tail()->
__jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail()
->lock_buffer(journal->j_sb_buffer), resulting in a null-pointer
dereference error.
To resolve this issue, we should check the JBD2_LOADED flag to ensure the
journal was properly loaded. Additionally, use journal instead of
osb->journal directly to simplify the code.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < fd89d92c1140cee8f59de336cb37fa65e359c123
(git)
Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < 703b2c7e0798d263154dc8593dc2345f75dc077f (git) Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < bf605ae98dab5c15c5b631d4d7f88898cb41b649 (git) Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < ff55291fb36779819211b596da703389135f5b05 (git) Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < 82dfdd1e31e774578f76ce6dc90c834f96403a0f (git) Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < 86a89e75e9e4dfa768b97db466ad6bedf2e7ea5b (git) Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < f60e94a83db799bde625ac8671a5b4a6354e7120 (git) Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < 387bf565cc03e2e8c720b8b4798efea4aacb6962 (git) Affected: f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 , < 5784d9fcfd43bd853654bb80c87ef293b9e8e80a (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:35:36.575300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:48.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:36.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/journal.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fd89d92c1140cee8f59de336cb37fa65e359c123",
"status": "affected",
"version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
"versionType": "git"
},
{
"lessThan": "703b2c7e0798d263154dc8593dc2345f75dc077f",
"status": "affected",
"version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
"versionType": "git"
},
{
"lessThan": "bf605ae98dab5c15c5b631d4d7f88898cb41b649",
"status": "affected",
"version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
"versionType": "git"
},
{
"lessThan": "ff55291fb36779819211b596da703389135f5b05",
"status": "affected",
"version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
"versionType": "git"
},
{
"lessThan": "82dfdd1e31e774578f76ce6dc90c834f96403a0f",
"status": "affected",
"version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
"versionType": "git"
},
{
"lessThan": "86a89e75e9e4dfa768b97db466ad6bedf2e7ea5b",
"status": "affected",
"version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
"versionType": "git"
},
{
"lessThan": "f60e94a83db799bde625ac8671a5b4a6354e7120",
"status": "affected",
"version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
"versionType": "git"
},
{
"lessThan": "387bf565cc03e2e8c720b8b4798efea4aacb6962",
"status": "affected",
"version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
"versionType": "git"
},
{
"lessThan": "5784d9fcfd43bd853654bb80c87ef293b9e8e80a",
"status": "affected",
"version": "f6f50e28f0cb8d7bcdfaacc83129f005dede11b1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/journal.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.32"
},
{
"lessThan": "2.6.32",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix null-ptr-deref when journal load failed.\n\nDuring the mounting process, if journal_reset() fails because of too short\njournal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. \nSubsequently, ocfs2_journal_shutdown() calls\njbd2_journal_flush()-\u003ejbd2_cleanup_journal_tail()-\u003e\n__jbd2_update_log_tail()-\u003ejbd2_journal_update_sb_log_tail()\n-\u003elock_buffer(journal-\u003ej_sb_buffer), resulting in a null-pointer\ndereference error.\n\nTo resolve this issue, we should check the JBD2_LOADED flag to ensure the\njournal was properly loaded. Additionally, use journal instead of\nosb-\u003ejournal directly to simplify the code."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:42:19.684Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fd89d92c1140cee8f59de336cb37fa65e359c123"
},
{
"url": "https://git.kernel.org/stable/c/703b2c7e0798d263154dc8593dc2345f75dc077f"
},
{
"url": "https://git.kernel.org/stable/c/bf605ae98dab5c15c5b631d4d7f88898cb41b649"
},
{
"url": "https://git.kernel.org/stable/c/ff55291fb36779819211b596da703389135f5b05"
},
{
"url": "https://git.kernel.org/stable/c/82dfdd1e31e774578f76ce6dc90c834f96403a0f"
},
{
"url": "https://git.kernel.org/stable/c/86a89e75e9e4dfa768b97db466ad6bedf2e7ea5b"
},
{
"url": "https://git.kernel.org/stable/c/f60e94a83db799bde625ac8671a5b4a6354e7120"
},
{
"url": "https://git.kernel.org/stable/c/387bf565cc03e2e8c720b8b4798efea4aacb6962"
},
{
"url": "https://git.kernel.org/stable/c/5784d9fcfd43bd853654bb80c87ef293b9e8e80a"
}
],
"title": "ocfs2: fix null-ptr-deref when journal load failed.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49957",
"datePublished": "2024-10-21T18:02:11.046Z",
"dateReserved": "2024-10-21T12:17:06.048Z",
"dateUpdated": "2025-11-03T22:23:36.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48997 (GCVE-0-2022-48997)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
char: tpm: Protect tpm_pm_suspend with locks
Summary
In the Linux kernel, the following vulnerability has been resolved:
char: tpm: Protect tpm_pm_suspend with locks
Currently tpm transactions are executed unconditionally in
tpm_pm_suspend() function, which may lead to races with other tpm
accessors in the system.
Specifically, the hw_random tpm driver makes use of tpm_get_random(),
and this function is called in a loop from a kthread, which means it's
not frozen alongside userspace, and so can race with the work done
during system suspend:
tpm tpm0: tpm_transmit: tpm_recv: error -52
tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics
CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014
Call Trace:
tpm_tis_status.cold+0x19/0x20
tpm_transmit+0x13b/0x390
tpm_transmit_cmd+0x20/0x80
tpm1_pm_suspend+0xa6/0x110
tpm_pm_suspend+0x53/0x80
__pnp_bus_suspend+0x35/0xe0
__device_suspend+0x10f/0x350
Fix this by calling tpm_try_get_ops(), which itself is a wrapper around
tpm_chip_start(), but takes the appropriate mutex.
[Jason: reworked commit message, added metadata]
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
e891db1a18bf11e02533ec2386b796cfd8d60666 , < d699373ac5f3545243d3c73a1ccab77fdef8cec6
(git)
Affected: e891db1a18bf11e02533ec2386b796cfd8d60666 , < 4e0d6c687c925e27fd4bc78a2721d10acf5614d6 (git) Affected: e891db1a18bf11e02533ec2386b796cfd8d60666 , < 571b6bbbf54d835ea6120f65575cb55cd767e603 (git) Affected: e891db1a18bf11e02533ec2386b796cfd8d60666 , < 25b78bf98b07ff5aceb9b1e24f72ec0236c5c053 (git) Affected: e891db1a18bf11e02533ec2386b796cfd8d60666 , < 23393c6461422df5bf8084a086ada9a7e17dc2ba (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:15:42.230328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:41.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/char/tpm/tpm-interface.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d699373ac5f3545243d3c73a1ccab77fdef8cec6",
"status": "affected",
"version": "e891db1a18bf11e02533ec2386b796cfd8d60666",
"versionType": "git"
},
{
"lessThan": "4e0d6c687c925e27fd4bc78a2721d10acf5614d6",
"status": "affected",
"version": "e891db1a18bf11e02533ec2386b796cfd8d60666",
"versionType": "git"
},
{
"lessThan": "571b6bbbf54d835ea6120f65575cb55cd767e603",
"status": "affected",
"version": "e891db1a18bf11e02533ec2386b796cfd8d60666",
"versionType": "git"
},
{
"lessThan": "25b78bf98b07ff5aceb9b1e24f72ec0236c5c053",
"status": "affected",
"version": "e891db1a18bf11e02533ec2386b796cfd8d60666",
"versionType": "git"
},
{
"lessThan": "23393c6461422df5bf8084a086ada9a7e17dc2ba",
"status": "affected",
"version": "e891db1a18bf11e02533ec2386b796cfd8d60666",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/char/tpm/tpm-interface.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.226",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: tpm: Protect tpm_pm_suspend with locks\n\nCurrently tpm transactions are executed unconditionally in\ntpm_pm_suspend() function, which may lead to races with other tpm\naccessors in the system.\n\nSpecifically, the hw_random tpm driver makes use of tpm_get_random(),\nand this function is called in a loop from a kthread, which means it\u0027s\nnot frozen alongside userspace, and so can race with the work done\nduring system suspend:\n\n tpm tpm0: tpm_transmit: tpm_recv: error -52\n tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics\n CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014\n Call Trace:\n tpm_tis_status.cold+0x19/0x20\n tpm_transmit+0x13b/0x390\n tpm_transmit_cmd+0x20/0x80\n tpm1_pm_suspend+0xa6/0x110\n tpm_pm_suspend+0x53/0x80\n __pnp_bus_suspend+0x35/0xe0\n __device_suspend+0x10f/0x350\n\nFix this by calling tpm_try_get_ops(), which itself is a wrapper around\ntpm_chip_start(), but takes the appropriate mutex.\n\n[Jason: reworked commit message, added metadata]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:44.392Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d699373ac5f3545243d3c73a1ccab77fdef8cec6"
},
{
"url": "https://git.kernel.org/stable/c/4e0d6c687c925e27fd4bc78a2721d10acf5614d6"
},
{
"url": "https://git.kernel.org/stable/c/571b6bbbf54d835ea6120f65575cb55cd767e603"
},
{
"url": "https://git.kernel.org/stable/c/25b78bf98b07ff5aceb9b1e24f72ec0236c5c053"
},
{
"url": "https://git.kernel.org/stable/c/23393c6461422df5bf8084a086ada9a7e17dc2ba"
}
],
"title": "char: tpm: Protect tpm_pm_suspend with locks",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48997",
"datePublished": "2024-10-21T20:06:12.787Z",
"dateReserved": "2024-08-22T01:27:53.637Z",
"dateUpdated": "2025-05-04T08:27:44.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2166 (GCVE-0-2023-2166)
Vulnerability from cvelistv5 – Published: 2023-04-19 00:00 – Updated: 2025-02-05 15:13
VLAI?
EPSS
Summary
A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.
Severity ?
5.5 (Medium)
CWE
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/lkml/CAO4mrfcV_07hbj8NUuZrA8FH-kaRsrFy-2metecpTuE5kKHn5w%40mail.gmail.com/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-2166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T15:12:07.422598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T15:13:09.129Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Linux",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux Kernel version prior to Kernel 6.1 RC9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://lore.kernel.org/lkml/CAO4mrfcV_07hbj8NUuZrA8FH-kaRsrFy-2metecpTuE5kKHn5w%40mail.gmail.com/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-2166",
"datePublished": "2023-04-19T00:00:00.000Z",
"dateReserved": "2023-04-18T00:00:00.000Z",
"dateUpdated": "2025-02-05T15:13:09.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47416 (GCVE-0-2021-47416)
Vulnerability from cvelistv5 – Published: 2024-05-21 15:04 – Updated: 2025-05-04 07:10
VLAI?
EPSS
Title
phy: mdio: fix memory leak
Summary
In the Linux kernel, the following vulnerability has been resolved:
phy: mdio: fix memory leak
Syzbot reported memory leak in MDIO bus interface, the problem was in
wrong state logic.
MDIOBUS_ALLOCATED indicates 2 states:
1. Bus is only allocated
2. Bus allocated and __mdiobus_register() fails, but
device_register() was called
In case of device_register() has been called we should call put_device()
to correctly free the memory allocated for this device, but mdiobus_free()
calls just kfree(dev) in case of MDIOBUS_ALLOCATED state
To avoid this behaviour we need to set bus->state to MDIOBUS_UNREGISTERED
_before_ calling device_register(), because put_device() should be
called even in case of device_register() failure.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
46abc02175b3c246dd5141d878f565a8725060c9 , < 25e9f88c7e3cc35f5e3d3db199660d28a15df639
(git)
Affected: 46abc02175b3c246dd5141d878f565a8725060c9 , < 2250392d930bd0d989f24d355d6355b0150256e7 (git) Affected: 46abc02175b3c246dd5141d878f565a8725060c9 , < f4f502a04ee1e543825af78f47eb7785015cd9f6 (git) Affected: 46abc02175b3c246dd5141d878f565a8725060c9 , < 2397b9e118721292429fea8807a698e71b94795f (git) Affected: 46abc02175b3c246dd5141d878f565a8725060c9 , < 414bb4ead1362ef2c8592db723c017258f213988 (git) Affected: 46abc02175b3c246dd5141d878f565a8725060c9 , < 0d2dd40a7be61b89a7c99dae8ee96389d27b413a (git) Affected: 46abc02175b3c246dd5141d878f565a8725060c9 , < 064c2616234a7394867c924b5c1303974f3a4f4d (git) Affected: 46abc02175b3c246dd5141d878f565a8725060c9 , < ca6e11c337daf7925ff8a2aac8e84490a8691905 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47416",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T17:32:44.904318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:14.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:39:59.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25e9f88c7e3cc35f5e3d3db199660d28a15df639"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2250392d930bd0d989f24d355d6355b0150256e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f4f502a04ee1e543825af78f47eb7785015cd9f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2397b9e118721292429fea8807a698e71b94795f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/414bb4ead1362ef2c8592db723c017258f213988"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d2dd40a7be61b89a7c99dae8ee96389d27b413a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/064c2616234a7394867c924b5c1303974f3a4f4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca6e11c337daf7925ff8a2aac8e84490a8691905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/phy/mdio_bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "25e9f88c7e3cc35f5e3d3db199660d28a15df639",
"status": "affected",
"version": "46abc02175b3c246dd5141d878f565a8725060c9",
"versionType": "git"
},
{
"lessThan": "2250392d930bd0d989f24d355d6355b0150256e7",
"status": "affected",
"version": "46abc02175b3c246dd5141d878f565a8725060c9",
"versionType": "git"
},
{
"lessThan": "f4f502a04ee1e543825af78f47eb7785015cd9f6",
"status": "affected",
"version": "46abc02175b3c246dd5141d878f565a8725060c9",
"versionType": "git"
},
{
"lessThan": "2397b9e118721292429fea8807a698e71b94795f",
"status": "affected",
"version": "46abc02175b3c246dd5141d878f565a8725060c9",
"versionType": "git"
},
{
"lessThan": "414bb4ead1362ef2c8592db723c017258f213988",
"status": "affected",
"version": "46abc02175b3c246dd5141d878f565a8725060c9",
"versionType": "git"
},
{
"lessThan": "0d2dd40a7be61b89a7c99dae8ee96389d27b413a",
"status": "affected",
"version": "46abc02175b3c246dd5141d878f565a8725060c9",
"versionType": "git"
},
{
"lessThan": "064c2616234a7394867c924b5c1303974f3a4f4d",
"status": "affected",
"version": "46abc02175b3c246dd5141d878f565a8725060c9",
"versionType": "git"
},
{
"lessThan": "ca6e11c337daf7925ff8a2aac8e84490a8691905",
"status": "affected",
"version": "46abc02175b3c246dd5141d878f565a8725060c9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/phy/mdio_bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.28"
},
{
"lessThan": "2.6.28",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.289",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.287",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.251",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.73",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.14.*",
"status": "unaffected",
"version": "5.14.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.289",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.287",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.251",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.211",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.153",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.73",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14.12",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15",
"versionStartIncluding": "2.6.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: mdio: fix memory leak\n\nSyzbot reported memory leak in MDIO bus interface, the problem was in\nwrong state logic.\n\nMDIOBUS_ALLOCATED indicates 2 states:\n\t1. Bus is only allocated\n\t2. Bus allocated and __mdiobus_register() fails, but\n\t device_register() was called\n\nIn case of device_register() has been called we should call put_device()\nto correctly free the memory allocated for this device, but mdiobus_free()\ncalls just kfree(dev) in case of MDIOBUS_ALLOCATED state\n\nTo avoid this behaviour we need to set bus-\u003estate to MDIOBUS_UNREGISTERED\n_before_ calling device_register(), because put_device() should be\ncalled even in case of device_register() failure."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:10:28.073Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/25e9f88c7e3cc35f5e3d3db199660d28a15df639"
},
{
"url": "https://git.kernel.org/stable/c/2250392d930bd0d989f24d355d6355b0150256e7"
},
{
"url": "https://git.kernel.org/stable/c/f4f502a04ee1e543825af78f47eb7785015cd9f6"
},
{
"url": "https://git.kernel.org/stable/c/2397b9e118721292429fea8807a698e71b94795f"
},
{
"url": "https://git.kernel.org/stable/c/414bb4ead1362ef2c8592db723c017258f213988"
},
{
"url": "https://git.kernel.org/stable/c/0d2dd40a7be61b89a7c99dae8ee96389d27b413a"
},
{
"url": "https://git.kernel.org/stable/c/064c2616234a7394867c924b5c1303974f3a4f4d"
},
{
"url": "https://git.kernel.org/stable/c/ca6e11c337daf7925ff8a2aac8e84490a8691905"
}
],
"title": "phy: mdio: fix memory leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47416",
"datePublished": "2024-05-21T15:04:06.042Z",
"dateReserved": "2024-05-21T14:58:30.818Z",
"dateUpdated": "2025-05-04T07:10:28.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49925 (GCVE-0-2024-49925)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 20:42
VLAI?
EPSS
Title
fbdev: efifb: Register sysfs groups through driver core
Summary
In the Linux kernel, the following vulnerability has been resolved:
fbdev: efifb: Register sysfs groups through driver core
The driver core can register and cleanup sysfs groups already.
Make use of that functionality to simplify the error handling and
cleanup.
Also avoid a UAF race during unregistering where the sysctl attributes
were usable after the info struct was freed.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
753375a881caa01112b7cec2c796749154e0bb23 , < 2a9c40c72097b583b23aeb2a26d429ccfc81fbc1
(git)
Affected: 753375a881caa01112b7cec2c796749154e0bb23 , < 36bfefb6baaa8e46de44f4fd919ce4347337620f (git) Affected: 753375a881caa01112b7cec2c796749154e0bb23 , < 872cd2d029d2c970a8a1eea88b48dab2b3f2e93a (git) Affected: 753375a881caa01112b7cec2c796749154e0bb23 , < 4684d69b9670a83992189f6271dc0fcdec4ed0d7 (git) Affected: 753375a881caa01112b7cec2c796749154e0bb23 , < 95cdd538e0e5677efbdf8aade04ec098ab98f457 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49925",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:39:49.983687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:44.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:42:00.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/efifb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2a9c40c72097b583b23aeb2a26d429ccfc81fbc1",
"status": "affected",
"version": "753375a881caa01112b7cec2c796749154e0bb23",
"versionType": "git"
},
{
"lessThan": "36bfefb6baaa8e46de44f4fd919ce4347337620f",
"status": "affected",
"version": "753375a881caa01112b7cec2c796749154e0bb23",
"versionType": "git"
},
{
"lessThan": "872cd2d029d2c970a8a1eea88b48dab2b3f2e93a",
"status": "affected",
"version": "753375a881caa01112b7cec2c796749154e0bb23",
"versionType": "git"
},
{
"lessThan": "4684d69b9670a83992189f6271dc0fcdec4ed0d7",
"status": "affected",
"version": "753375a881caa01112b7cec2c796749154e0bb23",
"versionType": "git"
},
{
"lessThan": "95cdd538e0e5677efbdf8aade04ec098ab98f457",
"status": "affected",
"version": "753375a881caa01112b7cec2c796749154e0bb23",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/efifb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: efifb: Register sysfs groups through driver core\n\nThe driver core can register and cleanup sysfs groups already.\nMake use of that functionality to simplify the error handling and\ncleanup.\n\nAlso avoid a UAF race during unregistering where the sysctl attributes\nwere usable after the info struct was freed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:22.064Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2a9c40c72097b583b23aeb2a26d429ccfc81fbc1"
},
{
"url": "https://git.kernel.org/stable/c/36bfefb6baaa8e46de44f4fd919ce4347337620f"
},
{
"url": "https://git.kernel.org/stable/c/872cd2d029d2c970a8a1eea88b48dab2b3f2e93a"
},
{
"url": "https://git.kernel.org/stable/c/4684d69b9670a83992189f6271dc0fcdec4ed0d7"
},
{
"url": "https://git.kernel.org/stable/c/95cdd538e0e5677efbdf8aade04ec098ab98f457"
}
],
"title": "fbdev: efifb: Register sysfs groups through driver core",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49925",
"datePublished": "2024-10-21T18:01:49.732Z",
"dateReserved": "2024-10-21T12:17:06.036Z",
"dateUpdated": "2025-11-03T20:42:00.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49901 (GCVE-0-2024-49901)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-07-28 11:16
VLAI?
EPSS
Title
drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs
There are some cases, such as the one uncovered by Commit 46d4efcccc68
("drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails")
where
msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL);
is called on gpu->pdev == NULL, as the GPU device has not been fully
initialized yet.
Turns out that there's more than just the aforementioned path that
causes this to happen (e.g. the case when there's speedbin data in the
catalog, but opp-supported-hw is missing in DT).
Assigning msm_gpu->pdev earlier seems like the least painful solution
to this, therefore do so.
Patchwork: https://patchwork.freedesktop.org/patch/602742/
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300 , < 9288a9676c529ad9c856096db68fad812499bc4a
(git)
Affected: 0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300 , < 9773737375b20070ea935203fd66cb9fa17c5acb (git) Affected: 0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300 , < e8ac2060597a5768e4699bb61d604b4c09927b85 (git) Affected: 0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300 , < 16007768551d5bfe53426645401435ca8d2ef54f (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:42:53.218810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:47.606Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/adreno/adreno_gpu.c",
"drivers/gpu/drm/msm/msm_gpu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9288a9676c529ad9c856096db68fad812499bc4a",
"status": "affected",
"version": "0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300",
"versionType": "git"
},
{
"lessThan": "9773737375b20070ea935203fd66cb9fa17c5acb",
"status": "affected",
"version": "0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300",
"versionType": "git"
},
{
"lessThan": "e8ac2060597a5768e4699bb61d604b4c09927b85",
"status": "affected",
"version": "0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300",
"versionType": "git"
},
{
"lessThan": "16007768551d5bfe53426645401435ca8d2ef54f",
"status": "affected",
"version": "0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/adreno/adreno_gpu.c",
"drivers/gpu/drm/msm/msm_gpu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.12"
},
{
"lessThan": "3.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/adreno: Assign msm_gpu-\u003epdev earlier to avoid nullptrs\n\nThere are some cases, such as the one uncovered by Commit 46d4efcccc68\n(\"drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails\")\nwhere\n\nmsm_gpu_cleanup() : platform_set_drvdata(gpu-\u003epdev, NULL);\n\nis called on gpu-\u003epdev == NULL, as the GPU device has not been fully\ninitialized yet.\n\nTurns out that there\u0027s more than just the aforementioned path that\ncauses this to happen (e.g. the case when there\u0027s speedbin data in the\ncatalog, but opp-supported-hw is missing in DT).\n\nAssigning msm_gpu-\u003epdev earlier seems like the least painful solution\nto this, therefore do so.\n\nPatchwork: https://patchwork.freedesktop.org/patch/602742/"
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T11:16:41.182Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9288a9676c529ad9c856096db68fad812499bc4a"
},
{
"url": "https://git.kernel.org/stable/c/9773737375b20070ea935203fd66cb9fa17c5acb"
},
{
"url": "https://git.kernel.org/stable/c/e8ac2060597a5768e4699bb61d604b4c09927b85"
},
{
"url": "https://git.kernel.org/stable/c/16007768551d5bfe53426645401435ca8d2ef54f"
}
],
"title": "drm/msm/adreno: Assign msm_gpu-\u003epdev earlier to avoid nullptrs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49901",
"datePublished": "2024-10-21T18:01:33.258Z",
"dateReserved": "2024-10-21T12:17:06.026Z",
"dateUpdated": "2025-07-28T11:16:41.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52766 (GCVE-0-2023-52766)
Vulnerability from cvelistv5 – Published: 2024-05-21 15:30 – Updated: 2025-05-04 07:42
VLAI?
EPSS
Title
i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler
Summary
In the Linux kernel, the following vulnerability has been resolved:
i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler
Do not loop over ring headers in hci_dma_irq_handler() that are not
allocated and enabled in hci_dma_init(). Otherwise out of bounds access
will occur from rings->headers[i] access when i >= number of allocated
ring headers.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < d23ad76f240c0f597b7a9eb79905d246f27d40df
(git)
Affected: 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < 8be39f66915b40d26ea2c18ba84b5c3d5da6809b (git) Affected: 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < 7c2b91b30d74d7c407118ad72502d4ca28af1af6 (git) Affected: 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < 4c86cb2321bd9c72d3b945ce7f747961beda8e65 (git) Affected: 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < 45a832f989e520095429589d5b01b0c65da9b574 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:26:12.286527Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:28.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d23ad76f240c0f597b7a9eb79905d246f27d40df"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8be39f66915b40d26ea2c18ba84b5c3d5da6809b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7c2b91b30d74d7c407118ad72502d4ca28af1af6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c86cb2321bd9c72d3b945ce7f747961beda8e65"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/45a832f989e520095429589d5b01b0c65da9b574"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i3c/master/mipi-i3c-hci/dma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d23ad76f240c0f597b7a9eb79905d246f27d40df",
"status": "affected",
"version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
"versionType": "git"
},
{
"lessThan": "8be39f66915b40d26ea2c18ba84b5c3d5da6809b",
"status": "affected",
"version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
"versionType": "git"
},
{
"lessThan": "7c2b91b30d74d7c407118ad72502d4ca28af1af6",
"status": "affected",
"version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
"versionType": "git"
},
{
"lessThan": "4c86cb2321bd9c72d3b945ce7f747961beda8e65",
"status": "affected",
"version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
"versionType": "git"
},
{
"lessThan": "45a832f989e520095429589d5b01b0c65da9b574",
"status": "affected",
"version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i3c/master/mipi-i3c-hci/dma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler\n\nDo not loop over ring headers in hci_dma_irq_handler() that are not\nallocated and enabled in hci_dma_init(). Otherwise out of bounds access\nwill occur from rings-\u003eheaders[i] access when i \u003e= number of allocated\nring headers."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:42:42.864Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d23ad76f240c0f597b7a9eb79905d246f27d40df"
},
{
"url": "https://git.kernel.org/stable/c/8be39f66915b40d26ea2c18ba84b5c3d5da6809b"
},
{
"url": "https://git.kernel.org/stable/c/7c2b91b30d74d7c407118ad72502d4ca28af1af6"
},
{
"url": "https://git.kernel.org/stable/c/4c86cb2321bd9c72d3b945ce7f747961beda8e65"
},
{
"url": "https://git.kernel.org/stable/c/45a832f989e520095429589d5b01b0c65da9b574"
}
],
"title": "i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52766",
"datePublished": "2024-05-21T15:30:50.343Z",
"dateReserved": "2024-05-21T15:19:24.238Z",
"dateUpdated": "2025-05-04T07:42:42.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42253 (GCVE-0-2024-42253)
Vulnerability from cvelistv5 – Published: 2024-08-08 08:46 – Updated: 2026-01-05 10:52
VLAI?
EPSS
Title
gpio: pca953x: fix pca953x_irq_bus_sync_unlock race
Summary
In the Linux kernel, the following vulnerability has been resolved:
gpio: pca953x: fix pca953x_irq_bus_sync_unlock race
Ensure that `i2c_lock' is held when setting interrupt latch and mask in
pca953x_irq_bus_sync_unlock() in order to avoid races.
The other (non-probe) call site pca953x_gpio_set_multiple() ensures the
lock is held before calling pca953x_write_regs().
The problem occurred when a request raced against irq_bus_sync_unlock()
approximately once per thousand reboots on an i.MX8MP based system.
* Normal case
0-0022: write register AI|3a {03,02,00,00,01} Input latch P0
0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0
0-0022: write register AI|08 {ff,00,00,00,00} Output P3
0-0022: write register AI|12 {fc,00,00,00,00} Config P3
* Race case
0-0022: write register AI|08 {ff,00,00,00,00} Output P3
0-0022: write register AI|08 {03,02,00,00,01} *** Wrong register ***
0-0022: write register AI|12 {fc,00,00,00,00} Config P3
0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
44896beae605b93f2232301befccb7ef42953198 , < 58a5c93bd1a6e949267400080f07e57ffe05ec34
(git)
Affected: 44896beae605b93f2232301befccb7ef42953198 , < e2ecdddca80dd845df42376e4b0197fe97018ba2 (git) Affected: 44896beae605b93f2232301befccb7ef42953198 , < de7cffa53149c7b48bd1bb29b02390c9f05b7f41 (git) Affected: 44896beae605b93f2232301befccb7ef42953198 , < bfc6444b57dc7186b6acc964705d7516cbaf3904 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:13:09.580370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:30.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:02:52.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpio-pca953x.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "58a5c93bd1a6e949267400080f07e57ffe05ec34",
"status": "affected",
"version": "44896beae605b93f2232301befccb7ef42953198",
"versionType": "git"
},
{
"lessThan": "e2ecdddca80dd845df42376e4b0197fe97018ba2",
"status": "affected",
"version": "44896beae605b93f2232301befccb7ef42953198",
"versionType": "git"
},
{
"lessThan": "de7cffa53149c7b48bd1bb29b02390c9f05b7f41",
"status": "affected",
"version": "44896beae605b93f2232301befccb7ef42953198",
"versionType": "git"
},
{
"lessThan": "bfc6444b57dc7186b6acc964705d7516cbaf3904",
"status": "affected",
"version": "44896beae605b93f2232301befccb7ef42953198",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpio-pca953x.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.101",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.42",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: pca953x: fix pca953x_irq_bus_sync_unlock race\n\nEnsure that `i2c_lock\u0027 is held when setting interrupt latch and mask in\npca953x_irq_bus_sync_unlock() in order to avoid races.\n\nThe other (non-probe) call site pca953x_gpio_set_multiple() ensures the\nlock is held before calling pca953x_write_regs().\n\nThe problem occurred when a request raced against irq_bus_sync_unlock()\napproximately once per thousand reboots on an i.MX8MP based system.\n\n * Normal case\n\n 0-0022: write register AI|3a {03,02,00,00,01} Input latch P0\n 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0\n 0-0022: write register AI|08 {ff,00,00,00,00} Output P3\n 0-0022: write register AI|12 {fc,00,00,00,00} Config P3\n\n * Race case\n\n 0-0022: write register AI|08 {ff,00,00,00,00} Output P3\n 0-0022: write register AI|08 {03,02,00,00,01} *** Wrong register ***\n 0-0022: write register AI|12 {fc,00,00,00,00} Config P3\n 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0"
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:52:08.494Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/58a5c93bd1a6e949267400080f07e57ffe05ec34"
},
{
"url": "https://git.kernel.org/stable/c/e2ecdddca80dd845df42376e4b0197fe97018ba2"
},
{
"url": "https://git.kernel.org/stable/c/de7cffa53149c7b48bd1bb29b02390c9f05b7f41"
},
{
"url": "https://git.kernel.org/stable/c/bfc6444b57dc7186b6acc964705d7516cbaf3904"
}
],
"title": "gpio: pca953x: fix pca953x_irq_bus_sync_unlock race",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42253",
"datePublished": "2024-08-08T08:46:29.284Z",
"dateReserved": "2024-07-30T07:40:12.256Z",
"dateUpdated": "2026-01-05T10:52:08.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48975 (GCVE-0-2022-48975)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
gpiolib: fix memory leak in gpiochip_setup_dev()
Summary
In the Linux kernel, the following vulnerability has been resolved:
gpiolib: fix memory leak in gpiochip_setup_dev()
Here is a backtrace report about memory leak detected in
gpiochip_setup_dev():
unreferenced object 0xffff88810b406400 (size 512):
comm "python3", pid 1682, jiffies 4295346908 (age 24.090s)
backtrace:
kmalloc_trace
device_add device_private_init at drivers/base/core.c:3361
(inlined by) device_add at drivers/base/core.c:3411
cdev_device_add
gpiolib_cdev_register
gpiochip_setup_dev
gpiochip_add_data_with_key
gcdev_register() & gcdev_unregister() would call device_add() &
device_del() (no matter CONFIG_GPIO_CDEV is enabled or not) to
register/unregister device.
However, if device_add() succeeds, some resource (like
struct device_private allocated by device_private_init())
is not released by device_del().
Therefore, after device_add() succeeds by gcdev_register(), it
needs to call put_device() to release resource in the error handle
path.
Here we move forward the register of release function, and let it
release every piece of resource by put_device() instead of kfree().
While at it, fix another subtle issue, i.e. when gc->ngpio is equal
to 0, we still call kcalloc() and, in case of further error, kfree()
on the ZERO_PTR pointer, which is not NULL. It's not a bug per se,
but rather waste of the resources and potentially wrong expectation
about contents of the gdev->descs variable.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
159f3cd92f17c61a4e2a47456de5865b114ef88e , < 6daaa84b621485fe28c401be18debf92ae8ef04a
(git)
Affected: 159f3cd92f17c61a4e2a47456de5865b114ef88e , < 371363716398ed718e389bea8c5e9843a79dde4e (git) Affected: 159f3cd92f17c61a4e2a47456de5865b114ef88e , < ec851b23084b3a0af8bf0f5e51d33a8d678bdc49 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:18:35.922105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:37.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpiolib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6daaa84b621485fe28c401be18debf92ae8ef04a",
"status": "affected",
"version": "159f3cd92f17c61a4e2a47456de5865b114ef88e",
"versionType": "git"
},
{
"lessThan": "371363716398ed718e389bea8c5e9843a79dde4e",
"status": "affected",
"version": "159f3cd92f17c61a4e2a47456de5865b114ef88e",
"versionType": "git"
},
{
"lessThan": "ec851b23084b3a0af8bf0f5e51d33a8d678bdc49",
"status": "affected",
"version": "159f3cd92f17c61a4e2a47456de5865b114ef88e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpiolib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.6"
},
{
"lessThan": "4.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: fix memory leak in gpiochip_setup_dev()\n\nHere is a backtrace report about memory leak detected in\ngpiochip_setup_dev():\n\nunreferenced object 0xffff88810b406400 (size 512):\n comm \"python3\", pid 1682, jiffies 4295346908 (age 24.090s)\n backtrace:\n kmalloc_trace\n device_add\t\tdevice_private_init at drivers/base/core.c:3361\n\t\t\t(inlined by) device_add at drivers/base/core.c:3411\n cdev_device_add\n gpiolib_cdev_register\n gpiochip_setup_dev\n gpiochip_add_data_with_key\n\ngcdev_register() \u0026 gcdev_unregister() would call device_add() \u0026\ndevice_del() (no matter CONFIG_GPIO_CDEV is enabled or not) to\nregister/unregister device.\n\nHowever, if device_add() succeeds, some resource (like\nstruct device_private allocated by device_private_init())\nis not released by device_del().\n\nTherefore, after device_add() succeeds by gcdev_register(), it\nneeds to call put_device() to release resource in the error handle\npath.\n\nHere we move forward the register of release function, and let it\nrelease every piece of resource by put_device() instead of kfree().\n\nWhile at it, fix another subtle issue, i.e. when gc-\u003engpio is equal\nto 0, we still call kcalloc() and, in case of further error, kfree()\non the ZERO_PTR pointer, which is not NULL. It\u0027s not a bug per se,\nbut rather waste of the resources and potentially wrong expectation\nabout contents of the gdev-\u003edescs variable."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:14.777Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6daaa84b621485fe28c401be18debf92ae8ef04a"
},
{
"url": "https://git.kernel.org/stable/c/371363716398ed718e389bea8c5e9843a79dde4e"
},
{
"url": "https://git.kernel.org/stable/c/ec851b23084b3a0af8bf0f5e51d33a8d678bdc49"
}
],
"title": "gpiolib: fix memory leak in gpiochip_setup_dev()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48975",
"datePublished": "2024-10-21T20:05:55.091Z",
"dateReserved": "2024-08-22T01:27:53.631Z",
"dateUpdated": "2025-05-04T08:27:14.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48967 (GCVE-0-2022-48967)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:27
VLAI?
EPSS
Title
NFC: nci: Bounds check struct nfc_target arrays
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFC: nci: Bounds check struct nfc_target arrays
While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported:
memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nfc/nci/ntf.c:260 (size 18)
This appears to be a legitimate lack of bounds checking in
nci_add_new_protocol(). Add the missing checks.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
019c4fbaa790e2b3f11dab0c8b7d9896d77db3e5 , < 6b37f0dc0638d13a006f2f24d2f6ca61e83bc714
(git)
Affected: 019c4fbaa790e2b3f11dab0c8b7d9896d77db3e5 , < dbdcfb9f6748218a149f62468d6297ce3f014e9c (git) Affected: 019c4fbaa790e2b3f11dab0c8b7d9896d77db3e5 , < cff35329070b96b4484d23f9f48a5ca2c947e750 (git) Affected: 019c4fbaa790e2b3f11dab0c8b7d9896d77db3e5 , < 6778434706940b8fad7ef35f410d2b9929f256d2 (git) Affected: 019c4fbaa790e2b3f11dab0c8b7d9896d77db3e5 , < 27eb2d7a1b9987b6d0429b7716b1ff3b82c4ffc9 (git) Affected: 019c4fbaa790e2b3f11dab0c8b7d9896d77db3e5 , < 908b2da426fe9c3ce74cf541ba40e7a4251db191 (git) Affected: 019c4fbaa790e2b3f11dab0c8b7d9896d77db3e5 , < f41547546db9af99da2c34e3368664d7a79cefae (git) Affected: 019c4fbaa790e2b3f11dab0c8b7d9896d77db3e5 , < e329e71013c9b5a4535b099208493c7826ee4a64 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:19:37.596608Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:28:38.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/ntf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6b37f0dc0638d13a006f2f24d2f6ca61e83bc714",
"status": "affected",
"version": "019c4fbaa790e2b3f11dab0c8b7d9896d77db3e5",
"versionType": "git"
},
{
"lessThan": "dbdcfb9f6748218a149f62468d6297ce3f014e9c",
"status": "affected",
"version": "019c4fbaa790e2b3f11dab0c8b7d9896d77db3e5",
"versionType": "git"
},
{
"lessThan": "cff35329070b96b4484d23f9f48a5ca2c947e750",
"status": "affected",
"version": "019c4fbaa790e2b3f11dab0c8b7d9896d77db3e5",
"versionType": "git"
},
{
"lessThan": "6778434706940b8fad7ef35f410d2b9929f256d2",
"status": "affected",
"version": "019c4fbaa790e2b3f11dab0c8b7d9896d77db3e5",
"versionType": "git"
},
{
"lessThan": "27eb2d7a1b9987b6d0429b7716b1ff3b82c4ffc9",
"status": "affected",
"version": "019c4fbaa790e2b3f11dab0c8b7d9896d77db3e5",
"versionType": "git"
},
{
"lessThan": "908b2da426fe9c3ce74cf541ba40e7a4251db191",
"status": "affected",
"version": "019c4fbaa790e2b3f11dab0c8b7d9896d77db3e5",
"versionType": "git"
},
{
"lessThan": "f41547546db9af99da2c34e3368664d7a79cefae",
"status": "affected",
"version": "019c4fbaa790e2b3f11dab0c8b7d9896d77db3e5",
"versionType": "git"
},
{
"lessThan": "e329e71013c9b5a4535b099208493c7826ee4a64",
"status": "affected",
"version": "019c4fbaa790e2b3f11dab0c8b7d9896d77db3e5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/ntf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.4"
},
{
"lessThan": "3.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.336",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.336",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.302",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.269",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: Bounds check struct nfc_target arrays\n\nWhile running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported:\n\n memcpy: detected field-spanning write (size 129) of single field \"target-\u003esensf_res\" at net/nfc/nci/ntf.c:260 (size 18)\n\nThis appears to be a legitimate lack of bounds checking in\nnci_add_new_protocol(). Add the missing checks."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:27:06.188Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6b37f0dc0638d13a006f2f24d2f6ca61e83bc714"
},
{
"url": "https://git.kernel.org/stable/c/dbdcfb9f6748218a149f62468d6297ce3f014e9c"
},
{
"url": "https://git.kernel.org/stable/c/cff35329070b96b4484d23f9f48a5ca2c947e750"
},
{
"url": "https://git.kernel.org/stable/c/6778434706940b8fad7ef35f410d2b9929f256d2"
},
{
"url": "https://git.kernel.org/stable/c/27eb2d7a1b9987b6d0429b7716b1ff3b82c4ffc9"
},
{
"url": "https://git.kernel.org/stable/c/908b2da426fe9c3ce74cf541ba40e7a4251db191"
},
{
"url": "https://git.kernel.org/stable/c/f41547546db9af99da2c34e3368664d7a79cefae"
},
{
"url": "https://git.kernel.org/stable/c/e329e71013c9b5a4535b099208493c7826ee4a64"
}
],
"title": "NFC: nci: Bounds check struct nfc_target arrays",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48967",
"datePublished": "2024-10-21T20:05:49.740Z",
"dateReserved": "2024-08-22T01:27:53.628Z",
"dateUpdated": "2025-05-04T08:27:06.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47737 (GCVE-0-2024-47737)
Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2025-11-03 22:21
VLAI?
EPSS
Title
nfsd: call cache_put if xdr_reserve_space returns NULL
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfsd: call cache_put if xdr_reserve_space returns NULL
If not enough buffer space available, but idmap_lookup has triggered
lookup_fn which calls cache_get and returns successfully. Then we
missed to call cache_put here which pairs with cache_get.
Reviwed-by: Jeff Layton <jlayton@kernel.org>
Severity ?
No CVSS data available.
Assigner
References